New module introduces shadow SaaS application discovery, monitoring, and remediation to protect businesses from supply chain attacks.

**NEW YORK****,** **Jan. 18, 2023** **/PRNewswire/ --** DoControl, the automated Software-as-a-Service (SaaS) security company, today announced a platform expansion with the launch of its comprehensive Shadow Apps solution. Building on prior innovations that address mission-critical use cases, DoControl's newest module introduces shadow SaaS application discovery, monitoring, and remediation to better protect businesses from SaaS supply chain attacks.

SaaS application-to-application connectivity features increase risk by introducing machine identities that are often overprivileged, unsanctioned, and unmonitored. Compromised machine identities can easily gain permission to read, write, and delete sensitive data on improperly managed applications, significantly increasing security, business, and compliance risk for organizations. DoControl's SaaS Security Platform expansion provides complete visibility and control across all sanctioned and unsanctioned SaaS applications to close compliance gaps and remediate supply chain-based attack vectors automatically.

The significant growth of SaaS applications, the demand to integrate them, and the economic pressures to consolidate vendors are contributing to a market need for a single service platform that provides centralized security across disparate applications. Offering CASB, DLP, Insider Risk, Workflows, and now Shadow Apps, DoControl has emerged as the end-to-end SaaS Security platform provider to help security teams do more with less overhead.

The expansion of the DoControl SaaS Security Platform enables comprehensive "shadow application" governance through:

*   **Discovery and Visibility**: Organizations can discover all interconnected first, second, and third-party SaaS applications – sanctioned and unsanctioned – within a business's estate. With a complete mapping and inventory, businesses can identify issues of non-compliance and understand the riskiest SaaS platforms, applications, and users exposed within the SaaS estate.
*   **Monitor and Control**: Organizations can perform application reviews with business users through pre-approval policies and workflows that require end users to provide a business justification to onboard new applications. Security teams can also quarantine suspicious applications, reduce excessive permissions, and revoke or remove applications or access.
*   **Automated Remediation**: Using low-code/no-code tools, organizations can automate security policy enforcement across the entire SaaS application stack. DoControl's Security Workflows reduce exposure introduced by third-party applications and prevent unsanctioned or high-risk application usage through automated remediation of potential threat vectors.

"Data security is paramount, yet many tools lack the granularity and suite of capabilities modern businesses need to secure sensitive data and operations – particularly in the complex and interconnected world of SaaS applications," said Adam Gavish, CEO and Co-founder, DoControl. "Our expanded platform offers a fully unified solution for seamlessly securing both human and machine access so businesses can avoid sensitive data loss, regulatory penalties, and revenue impacts stemming from the mismanagement of the SaaS estate."

The Shadow Applications Module is currently available to existing customers and will enter general availability in Q1 of 2023. To learn more, please review the list of supporting resources below:

*   View the Solutions webpage
*   Register for the Webinar
*   Read the Blog
*   Download the Solution Brief

**About DoControl**

DoControl is an agentless, event-driven SaaS Security Platform that secures business-critical SaaS applications and data. DoControl helps organizations expose their SaaS risk, remediate it quickly, and automatically remediate over time through granular, no-code workflows. DoControl uncovers all SaaS users, third-party collaborators, assets and metadata, OAuth applications, groups, and activity events. DoControl helps reduce risk, prevent data breaches, and mitigate insider risk without slowing down business enablement. To learn more about DoControl, visit www.docontrol.io, read the DoControl blogs, or follow us on Twitter and LinkedIn.

DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects.

**Tampa Bay, FL (January 18, 2023)—** KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its 2022 and Q4 2022 top-clicked phishing report. The results include the top email subjects clicked in phishing tests, top attack vector types, holiday phishing email subjects and more insightful information that reveal the most popular phishing email tactics.  

Phishing emails continue to be one of the most common and effective methods to maliciously impact a variety of organizations around the world – everyone is a potential victim. Cybercriminals constantly refine their strategies to outsmart end users and organizations by changing phishing email subjects to be more believable and attention grabbing. This shift in phishing tactics over time is evident in the increasing trend of cybercriminals using business-related email subjects.

Business phishing emails are lucrative and successful because of their potential to affect a user’s workday and routine. These include emails from HR, IT, managers and web services such as Google and Amazon. KnowBe4’s 2022 phishing test results reveal that for the year, nearly 50% of email subjects were HR related, while the other half were related to career development, IT and work project notifications. These types of emails bait recipients into opening them and are likely successful because they create a sense of urgency in users to act quickly, sometimes without thinking and taking the time to question the email’s legitimacy. 

Additionally, this year’s phishing tests revealed the top vector for the year to be phishing links in the body of an email, which has stayed consistent for the last three consecutive quarters. The combination of these phishing tactics is clearly a working strategy for cybercriminals but detrimental to users and organizations as they can lead to cyber attacks such as business email compromise and ransomware.

Along with an increased utilization of more business-related emails and links within emails, the Q4 2022 phishing test also shares the top holiday phishing email subjects. The holiday season is one of the busiest times of year for online activities and cybercriminals count on end users having their guards down when it comes to staying alert and spotting phishing emails. Like general phishing email subjects, holiday phishing email subjects consist of emails from HR and IT, however, they are also tailored to the holiday season and the festivities that typically happen during that time of the year by mentioning holiday parties, gifts, food and more. 

“Cybercriminals are smart and pay attention to what works and what does not when it comes to effective phishing emails,” said Stu Sjouwerman, CEO, KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to. Phishing emails are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox. KnowBe4’s phishing test reports emphasize the importance of new-school security awareness training that educate users on the latest and most common cyber attacks and threats. A strong security culture and an educated workforce is an organization’s best defense to remain vigilant and stay safe online from cybercriminals and their attempted threats.”

To download a copy of the 2022 and the Q4 2022 KnowBe4 Phishing Infographics, visit here and here.

**About KnowBe4**

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 54,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks.

Over LinkedIn, Slack, Twitter, email, and text messages, people are sharing examples created using ChatGPT, the new artificial intelligence (AI) model from the team behind OpenAI.

Using ChatGPT, you can produce authentic-sounding dialogue that can be used for almost anything — from answering follow-up questions in an online chat dialogue to writing poetry. There are plenty of opportunities for enterprises to take advantage of the new chatbot technology, including helping with enterprise support and customer interactions. Its ability to quickly generate content, and, according to its developers, "answer follow-up questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests," opens many opportunities and some new challenges.

AI and machine learning (ML) is shifting quickly from niche solutions in corporate scenarios that have been high cost/high reward toward solutions to more expansive implementations that can solve a range of enterprise challenges, particularly those which focus on end users. Cybersecurity, for example, is now embracing AI-based approaches to provide greater protection with smaller security teams. One example highlights how organizations can use AI/ML to perform dynamic, risk-based checks when someone tries to access sensitive applications or data. This replaces older, policy-based approaches, which can take significant time and human interaction to develop and maintain the individual access policies. In a larger company, maintaining those policies could include hundreds or even thousands of applications and data repositories.

**Using AI for Greater Efficiency**

Interest in AI is continuing to explode as modern attacks require rapid detection and response to anomalous user behavior — something an AI model can be trained to quickly identify, but which takes significant human power to try and replicate manually. The goal of AI is to increase efficiency and trust while reducing friction and improving the user interface for typical users. Self-driving cars, for example, are designed to increase the safety and security of end users. In cybersecurity, specifically in the authentication of users (human and nonhuman), AI-based approaches are advancing rapidly, working with rule-based systems to improve the experience for end users.

In an increasingly digital world, attackers can already sidestep detection of binary identity authentication, including location, device, network, and other checks. Inevitably, cybercriminals will also look at the new opportunities ChatGPT opens up. AI tools that interact in a conversational way can be leveraged by cybercriminals to launch convincing phishing campaigns or account takeovers. In the past, it may have been easier to spot a phishing attack due to the poor grammar, unusual phrasing, or frequent spelling errors so common in phishing emails. That is quickly evolving with solutions like ChatGPT, which use natural language processing to create the initial message and then generate realistic responses to a target user's questions without any of those telltale markers.

**Rethink Security Approaches**

To prepare for chatbot-augmented attacks, organizations need to rethink security approaches to mitigate potential threats. Five measures they can take include:

1.  **Updating employee education** regarding the risks of phishing. Employees who understand how ChatGPT can be leveraged are likely to be more cautious about interacting with chatbots and other AI-supported solutions, and thereby avoid falling victim to these types of attacks.
2.  **Implementing strong authentication protocols** to make it more difficult for attackers to gain access to accounts. Attackers already know how to take advantage of users tired of reauthenticating through multifactor authentication (MFA) tools, so leveraging AI/ML to authenticate users through digital fingerprint matching and avoiding passwords altogether can help increase security while reducing MFA fatigue.
3.  **Adopting a zero-trust model.** By only granting access after verification and ensuring least-privileged access, security leaders can create an environment where even if an attacker leverages ChatGPT to get around unsuspecting users, the cybercriminals will still have to verify their identity and, even then, will only have access to limited resources. Limiting the access not only of developers but also leadership, including technical leadership, to the least access needed to perform their jobs effectively, may initially meet with resistance, but will make it harder for an attacker to leverage any unauthorized access for gain.
4.  **Monitoring activity** on corporate accounts and using tools, including spam filters, behavioral analysis, and keyword filtering, to identify and block malicious messages. Your employees cannot fall victim to a phishing attack, no matter how sophisticated the language is, if they never see the message. Quarantining malicious messages based on the behavior and relationship of the correspondents rather than specific keywords is more likely to block malicious actors.
5.  **Leveraging AI.** Cyberattacks are already leveraging AI, and ChatGPT is just one more way that they will use it to gain access to your organization's environments. Organizations must take advantage of the capabilities offered by AI/ML to improve cybersecurity and respond faster to threats and potential breaches.

Account takeover via social engineering, leveraging passwords from data breaches, and phishing attacks will become more frequent and more successful — despite our best defenses — given that ChatGPT can provide authentic-sounding responses to target inquiries. By updating and adopting these five approaches, organizations can help to reduce the risks to themselves and their employees when chatbots and other AI tools are used for malicious purposes.

ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.

The motive of financial and political gain — fueled partially by the ongoing conflict in Ukraine — has emboldened threat actors to barrage industrial control systems (ICS) with ever more disruptive cyberattacks, diversifying the threat landscape for critical infrastructure, new research shows.

This trend is expected to continue throughout 2023 with attackers arming themselves with new tactics and malware, forcing ICS operators to level up if they want to protect their networks, according to Nozomi Networks' "OT/IoT Security Report: A Deep Look Into the ICS Threat Landscape" for the second half of 2022, published Jan. 18.

It used to be that nation-state actors were the leading perpetrators of attacks against ICS, primarily using remote access Trojans (RATs) to drop malware payloads and gain remote access to networks, as well as mounting distributed denial-of-service (DDoS) attacks to cause "inconvenient" disruption, says Roya Gordon, security research evangelist at Nozomi Networks. "Historically, critical infrastructure disruptions were seen as a nation-state tactic," she says.

However, the now-infamous Colonial Pipeline attack in May 2021 marked a significant shift in this trend. In that incident, a ransomware attack that started with a stolen password caused panic and gas shortages across the eastern United States, and attackers realized how disruptive and potentially lucrative new attack vectors could be, she says.

"The Colonial Pipeline attack demonstrated how cybercriminals can leverage ransomware attacks on critical infrastructure — since they tend to depend heavily on real-time data, and have the means to meet ransom demands — for financial gain," Gordon notes.

Then with Russia's attack on Ukraine last February, attacks on ICS got political, with hacktivists, traditionally known for data breaches and DDoS attacks, wielding destructive wiper malware to disrupt transportation systems such as railroads and other critical infrastructure in the Ukraine for political gain, she says.

This marked a shift in not only who was attacking ICS, but how and for what motive they were launching these attacks, Gordon says. "All in all, this unprecedented level of activity across all fronts should cause us concern."

**Top ICS Cyberattack Trends**

The report identified top trends in the ICS threat landscape based on a compilation of information from various sources including open source media, CISA ICS-CERT advisories, and Nozomi Networks telemetry, as well as on exclusive IoT honeypots that Nozomi researchers employ for "a deeper insight into how adversaries are targeting OT and IoT, furthering the understanding of malicious botnets that attempt to access these systems," Gordon says.

What researchers observed over the last six months was a significant uptick in attacks that caused disruption to a number of industries, with transportation and healthcare being among the top new sectors finding themselves in the crosshairs of adversaries among more traditional targets.

Attackers are using various methods of initial entry to ICS networks, although some common weak security links that have historically plagued not just ICS but the entire enterprise IT sector — weak/cleartext passwords and weak encryption — continue to be the top access threats.

Still, “Root” and “admin” credentials are most often used as a way for threat actors to gain initial access and escalate privileges once in the network, the findings show. Other ways threat actors find their way in include brute-force attacks and DDoS attempts.

In terms of malware, RATs remain the most common malware detected against ICS, while DDoS malware and unusually high and still-rising IoT botnet activity continued to be the top threat for IoT devices on a network. The use of default credentials to hack IoT devices was the primary means of entry for IoT botnets, the researchers found.

Over the second half of last year, attacks on ICS spiked in July, October, and December, with more than 5,000 unique attacks in each of those months. Manufacturing and energy remained the most vulnerable industries, followed by water/wastewater, healthcare, and transportation systems.

Interestingly, despite the uptick in targeting Ukraine, the top attacker IP addresses observed in the second half of 2023 didn't come from Russia nor countries that side with Russia, the researchers found. Instead, the main IP addresses associated with ICS attacks were in China, the US, South Korea, and Taiwan, according to Nozomi's data.

**The Look Ahead**

Top among ICS/IoT threats to watch out for: adversaries will use hybrid threat tactics that don't follow what operators may have seen in the past, which means "it will become increasingly difficult to categorize types of threat actors based on TTPs and motives," according to the report.

Organizations in the healthcare sector — which saw a spike in attacks when COVID-19 hit that has continued even as the pandemic largely wanes — should be mindful to stay on top of medical-device updates, according to Nozomi. Threat actors will likely use exploits to access medical systems that aggregate device data, a manipulation that can have dire and even life-threatening consequences for patients, potentially leading to malfunctions, misreadings, or even overdoses in automatic release of medication.

Another new threat on the horizon is from AI-driven chatbots that attackers will use for malicious purposes, such as writing code or developing exploits for vulnerabilities. They also can use them to generate more accurate phishing/social engineering texts that can be used as entry access to ICS networks, the researchers said.

"All this could reduce the time it takes to develop targeted threat campaigns, thus increasing the frequency of cyberattacks," according to the report.

Though the news appears gloomy, securing ICS against oncoming threats can be as simple as practicing "basic cyber hygiene," employing typical IT security practices that any organization already should be using, Gordon says.

"While threat actors may have the capability to access OT and IoT directly, it's one of their long-standing strategies to first breach IT and pivot into OT," she says. "Therefore, taking steps to secure IT is key."

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

**NEW YORK****,** **Jan. 18, 2023** **/PRNewswire/ --** Abacus Group, the leading provider of hosted IT services and solutions to alternative investment firms, today announces that it has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena.

Gotham Security, as the new business will be known, will be a subsidiary of Abacus Group but continue to operate independently. The acquisition marks a milestone in Abacus Group's expansion from a security-focussed managed service provider (MSP) to a full-bodied managed security service provider (MSSP) with an extensive suite of industry-leading cybersecurity services and products.

The deal will see Gotham Security supercharge Abacus Group's existing services portfolio with a wide breadth of cybersecurity consulting expertise. Abacus Group will acquire a comprehensive set of information security capabilities to provide clients with real-world, actionable insight, including penetration testing, red teaming, tabletop exercises, risk and compliance gap assessments, and threat hunting services.

Complementing and aligning with Abacus Group's leading cybersecurity technology platform, Gotham Security's services will continue to be delivered by its team of industry trailblazers, comprised of cybersecurity leaders, researchers, educators, and creators. Gotham Security's dedicated leadership team will remain at the helm of the company, bringing their passion for elevated quality, insight, and cybersecurity awareness to both their own clients and customers of Abacus Group.  

Chris Grandi, CEO of Abacus Group, commented: "This acquisition is a natural next step in a long working relationship with Gotham Security, as the businesses have been valued resources to each other and our clients over the last decade. It's fantastic to now join forces and take further strides in our own expansion from MSP to MSSP. Abacus Group has always been committed to keeping our clients safe and secure, especially as the security and regulatory landscape continues to evolve in line with escalating cyber threats. Therefore, we are thrilled to be able to expand our cybersecurity capabilities and provide the full suite of services offered by Gotham Security to our customers and investors."

The synergy between Abacus Group's cybersecurity offerings and Gotham Security will result in a complete set of MSSP capabilities. Expanding further into the MSSP space will support Abacus Group in meeting the growing demand for comprehensive, expert-led cybersecurity insights at every level of an organization's technology stack, especially as security threats against businesses continue to increase and become ever more sophisticated.

Christian Scott, COO, CISO and Partner at Gotham Security, added: "This is a very exciting time for everyone at Gotham Security. Alongside the close, collaborative working relationship we've developed with Abacus Group over the years, our shared mission to provide a broader scope of high-quality cybersecurity and technology services to customers has been the key driving force behind our union under the same umbrella. We continue to take pride in the best-in-class security insight we provide to our customers, but we've also listened closely to their growing demand for integrated technology solutions that fulfil an entire spectrum of security needs and requirements. The complementary opportunities created by Abacus Group's robust technology solutions and Gotham Security's innovative cybersecurity services will provide greater value and more options than ever to our shared customer base."

Lowenstein Sandler LLP served as legal counsel to Abacus Group, while Szaferman, Lakind, Blumstein & Blader, PC. Served as legal counsel to GoVanguard and Gotham Security on the transaction.

**About Abacus Group**

Abacus Group is a leading provider of hosted IT solutions and services focused on helping alternative investment firms by providing an enterprise technology platform specifically designed for the unique needs of the financial services industry. The innovative and award-winning Abacus Cloud platform allows investment managers to source all technology needs as a service, offering the capacity to scale on demand to meet current and future cybersecurity, storage and compliance requirements. The company has offices in New York, NY; San Francisco, CA; Boston, MA; Dallas, TX; Greenwich, CT; Los Angeles, CA; Charlotte, NC; Miami, FL; and London, England. For more information, visit www.abacusgroupllc.com.

**About Gotham Security**

Gotham Security is a boutique cybersecurity firm founded in 2013 and based out of Manhattan, focused on providing high-quality penetration testing, malicious adversary simulation, threat intelligence services, and cybersecurity strategy services. Our team is comprised of elite white hat hackers, known as the go-to "cyber strike team." We are not just excellent at red teaming, more importantly, we know how to communicate cybersecurity threats in a practical way to organizations. We work with a growing number of Fortune 1000 companies across all major sectors of business, including multi-billion-dollar hedge funds, major insurance providers, international options trading exchanges, and more.

SOURCE Abacus Group LLC

Abacus Group Acquires Gotham Security and GoVanguard to Expand Cybersecurity Service Offerings

The integration provides crucial protection for businesses’ most vulnerable departments — help desks and customer support teams — preventing the most advanced threats sent by online users.

**(Tel Aviv, Israel – January 18, 2023) --** Perception Point, a leading provider of advanced threat protection across digital channels, today announced that it has launched _Advanced Threat Protection for Zendesk_, the champions of service-first CRM software, to provide unparalleled detection and remediation services for Zendesk customers. Perception Point customers can now protect Zendesk along with their email, web browsers and other cloud collaboration apps from a single, consolidated platform with the highest detection rates in the industry.

Helpdesk and customer support staff communicate regularly with people outside of the organization, making them especially vulnerable to external threats originating from malicious content within support tickets. Content uploaded externally can potentially be used as a vehicle for cyberattacks, allowing malicious payloads to enter an organization’s system.

Perception Point's _Advanced Threat Protection for Zendesk_, a multi-layered threat prevention platform, boosts Zendesk’s basic native security to protect customers from the most advanced malware and social engineering attacks. Easily deployed to protect all customer-facing personnel, Perception Point scans every single ticket attachment coming through Zendesk (including embedded URLs/files) in near real-time, using a combination of patented dynamic and static detection layers, based on threat intelligence, advanced algorithms and machine learning. Perception Point’s next-generation sandbox technology uniquely scans 100% of content, 40x faster than traditional technologies, to achieve unprecedented visibility into any type of attack, including advanced attacks like APTs and zero-days. Zendesk customers will be able to rapidly remediate any attack that slips through the cracks through the support of Perception Point’s free-of-charge 24/7 managed incident response service.

“The threat landscape is only becoming more complex, with threat actors initiating more advanced attacks across multiple attack vectors,” said Peleg Cabra, Product Marketing Manager, Perception Point. “Adding Zendesk integration to our Advanced Threat Protection platform allows Zendesk users to protect their organizations against malware and social engineering attacks that would otherwise avoid detection by traditional cyber defense mechanisms. The offering not only secures Zendesk’s support channels, but also reduces SOC team workloads through the support of Perception Point’s managed incident response service.”

_Advanced Threat Protection for Zendesk_ has already been successfully deployed by Agoda, an international hospitality company with over 7,000 employees worldwide, which uses Zendesk to process all customer requests. Over a three-month period, Perception Point’s solution scanned over 385,000 root files, scanned around 69,000 embedded files and URLs, identified and prevented 187 malicious events, and dynamically scanned all traffic at an average of 7.1 seconds, with 75% of content dynamically scanned in just three seconds.

“Perception Point has been instrumental in strengthening and fortifying both our organization and our Zendesk systems,” said Guy Fridman, Head of Security Operation and Response, Agoda. “Securing Zendesk is critical to the success of our customer relationships. Beyond future-proofing against potential threats, Perception Point also allows our SOC team to focus on other important security areas such as monitoring, testing, and analyzing our overall security posture. This combination of innovative technology and reliable client servicing has provided us with the confidence to operate with zero to little friction.”

Read more about the Zendesk case study with Agoda here.

Perception Point’s advanced threat protection solution is now available for Zendesk Support products. Read here for more information about protecting Zendesk.

**About Perception Point**

Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution's natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations.

Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point.

To learn more about Perception Point, visit our website, or follow us on LinkedIn, Facebook, and Twitter.

Perception Point Launches Advanced Threat Protection and Rapid Remediation for Zendesk Customers

**WESTMINSTER, Colo.****,** **Jan. 18, 2023** **/PRNewswire/ --** In partnership with the world-class Dark Reading research team, global cybersecurity pioneer Coalfire today unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud. 

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Coalfire CEO Tom McAndrew. "Cybersecurity has historically been lower in priority for organizations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

The report provides seasoned and aspiring security leaders with the most effective strategies to increase C-level influence, build brand trust, and implement cloud migration best practices. Respondents comprised 137 C-level security and IT professionals in North America across major industry sectors.

To see the full findings, visit: State of CISO Influence report

**About Coalfire**

The world's leading organizations – including the top five cloud service providers and leaders in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. Number one in compliance, FedRAMP®, and cloud penetration testing, Coalfire is the world's largest firm dedicated to cybersecurity, providing unparalleled technology-enabled professional and managed services. To learn more, visit Coalfire.com.

New Coalfire Report Reveals CISOs Rising Influence

People are working harder than ever, but they're not happy about it — and the insider threat is all too real.

Quiet quitting, as the media reports it, is a myth.

On the heels of the Great Resignation that plagued companies during the COVID-19 pandemic, businesses started to fear the notion of quiet quitting, an idea that went viral after Zaid Khan, a 24-year-old engineer from New York, posted a video on TikTok in July. The video, which has drawn about a half-million likes (and endless media attention), was an argument for reassessing work-life balance in a post-COVID world — by doing your job but resisting the "hustle-culture mentality" to regularly go above and beyond. Since its posting, people have latched on to the twisted notion of workers doing as little as possible, essentially causing work slowdowns without leaving their jobs.

That is nonsense. In reality, people are working harder than ever, and they are not happy about it — and that might be bad for business. A dissatisfied workforce increases the potential for insider threats, either through sabotage or exfiltrating corporate IP.

**The Myth of Quiet Quitting**

Let's get this out of the way. Quiet quitting, as the media report it, is a fabrication. Productivity is up. With economic uncertainty looming around every corner of the tech world, people aren't quitting, quietly or otherwise. Most people cannot afford to be perceived as not working hard. But that doesn't mean they are happy in their work life. A recent Gallup survey of 15,001 workers found that 55% were "struggling" in the poll's Life Evaluation Index, and only 24% said their organizations cared about their overall well-being — a steep drop-off from 49% in May 2020.

Employee discontent comes from two opposite extremes:

*   Marginal employees, fearful of a looming recession, are keeping their heads down and noses to the grindstone. But, concerned about their futures, they may be exfiltrating corporate data for their own benefit.
*   In the other camp, star employees, having realized that if they can work from home, they can work from anywhere, are becoming more demanding. The belief that their employer is not doing enough for them can lead to disillusionment with an organization, resulting in those "star employees" doing things that are harmful to the corporation.

Employees in both camps may be thinking of their next job while working in their current position. Employees who are looking for exit signs often wonder what they need to take with them when they walk out the door, either in a forced march or fleeing for theoretically greener pastures. And sometimes, they leave behind ticking time bombs.

**You Can Take It With You**

About 50% of all employees exfiltrate IP that will be helpful for their next job. Most of the data they take is from projects they have worked on, but 12% of what they take does not relate to their jobs — including information such as SharePoint directories, company lists, and contract terms.

The latter cases might involve information that was shared companywide and could prove useful to an employee in their next job. Some of the illicit information can be obtained through the corporate network, while some can only be gathered through social engineering by asking a colleague to pass along some content that the requester cannot access.

**Sabotage From the Inside**

As the pace of layoffs increases, some employees may turn from contented to disgruntled and look to strike back via corporate sabotage. This can take the form of sabotaging an organization's internal infrastructure or stealing company secrets and selling them to the highest bidder. In either case, it can happen whether the employee is staying in place or heading for the exit.

HR teams need to provide notices of layoffs to IT workers, and if employees stay in place while looking for new positions, the security team needs to find a way to cut off the employees' ability to damage the company internally or exfiltrate sensitive data.

**How Data Is Extracted**

The use of unsanctioned applications, especially by employees working from home and mixing work and personal tools, provides an avenue for employees to exfiltrate data. Companies may block unauthorized IM apps, but external email programs and third-party browsers often go unnoticed.

An employee could, for example, copy company data, save it as an email draft, and retrieve it later via a personal device. A third-party browser may also use Tor encryption, which can make it fairly easy to exfiltrate data by circumventing security controls.

**HR and IT Need to Work Together**

Quiet quitting is a myth. Employee productivity is flat or even up. The segue from working in an office to remote work has dislodged employee loyalty. It also has made it somewhat easier for employees to take information with them when they decide to look for better working conditions or are asked to leave. Until recently, it was always the IT team warning HR about security risks. In this current economic climate, it's the other way around, with HR needing to inform IT about the risks stemming from the inside.

HR and IT need to take certain steps together, such as blocking shadow IT, to prevent data from being surreptitiously moved. This will help ensure that departing employees, as well as those who remain, aren't taking any information that could later harm or even cripple the company. HR taking the lead here is a new paradigm, but so is almost everything else in this post-pandemic world.

Cybersecurity and the Myth of Quiet Quitting

Range of Addressable Concerns Includes "Brute Forcing Accounts with Weak Passwords" and "Excessive File System Permissions."

**DENVER****,** **Jan. 18, 2023** **/PRNewswire/ --** Lares, a leader in global security assessment, testing, and coaching, today released new research highlighting the five most common penetration testing findings encountered by the firm's consultants over hundreds of client engagements in 2022.

Lares typically finds numerous vulnerabilities and attack vectors when conducting penetration tests or red team engagements for clients, regardless of the organization's size or maturity. However, the research team at Lares was surprised by how many times the same five findings kept turning up during their penetration tests and red team engagements in early 2022.

"As we wrapped up 2022, our surprise gave way to expectation, and we found ourselves genuinely surprised if one, or all, of the top five issues were not found on any given engagement," said Andrew Hay, Chief Operating Officer of Lares. "Every single vulnerability described in our latest research paper can be avoided or eliminated through better cybersecurity hygiene practices."

The Lares research team emphasized that these Top 5 findings were not the most severe threats for clients, but rather, the ones they most frequently encountered during engagements over the past year. Key takeaways describing each category include:

**Brute Forcing Accounts with Weak and Guessable Passwords:** Organizations that have not implemented multifactor authentication (MFA) should be aware that adversaries may target accounts where users have selected weak or guessable passwords to gain access to systems, services, and network resources. If authentication failures are high, there may be a brute-force attempt to gain access to a system using legitimate credentials.

**Kerberroasting:** Kerberos Service Principal Names (SPNs) uniquely identify each instance of a Windows service configured to accept Kerberos Tickets for authentication. Adversaries possessing a valid Kerberos Ticket-Granting Ticket (TGT) may request one or more Kerberos Ticket-Granting Server (TGS) Service Tickets for any service with an SPN configured from a Key Distribution Server – typically the Domain Controller (DC) in Windows Active Directory. This Service Ticket is then brute-forced offline to recover the plain-text credentials of the account.

**Excessive File System Permissions:** Improperly set permissions on the binary or directory in which it resides may allow attackers to replace the legitimate binary with a file of their choosing. Adversaries may use this technique to replace legitimate pre-existing binaries or dynamic-link libraries (DLLs) with malicious ones to execute subversive or potentially disruptive code with a much higher permission level than their current user permissions.

**WannaCry/EternalBlue:** Remote code execution vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server that handles certain requests. An attacker who successfully exploits the vulnerabilities could gain the ability to execute code on the target server. The EternalBlue and EternalRomance exploits were leaked by "The Shadow Brokers" group in 2017. The EternalBlue exploit was also leveraged by WannaCry ransomware to compromise Windows machines, load malware, and propagate to other machines in a network.

**WMI (Windows Management Instrumentation) Lateral Movement:** Lateral movement is a critical phase in any attack targeting more than a single computer. It is not a vulnerability, but a technique employed by attackers to interact with or gain access to a system other than the current system upon which they are operating. The WMI allows for a structured approach to communicating with a remote computer and exposes system monitoring and configuration capabilities to a remote machine. An adversary can use this native functionality to execute malicious code, modify system settings such as adding a user or password or disabling security tools before performing other activities.

The Lares Top 5 Penetration Test Findings in 2022 research paper is available for download here: https://www.lares.com/lares-top-5-penetration-test-findings-report/.

Lares has scheduled a webinar on Thursday, January 26, at 10 a.m. (PT)/1 p.m. (ET), to discuss these white paper findings in greater detail. To sign up or get more information about the webinar, please click here: https://attendee.gotowebinar.com/register/4185409087390473815.

**About Lares, LLC**

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing, and coaching since 2008. For more information, visit lares.com, contact us at (720) 600-0329, or follow Lares on Twitter @Lares\_.

Lares Research Highlights Top 5 Penetration Test Findings From 2022

With Actions Integrations, Okta is expanding its no-code offerings to help administrators manage and customize their identity workflow.

Every organization has its own set of identity requirements, which means very few identity platforms have everything right out of the box. Administrators have to customize the identity workflow to address their security, privacy, compliance needs while balancing ease-of-use. For many organizations, that means developers are writing custom code to secure and manage identity workflows.

Okta has introduced Actions Integrations, easily integrated third-party components that extend Okta Customer Identity Cloud with new features and capabilities. These components make third-party connections directly, without having to write any code, Okta said.

Actions Integrations "solve common identity needs that aren’t addressed out of the box by Okta Customer Identity Cloud," Okta said in a blog post announcing the general availability of Actions Integrations. This way, developers can focus on the core product features and less on building out code to manage authentication and identity.

The Marketplace already has a number of security- and privacy-focused components – such as for identity proofing (to verify the end user's identity), consent management (capture and tract consent through the customer lifecycle), and data collection (directly from users). Even as Okta provides more no-code options, it will continue to support developers and partners who want to build their own integrations.

"The Auth0 Marketplace hosts all available integrations where developers can find the pieces that are missing from their identity flow," Okta said.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading