Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

Three security vulnerabilities affecting VMware's vRealize Log Insight platform now have public exploit code circulating, offering a map for cybercriminals to follow to weaponize them. These include two critical unauthenticated remote code execution (RCE) bugs.

The vRealize Log Insight platform (which is transitioning its name to Aria Operations) provides intelligent log management "for infrastructure and applications in any environment," according to VMware, offering IT departments access to dashboards and analytics that have visibility across physical, virtual, and cloud environments, including third-party extensibility. Usually loaded onto an appliance, the platform can have highly privileged access to the most sensitive areas of an organization's IT footprint.

"Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it," said Horizon.ai researcher James Horseman, who did a deep dive into the public exploit code this week. "Often, logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and personally identifiable information. Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment."

Organizations should take note of the risk, especially since the barrier to exploitation for the bugs — aka, the access complexity — is low, says Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), which reported the vulnerabilities.

"If you are doing centralized log management with this tool, it represents a significant risk to your enterprise," he tells Dark Reading. "We recommend testing and deploying the patch from VMware as soon as possible."

**Inside the VMware vRealize Log Insight Bugs**

The two critical issues carry severity scores of 9.8 out of 10 on the CVSS scale and could allow an "unauthenticated, malicious actor to inject files into the operating system of an impacted appliance which can result in remote code execution," according to the original VMware advisory.

One (CVE-2022-31706) is a directory traversal vulnerability; the other (CVE-2022-31704) is a broken access control vulnerability.

The third flaw is a high-severity deserialization vulnerability (CVE-2022-31710, CVSS 7.5), which could allow an unauthenticated malicious actor to "remotely trigger the deserialization of untrusted data, which could result in a denial of service."

**Creating a Bug Chain for Complete Takeover**

Horizon.ai researchers, after identifying the exploit code in the wild, discovered that the three issues could be chained together, prompting VMware to update its advisory today.

"This \[combined\] vulnerability \[chain\] is easy to exploit; however, it requires the attacker to have some infrastructure setup to serve malicious payloads," Horseman wrote. "This vulnerability allows for remote code execution as root, essentially giving an attacker complete control over the system."

That said, he offered a silver lining: The product is intended for use in an internal network; he noted that Shodan data turned up 45 instances of the appliances being publicly exposed on the Internet.

That does not, however, mean that the chain can’t be used from within.

"Since this product is unlikely to be exposed to the Internet, the attacker likely has already established a foothold somewhere else on the network," he noted. "If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done.”

The three bugs were first disclosed last week by the virtualization giant as part of a cache that also included one other, a medium-severity information-disclosure bug (CVE-2022-31711, CVSS 5.3) that could allow data harvesting without authentication. The latter doesn't yet have public exploit code, though that could quickly change, particularly given how popular of a target VMware offerings are for cybercriminals.

There could also soon be multiple ways to exploit the other issues, too. "We have proof-of-concept code available to demonstrate the vulnerabilities," ZDI's Childs says. "We would not be surprised if others figured out an exploit in short order."

**How to Protect the Enterprise**

To protect their organizations, admins are urged to apply VMware's patches, or apply a published workaround as soon as possible. Horizon.ai has also published indicators of compromise (IoCs) to help organizations track any attacks.

Also, "if you are using vRealize or Aria Operations for centralized log management, you need to check what type of exposure that system has," Childs advises. "Is it connected to the Internet? Are there IP restrictions for who can access the platform? These are additional items to consider beyond patching, which should be your first step. It's also a reminder that every tool or product in an enterprise represents a potential target for attackers to gain a foothold."

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Late last year, a group of threat actors managed to obtain "verified publisher" status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers in the Microsoft ecosystem.

The MCPP is Microsoft’s channel partner program, inhabited by 400,000-plus companies that sell and support its enterprise products and services and also build their own solutions and software around them. Members include managed services providers, independent software vendors, and business app developers, among others.

Researchers from Proofpoint first discovered this activity on Dec. 6 of last year. A report published on Jan. 31 outlines how threat actors used their bogus status as verified app publishers within the MCPP program to infiltrate UK- and Ireland-based organizations' cloud environments. The fake solutions partners targeted employees in finance and marketing, as well as managers and executives, via malicious applications. Users who fell for the badge potentially exposed themselves to account takeover, data exfiltration, and business email compromise (BEC), and their organizations were laid open to brand impersonation.

Overall, the campaign "used unprecedented sophistication to bypass Microsoft’s security mechanisms," the researchers tell Dark Reading. "This was an extremely well-thought-out operation."

**How the Hackers Duped Microsoft**

To become a verified publisher, Microsoft Cloud Partners must meet a set of eight criteria. These criteria are largely technical and, as Microsoft outlined in its documentation, passing the bar "doesn't imply or indicate quality criteria you might look for in an app." But threat actors abusing the system to distribute malicious apps? That's not supposed to happen.

The trick in this case was that, before phishing end users, the attackers tricked Microsoft itself.

To wit: They registered as publishers under "displayed" names that mimicked legitimate companies. Meanwhile, their associated "verified publisher" names were hidden and slightly different. The example given by the researchers is that a publisher masquerading as "Acme LLC" might have a verified publisher name "Acme Holdings LLC."

Evidently, this was enough to skate by the systems' verification process. In fact, researchers noted, "in two cases, the verification was granted one day after the creation of the malicious application."

When reached for comment on the failure of the verification process, Proofpoint did not offer further details, and a Microsoft spokesperson merely noted, _“_Consent phishing is an ongoing, industrywide issue, and we’re continuously monitoring for new attack patterns. We've disabled these malicious apps and are taking additional steps to harden our services to help keep customers secure.” 

The spokesperson added, "The limited number of customers who were impacted by the campaign described in the Proofpoint blog have been notified."

**How the Hackers Duped Enterprise Users**

Having obtained their verified status, the threat actors began spreading malicious OAuth apps, an increasingly popular vehicle for cyberattackers in recent years. They rigged these apps to request broad access to victims' accounts.

"The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD," according to an advisory published Jan. 31. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps."

OAuth — short for "open authorization" — is a token-based framework that enables users to authorize certain data sharing between third-party applications, without needing to divulge their login credentials in the process. A common example is the "log in with Google" or "log in with Facebook" options that many websites offer to avoid having to create a new set of credentials to use with the sites. OAuth dialogues are common enough that users typically just hit "Accept," without digging into the fine details of what they're agreeing to.

Snuffing out this consent phishing campaign would have required a great deal more vigilance than that.

Beyond the "verified publisher" stamp of approval, the attackers gave vague and innocuous names to the apps requesting permissions: Two were called, simply, "Single Sign-on (SSO)," and one "Meeting." And though publishing under the guise of other impersonated organizations, the attackers chose a household name to display to users at the requested permissions stage.

"The attacker(s) used different data fields to fool targeted users," the Proofpoint researchers said. "They used one name, identical to the impersonated org's name, as the visible publisher name. The other name was used as a hidden parameter, not visible in the malicious app's consent page."

In one case, "they used an outdated version of the well-recognized Zoom icon," the Proofpoint authors explained in the report, "and redirected to Zoom-resembling URLs, as well as a genuine Zoom domain, to increase their credibility."

To conclude, they put it bluntly: "End users are likely to fall prey to the advanced social engineering methods outlined in this blog."

Victims who fell for the gambit granted their attackers permission to access special areas of their accounts, like their mailboxes and calendars. The permissions also included offline access, enabling the hackers to do what they wished entirely out of view.

**Bogus OAuth Apps: Takeaways for Business**

After learning about the campaign on Dec. 15, Microsoft disabled the malicious applications and associated publisher accounts. It then enlisted its Digital Crimes Unit to investigate further.

According to Microsoft, "We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future."

To defend against future campaigns of this kind, Proofpoint researchers recommended deploying effective cloud security solutions to help detect malicious applications, and pointed readers to Microsoft's advisory regarding consent phishing. Their most important bit of advice was "to exercise caution when granting access to third-party OAuth apps, even if they are verified by Microsoft."

"Do not," they wrote, "trust and rely on OAuth apps based on their verified publisher status alone."

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own.

According reports from Belgium's Computerland publication, the "wannabes," while not as sophisticated as the LockBit operators themselves, were able to encrypt the files of at least one organization. The LockBit impersonators were able to exploit an unpatched FortiGate firewall, researcher Pierluigi Paganini explained.

"Despite not being the true LockBit locker group, these micro-criminals were still able to cause significant damage by encrypting a large number of internal files," Paganini added. "However, the company was able to restore its network from backups and no client workstations were affected during the intrusions."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Poser Hackers Impersonate LockBit in SMB Cyberattacks

Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

We've recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count further still. Yet the cybersecurity sector, thus far, has remained relatively unscathed with respect to cyber professionals (it’s a different story with vendors, which are subject to the mores of the market). The question is why, and will it continue to buck the trend?

Much of the reason why the security industry remains so buoyant is down to the fact that there simply isn't the fat to cut from security teams. Most businesses are struggling to recruit sufficient staff due to a widening skills gap — the ISC2 "2022 Cybersecurity Workforce Study" reports that while there is a global workforce of 4.7 million, the gap is almost as big at 3.4 million — and that means teams are often short-handed, leading to job creep, whereby staff have to take on extra responsibilities. "The State of Security 2022" report found that 76% of cybersecurity staff had to take on responsibilities they were not ready for in an attempt to fill the void. 

**Is My Job Safe?**

Yet despite professionals being in demand, the wider cybersecurity sector is beginning to feel the pain. Budgets themselves remain robust, with analyst houses such as Gartner predicting strong investment in cloud security, application security, and other information security software. But even if cybersecurity spending increases in 2023, it's being eroded by rising inflation and increasing solution/licensing costs, and the majority (70%) believe budgets will be cut or frozen this year, according to ESG Research.

So, what are the implications for the year ahead? First, cybersecurity talent will remain in short supply, while the annual shortfall, together with an exodus of talent, will see the gap widen, increasing demand still further. Jobs will, therefore, largely be safe, although this doesn't apply across the board.

The shortages are focused, with those with three to four years or more of experience most in demand, according to the Department for Digital, Culture, Media, and Sport, as well as those with experience in emerging or nascent technologies, such as cloud security, security operations center (SOC) analysts, and security admin and security architects, according to Fortinet's "2022 Cybersecurity Skills Gap" report. Those findings broadly tally with ISACA's "State of Cybersecurity 2022" report, which lists the top five skill sets as cloud computing, data protection, identity access management, incident response and DevSecOps. However, positions further down the hierarchy are likely to prove less recession-proof. 

**Investment in Tech**

Second, shrinking budgets could slow investment in automation, which many had hoped would alleviate the skills shortage and improve retention rate by providing security teams with some much-needed assistance. That's bad news for the industry, as it will stifle progress, but it could also see organizations become more exposed. The ISACA report found 69% of those businesses that suffered an attack last year were somewhat or significantly understaffed, and it's a problem that is turning out to be something of a self-fulfilling prophecy. Half of staff say they are much more likely to quit following a cyberattack, and job candidates are far less likely to want to work for a business that has suffered from cyberattacks, according to "The True Cost of Cyber."

However, the jury is still out on just how affected cyber spending will be. According to "The 2023 State of IT" report, cybersecurity is expected to increase its take out of IT budgets with respect to software (11%), hardware (7%), cloud (6%), and managed services (11%). Furthermore, the "2023 Global Tech Outlook" report found cybersecurity is now viewed as a higher-priority spend than innovation in digital transformation projects. IT security (44%) came out top as a spending priority for the next 12 months, followed by cloud infrastructure (36%) and IT/cloud management (35%).

**Wage Walkouts**

Third, we're unlikely to see salaries continue to escalate as they did pre- and post-pandemic, when some salaries experienced double-digit percentage growth. The Harvey Nash Hot Skills & Salary Report found that certain cybersecurity roles have plateaued, with 67% not receiving a pay rise. Realistically, this will make retention more difficult, and businesses are going to have to work to hang on to their hard-won talent (60% of businesses have already had staff poached, according to ISACA). That said, with the market contracting, some cybersecurity professionals may opt for job security over salary.

It looks unlikely that the cybersecurity sector will escape entirely the ravages of the recession. Demand for skilled professionals will remain high, but with cyber budgets being eaten away, there will be less cash to go round, forcing businesses to prioritize. In a bid to do more with less, workloads are likely to go up, in turn increasing staff turnover, jeopardizing business continuity. That means the one certainty we do seem to have is that businesses will be understaffed — and overexposed.

Will Cybersecurity Remain Recession-Proof in 2023?

To meet a pressing demand for industrial and OT security, zero-trust, device-level cybersecurity provider expands with strategic hires in new and established markets.

**Hod Hasharon, Israel – January 31, 2023 —** NanoLock Security, a leading provider of zero-trust, device-level cybersecurity for OT systems, accelerates its expansion into European and North American markets and announces new strategic leadership hires. The move comes in response to the growing demand for Industrial and OT security as a result of major geo-political events, as well as the latest regulations calling for a zero-trust device-level approach. The new hires will boost NanoLock's sales, marketing, product, and business development growth, dominating the market of protection for connected devices and machines against outsiders, insiders, supply chain attacks, and human error.

"In response to market changes and the latest regulatory developments in the US, requiring zero-trust, device-level protection for connected manufacturing machinery and industrial devices, NanoLock is proud to announce a roster of strategic hires - all distinguished experts - in several countries," said Eran Fine, the CEO and Co-Founder of NanoLock. "As the first and only solution currently addressing this need, we are committed to meeting the demand and expanding our reach to more customers around the world." 

**Growing Demand Requires A Growing Team**

To drive further engagement with strategic partners, distributors, global system integrators, as well as manufacturing companies and utilities, NanoLock has promoted David Stroud to Chief Revenue Officer and tasked him with building a global sales team with deep experience protecting OT systems. Stroud is an industry-recognized leader who served as GM & COO in the energy and metering sector.

The company has also hired Moty Kanias (Col, IDF) as Vice President of Cyber Strategy and Alliances to support their growing network of partners. Formerly a colonel in the Israeli Defense Forces, where he was most recently the Commander of Information Operation Center and the Head of Counter-Intelligence Research, Kanias elevates NanoLock’s ability to protect partners’ vulnerable systems thanks to his extensive counter-intelligence background and international cyber policy experience. 

Responsible for the development of the new generation of IIoT and OT product lines, Helen Bravo joins NanoLock as the VP of Product. Bravo has 25 years of success building and launching cyber security protection products and managing product management processes at cyber companies like Checkmarx Security, DocAuthority, and Israel Cloud Computing Association.   

NanoLock has brought on Tamar Milstein as Chief Marketing Officer (CMO) to lead an expanded marketing program. With over 20 years of experience in B2B marketing in cybersecurity, fintech, and IT sectors, Milstein will lead marketing strategies that will drive awareness and generate demand for NanoLock’s unique solution.

For more information on NanoLock, its expanding global network of customers, manufacturing partners, and distributors, and its unique device-level OT cyber protection solution, visit www.nanolocksec.com.

NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.

**CAMBRIDGE, England****,** **Jan. 31, 2023** **/PRNewswire/ —** SysKit, a SaaS software company, has published a report on the effects of digital transformation on IT admins and the current governance landscape. The survey found that 40% of companies experienced a data leak in the previous year, which can have severe consequences on an organization's efficiency and result in large fines, downtime, and loss of business-critical certifications and customers.

Improper implementation of zero trust and full trust approaches can lead to data leaks. Despite their drawbacks, 50% of respondents consider the full trust approach to governance optimal, and 68% believe the zero trust approach limits collaboration capabilities.

"We believe both approaches have disadvantages. Organizations lose amazing collaboration features with zero trust, and with full trust, you give up visibility and control over resources in the environment. That's why we developed a product for Microsoft 365 tenants that cancels out the negative sides of both approaches," said Toni Frankola, CEO of SysKit.

The research, conducted in November, surveyed 205 US IT professionals responsible for managing organizations' IT environments, and accurately represents the targeted population.

The survey also found that most IT admins (82%) believe non-tech employees who are resource owners should be more involved in data reviews and care of their team's workspaces. However, when asked about their specific IT governance skills, half of the respondents reported non-tech employees don't know how to apply external sharing policies properly, 56% consider they don't know how to apply provisioning policies, and 30% report their colleagues are not taking care of their inactive content. This lack of skills can lead to data leaks, uncontrolled workspace sprawl, and additional storage costs.

The survey also found that the biggest challenges today for IT admins are a lack of understanding from superiors, huge workloads, and misalignment of IT and business strategies. Due to the complex IT changes companies faced during the accelerated digital transformation in the past two years, 70% of respondents felt burnout symptoms. Frankola commented on how to decrease IT admins' workload and limit security risks: "My advice would be to implement simple and intuitive tools that support delegating tasks and increase visibility. It's important to include all employees in executing governance policies. This way, companies can prevent certain cybersecurity risks and improve business efficiency".

**About SysKit:**

SysKit specializes in developing a data management and governance SaaS platform for Microsoft 365 environments. Through constant customer dialogue, SysKit addresses numerous challenges IT professionals and business users face daily. Gartner recently identified them as a representative vendor in their Market Guide for SaaS Management Platforms. SysKit Point is available for a free trial.

New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Mentoring, scholarships, and professional development opportunities will be offered to those underrepresented in the industry through the collaboration.

**BOSTON****,** **Jan. 31, 2023** **/PRNewswire/ —** Aura, the leader in intelligent safety for consumers, today announced a partnership with nonprofit Cyversity, in an effort to increase representation and opportunity for underrepresented talent in the cybersecurity workforce. Aura's sponsorship of the organization will include a substantial charitable donation and contribution to Cyversity's scholarship fund, education for Cyversity members around the importance of consumer cybersecurity, and mentorship from Aura Chief Information Security Officer (CISO) J.R. Tietsort. 

"As leaders in the cybersecurity space at Aura, we have a responsibility to support and nurture the next generation of information security innovators," said J.R. Tietsort, Aura Chief Information Security Officer. "Mentorship played a crucial role in my career growth, aspirations and success, and I am honored to share my expertise and continue evolving our collective growth."

Aura's mission is to create a safer internet for everyone, which requires a workforce that more closely represents and can better serve the needs of our increasingly diverse world. According to a 2021 Aspen Institute report, women (24%), Hispanic (4%) and Black (9%) individuals make up a small portion of cybersecurity workers. These statistics reflect the need for a major cultural shift in how industry leaders prioritize shaping and nurturing a diverse future workforce. Aura is committed to leading this evolution through education, innovation and inclusion initiatives in partnership with trusted organizations and advocates.

"As we strive to lead the industry and proactively protect families from all backgrounds with innovative intelligent safety tools, it is imperative that we build teams that represent and deeply understand many diverse perspectives and lived experiences," said Aura Founder and CEO Hari Ravichandran.

Volunteering and giving back has been a pillar of Aura's company culture since its founding. This partnership will expand these types of opportunities available to Aura employees, as well as offer resources and guidance to the company around bolstering diversity, equity and inclusion (DEI) in hiring, recruitment and retention initiatives. 

"Aura's mission is strongly aligned with Cyversity's goal of achieving consistent representation of women and underrepresented minorities in the cybersecurity industry," said Cyversity Executive Director, Beverly Benson. "This partnership with Aura supports Cyversity in our goal of closing the great cyber divide and further expands access to professional opportunities in the consumer cybersecurity space."

The Cyversity partnership builds upon Aura's existing DEI initiatives, including existing collaborations with Code2College and Howard University. The existing collaborations bring professional development opportunities and expertise to diverse high school students pursuing STEM careers, as well as a STEM Scholarship for an exceptional computer science student at one of the nation's oldest historically Black colleges and universities (HBCUs). The 2022-founded Aura Innovation Fund is another way the company drives greater inclusivity, through investments in companies led by underrepresented founders or those tackling challenges faced by communities vulnerable to cybercrime.

**About Aura**

Aura, the leader in intelligent safety solutions, provides all-in-one digital protection for consumers. We understand that the online safety needs of each individual are unique and require a personalized solution. By bringing together security, privacy and parental controls on an intelligent platform, Aura makes adaptive and proactive digital safety accessible to everyone. Visit www.aura.com

.

**About Cyversity**

Cyversity was created as a 501(c)3 non-profit association dedicated to the academic and professional success of minority cybersecurity students and professionals. Cyversity tackles the 'great cyber divide' with scholarship opportunities, diverse workforce development, innovative outreach, and mentoring programs.

Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

Standard Investments leads round with participation from Munich Re Ventures, Moore Strategic Ventures, Bessemer Venture Partners, and Zeev Ventures.

**NEW YORK** **and** **TEL AVIV, Israel****,** **Jan. 31, 2023** **/PRNewswire/** — Sentra, a cloud data security  company, today announced the completion of a $30 million Series A funding round led by Standard Investments with participation from Munich Re Ventures (MRV), Moore Strategic Ventures_,_ Xerox Ventures and INT3 as well as existing investors Bessemer Venture Partners and Zeev Ventures. The new financing, secured just 18 months after the company was founded, brings the total capital raised to over $53 million. The company also announced that Standard Investments' Peter Marturano, technology sector head, and MRV's Oshri Kaplan, managing director, will be joining its Board of Directors.

Sentra enables security teams to gain full visibility and control of cloud data, as well as protect against sensitive data breaches across the entire public cloud stack. This funding will enable Sentra to increase its market presence, invest in its technology and partner ecosystem and, grow its team to meet the accelerating demand of Sentra's cloud-native data security solution around the globe.

"With the growing complexity of securing information in today's data-driven economy, Sentra's experienced leadership team and impressive product innovation engine make them extremely well-positioned to address this urgent need at scale," said Yaron Ben David, chief digital officer, Standard Industries. "We look forward to working with the Sentra team as they execute on the company's mission to enhance data security for cloud-driven organizations around the world."

"In the 18 months since its founding, Sentra's clear vision and operational efficiency have quickly translated into real value for customers, making its security solution critical to the modern cloud data stack," said Amit Karp, partner at Bessemer Venture Partners. "The need for Sentra's solution is going to continue to grow as organizations further embrace digital transformation. As a long-time investor, we have the utmost trust in Sentra's team to meet these challenges and lead the cloud data security space." 

**Raising the Bar for Data Security in the Cloud**

By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Data overload and the adoption of cloud infrastructures have transformed the way engineers and applications interact with data, which often leads to moving, duplicating, or changing sensitive data assets. The majority of business leaders simply do not know where their organization's sensitive data is, and the growth of the data attack surface leads to more sensitive data being exposed or leaked. Sentra allows businesses to regain control over their data vulnerabilities and shrink the data attack surface by finding all cloud data, classifying it according to sensitivity, and then offering actionable remediation plans for data security teams.

"As we help our customers understand and protect petabytes of data, this capital will help us accelerate our plans to enable organizations to get the most out of their data by keeping it secured at all times," said Yoav Regev, co-founder and CEO of Sentra. "This is just the beginning for Sentra. I am extremely proud of what our team has accomplished to date and look forward to achieving our shared goals in 2023 and beyond."

**Fortifying Sentra's Board**

The addition of Marturano and Kaplan brings tremendous value and industry expertise to Sentra's Board of Directors. Marturano leads Standard Investments' efforts in the technology, media, and telecommunications sectors across both later-stage private and public markets. Serving as one of the lead investors across the cyber and insurtech sectors at MRV, Kaplan has worked with numerous early stage companies in the boardroom, and has helped them scale through partnerships and high-value growth initiatives.

Created and led by experienced entrepreneurs and veteran leaders of the Israel Defense Forces' Unit 8200, Sentra is a member of the Cloud Security Alliance and was recognized last year by Gartner as a Sample Vendor for Data Security Posture Management in the Hype Cycle™ report for Data Security 2022. For more information, please visit the website, read the company blog or follow on LinkedIn.

**About Sentra**

Sentra is a data security platform that helps organizations discover and remediate the top data security risks in their public environments. Sentra automatically detects if sensitive data is vulnerable due to misconfigurations, over-permissions, unauthorized access, data duplication or other security issues. The company was founded in 2021 and is co-headquartered in New York City and Tel Aviv. For more information, please visit www.sentra.io.

Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

A confused marketing team member nervously buys $1,000 worth of Amazon gift cards after receiving purchasing instructions via text from the "boss." The entire sales team mindlessly accepts cookies while visiting competitor websites and skips through privacy disclosures when downloading new apps to gather business intel. Your phone vibrates, and it's a client. They're demanding to know why sensitive customer information is in an unsecured Google Doc.

These panic-inducing scenarios are familiar to most modern IT and security leaders and share something in common. Each hypothetical breakdown is the result of employees — and the digital public as a whole — being lulled into a false sense of security regarding their online behaviors.

While IT and security leaders are aware of the accelerating landscape of digital threats, employees are less prepared, creating a risk for every organization.

**Security Theater Distracts From Steady Improvements**

We've seen the introduction of major privacy legislation to curb the rise in digital threats, which I fully support. However, sweeping laws like GDPR and regulations established stateside have had an effect or outcome more as security theater than as actual protections.

What's security theater? It's a set of rules or guidelines that offer the appearance of security but don't guarantee it. Users aren't blameless, either. Security theater can also occur when consumers grow apathetic about well-intentioned protections. For example, while cookie notifications demonstrate transparency about how and where websites track and use customer data, does anyone read the full privacy statements? Do users understand the consequences of what they click? Or are they too inundated with notifications to notice?

Until digital literacy and safety standards become mandatory in school curricula, the best way to ensure your employees are well-versed in the risks of their online actions is reframing thinking through improved security training and education.

As a technology leader, you know each employee is an endpoint capable of inviting risk into the organization. But that also means employees can become safeguards against threats, too — when adequately prepared and in the right headspace.

**Remove the Smoke and Mirrors**

In addition to mandatory and routine training and security tools, the best way to ensure employees are vigilant about potential risks is to help them reframe their online mindset while encouraging them to leverage critical thinking in evaluating and defending against internal and external threats. Helping employees develop a healthier understanding of what's at stake when they engage online — and the value of the information they interact with once there — can strengthen digital habits and build more mindful, proactive thinking when faced with a threat or even before one occurs.

Here are three mindset shifts to start with:

1.  **Understand data's fundamental value.** Employees — and most online consumers — don't give much thought before hitting "accept all" when encountering cookies. Similarly, users skim or even skip privacy notices on apps or when signing up for services. These behaviors can feel perfunctory because these types of security notifications are nonstop when we engage online — and because "accepting" doesn't often seem like the value exchange that it is. If you can help employees understand the value of their data, they're more likely to realize how precious every online decision is and think more critically before clicking and accepting. Considering that one in three US workers has little to no skills using digital devices, a significant missing component to more robust security is workplace digital literacy training that focuses on the specific threats faced by your organization and industry. 
2.  **Act with intention.** When people realize the value of their data, they're more vigilant and protective of it. But your employees should also feel encouraged to proactively ask questions about risks and formulate better ways to protect themselves. For example, your teams should have access to and familiarity with a standardized communication plan for when they receive phishing texts or emails. Instead of simply deleting these threats, all employees should screenshot communications, forward images to the department in charge of security, and immediately alert fellow team members of the text. A discerning eye for security threats is only the first step — next, your employees should feel prepared to handle suspicious activity when encountered.
3.  **Follow data best practices, no matter the context.** It's important to determine if your employees understand that customer data is sacred no matter how far removed from your actual clients. A good example of this concept comes from where I sit in legal tech. Our law firm customers deal daily with topics including divorce, bankruptcy, complex real-estate purchases, and more with their clients. Naturally, these legal proceedings cover a tremendous amount of personal, sensitive data stored on our platform. We take the protection of this information extremely seriously, knowing that a breach of this information cannot be undone and may ruin lives, and we work to improve our protective mechanisms. Protection against threats takes a team effort. As a result, we encourage our law firm clients to ensure that all their employees understand their role in protecting private information. We inform customers of security best practices — like using a password manager and enabling two-factor authentication, avoiding sending or sharing documents from unsecured accounts or devices, and putting contingency plans in place if sensitive client information is accidentally shared.

When employees understand how their day-to-day behaviors — no matter how small — can expose sensitive data, they're less likely to introduce risk in the first place. While you strive to train employees on how to protect data in every scenario, building a habit of vigilance reduces the amount of reactive problem-solving required in the first place.

Improving your employees' fundamental understanding and respect for the value of data shields your organization from digital threats. But without reinforcing this understanding through ongoing mindset shifts, the status quo and security theater of repetitive privacy notifications will make employees feel more complacent. With complacency comes risk — so, are your employees thinking critically about their online behaviors?

And are you thinking critically about it, too?

Are Your Employees Thinking Critically About Their Online Behaviors?

Since requirements differ for users who work both from home and in the office, policies — and underlying technology — must adapt.

The demand for remote work has only grown since the serious transition began almost three years ago. Organizations have seen the benefits of working remotely. Still, they have also been transitioning into much more of a hybrid work environment, where employees are allowed to work both from home and in the office, choosing the days they want to collaborate in person. Several companies have seen success in this hybrid work environment, having begun testing this new way of working since the fall of 2022.

The transition to a hybrid workforce has meant that security teams are on high alert, since they now have to protect the internal office network and secure connectivity from multiple locations their users are working. The looming fear of more outbreaks and recession has IT leaders considering robust solutions to protect their hybrid workforce in the longer term. The following are predictions for hybrid work in 2023.

**Return to the Office Will Demand Better Access**

Hybrid work is here to stay! Yes, yes, I know it's been said many times, but it really is. While this is the reality of the foreseeable future, employees demand a better user experience while working from the office and remote locations.

During the sudden switch to remote work, IT leaders turned to VPNs as an easy way to fix a short-term problem. However, given the current scenario of a long-term hybrid workforce, this strategy needs to be reconsidered. And that's what several organizations are doing as they find zero trust to be a more reliable and scalable solution. Having tested zero trust for remote employees, we fully expect zero trust to apply universally to remote and in-office users.

**Ransomware, Multifaceted Extortion Will Continue to Grow**

With the increase in locations of connectivity, so too is the attack surface growing. The number of exposed vulnerabilities has increased, and so has the risk. Hybrid work will increase the adoption of bring your own device (BYOD) in 2023. With the multitude of devices, we'll see the general attack surface expand with the potential for profound impact. Over the past couple of years, we have heard several cases of ransomware being introduced to company networks due to exploited VPN servers. These stories will continue to make headlines in 2023 as well. There needs to be an additional emphasis on security for the work-from-anywhere workforce and a fundamental change to how security teams look at securing the perimeter and resources.

**Final Nail In VPN Coffin**

Virtual private networks are old news. Traditional networks, VPNs, and DMZs use IP addresses and network locations to establish network connectivity for users. This architecture was built over 30 years ago to provide users access to data center applications, not modern cloud-based ones. In addition, VPNs are being used as a conduit for cyberattacks due to legacy architecture, and there is a need for continuous assessment to manage appliances. Finally, due to their slow connectivity, users complain about VPNs hampering their productivity. Users are looking for seamless, scalable, and secure access to applications in your data center or a public cloud without needing a VPN.

**Security Is Now a Shared Responsibility**

Networking and IT leaders have had to adopt new technologies and infrastructure to match the modern way of work. News surrounding security exploits in the recent past has forced increased attention to cyber-risks. Businesses globally are increasingly exposed, placing security teams under immense pressure. Security is now vital and will be a shared responsibility that spans from individuals to IT, supply chains, and the C-suite. 2023 will see an increase in the adoption of zero trust for the hybrid workforce to provide complete security from the users to the applications, no matter where they connect.

**Cloud Security Solutions At the Forefront**

Protecting users, data, and applications is integral to providing a secure hybrid work environment. We predict cloud security as the primary security solution as security appliances and hardware security solutions slowly fade away. Organizations will also look for platforms that offer a broader solution set to ensure they are secure and can justify their investment. Security service edge (SSE) is fast becoming a reliable solution for remote work, the cloud, secure edge computing, and digital transformation. Delivered as a unified cloud-centric platform, SSE enables organizations to break free from the challenges of traditional network security.

Read more _Partner Perspectives_ from Zscaler.

Source

DARKReading