The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it.

When the Bloomberg Terminal was introduced in 1982, it changed Wall Street forever. The Terminal was a computing marvel, aggregating and correlating more data than ever imagined. From market data to global currencies, commodities and real estate to policy and politics, investors and traders had for the first time a centralized data platform for real-time, multidimensional visibility and analysis. 

After seeing the field differently, users developed new proprietary strategies that led to an explosion in new products, such as index options and mortgage-backed securities. Data analysis kicked off an age of discovery, and it made Wall Street the place to be in the 1980s and beyond.

Today, data analysis is a critical component of any cybersecurity program. Security teams must sift through a dizzying array of inputs and issues in order to separate the signals and noise. They must differentiate between legitimate and malicious activity and prioritize where to take action to mitigate risk and battle adversaries to protect their businesses and customers.

One could argue that artificial intelligence (AI) and machine learning (ML) are leading the much-needed age of advancement in cybersecurity. But thousands of companies are using AI and ML to develop thousands of cybersecurity solutions. Siloed implementations by vendors that have little incentive to collaborate have created massive complexity that ultimately still leaves businesses vulnerable to attacks and exploits. 

The Bloomberg Terminal for cybersecurity — the "single pane of glass" that gathers and correlates all the relevant information security professionals need to do their jobs efficiently — doesn't yet exist. So enterprises are left grappling with where they should begin.

**Protect the Most Critical Asset First**

The approach we have been using to reduce business risk and protect critical assets is not working or scaling to meet the complexity of today's environment or the attack landscape. The focus has been on protecting the infrastructure, the data center, and the devices using a complex web of barriers to limit access. Despite the attention that zero-trust security architectures have received, it seems that as an industry, we struggle to turn the rhetoric into architecture. Businesses are encouraged to move away from moats and castles and toward securing access and applications, but practitioners still tend to focus on building fences around their most critical assets instead of securing the assets themselves.

Yet data is arguably the enterprise's most important asset. Data breaches exposed 21 billion records in 2021. This is why cybercriminals target it and governments around the world regulate it. The business consequences of a data breach have never been higher. According to the 2022 "Cost of a Data Breach" report from IBM and Ponemon, the average cost of a data breach rose to a record $4.35 million in 2022.

As the enterprise transitions to the cloud, this shift dramatically increases the threat surface of an organization, since much of this activity is outside the visibility of the security teams. "The cloud" no longer means a public cloud vendor or two. The modern enterprise environment involves on-prem services, multiple cloud services, software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) all securing managed and unmanaged devices, with hybrid employees and third parties all requiring access to business assets. Security professionals have no way to see it all, certainly not in a dashboard view.

**Protect the Whole Enterprise**

Few organizations speak with more CISOs than Gartner. According to "Gartner Predicts 2022," consolidated security platforms are the future:

_Vendors are increasingly divided into 'platform' and 'portfolio' camps, with the former integrating tools to make a whole that's greater than the sum of the parts, and the latter packaging products with little integration. Technology consolidation is not limited to one technology area or even to a closely related set of technologies; these consolidations are happening in parallel across many security areas._

The Bloomberg Terminal for cybersecurity may never exist in the way security professionals dream about, so it'll be up to them to envision and create their own version. This is harder than it might seem, as evidenced by the increasing disillusionment security practitioners feel with their security information and management (SIEM) implementations — where big data leads to big bills but not deep insights — and the growth of more specialized event management and extended detection and response (XDR) solutions. This will require a review of that sea of options to select the tools that make the most sense for each layer of the enterprise.

Could we end up with a handful of platforms built on open standards? For the sake of enterprise risk, and the people doing the work, let's hope so.

When Will Cybersecurity Get Its Bloomberg Terminal?

Malwarebytes achieves 250% year-over-year MSP partner growth, introduces new modules to enhance protection, detection, and resolution of threats for SMBs.

**SANTA CLARA, Calif., Sept. 27, 2022 / PRNewswire/ —** MalwarebytesTM, a global leader in real-time cyber protection, continues to expand its OneView platform capabilities as well as rapidly grow the company's Managed Service Provider (MSP) program. In addition to best-in-class endpoint security, MSPs can now access vulnerability assessment, patch management, and Domain Name System (DNS) filtering from Malwarebytes OneView.

"At Malwarebytes, we aim to serve the underserved, which is what our MSP partners are doing every day for SMBs," said Brian Thomas, Vice President of Worldwide MSP & Channel Programs at Malwarebytes. "I joined Malwarebytes with ambitious plans that are coming to life through our amazing team and unwavering commitment to help both new and existing MSP partners keep their clients safe while catapulting their businesses to new heights."

Delivering high-quality cybersecurity services and keeping customer environments free from malware requires a skilled team that can provide 24x7 coverage. Yet, many MSPs face constrained staff resources, skyrocketing costs and complexities of managing multiple solutions to uncover hidden threats. Today's MSPs require streamlined and simplified solutions to help them keep pace.

The Malwarebytes OneView platform empowers MSPs to deliver enterprise-class endpoint security products that drastically reduce customer malware infections and ransomware exposure. The easy-to-manage platform allows security analysts of all skill levels to be effective from a centralized cloud-based console. With different levels of protection capabilities and threat prevention modules, MSPs can offer the right product or service to each customer, tailored to their specific needs.

This quarter, Malwarebytes has continued to build upon OneView, adding three new modules that simplify breach prevention within the same cloud interface MSPs already trust for detection and remediation:

*   **Vulnerability and Patch Management**, which enables MSPs to take control of their full patching process, helping ensure defenses are up to date across their clients' environments.
*   **DNS Filtering**, which empowers organizations to regulate access to websites and other content on company-managed networks, which in turn reinforces the security of company data.
*   **Vulnerability Assessment**, which helps users understand exposure, identify vulnerabilities, and prioritize actions to update defenses across device and server operating systems and a wide range of third-party applications.

"The continued expansion of the OneView platform empowers us to help our customers with enhanced protection modules and expert support, reducing investments in time and resources needed to protect their organizations against increasingly complex vulnerabilities," said Daniel Mitchell, CEO of Alt-Tech. "Our partnership with Malwarebytes means stronger and simpler protection for our SMB customers, helping them successfully navigate potential threats."

Malwarebytes' initial MSP Program and OneView showed significant traction, resulting in over 250% YOY growth, with more than 2,700 new global MSP partners and strategic partnerships with Addigy, Atera, ConnectWise, Datto, GCN Group, Kaseya, Sherweb, TeamViewer and regional partner Soft Solutions. Based on business demand and future growth projections, Malwarebytes added more than 30 employees in the last six months across the MSP team, including Nadia Karatsoreos, who is dedicated to empowering MSPs to profitably grow their businesses. The company plans to continue expanding the MSP Program with further product innovation as well as additional resources and training.

"I am thrilled to be joining the Malwarebytes team during this pivotal time," said Nadia Karatsoreos, Senior MSP Growth Strategist at Malwarebytes. "MSPs have been tasked with keeping their clients safe from cyber threats, which is not an easy feat. They not only need the tools but also a supportive vendor so they can confidently sell and serve their customers. I'm so excited that I get to continue to help MSPs grow their businesses."

To read more about the latest threats and cyber protection strategies, visit our newsroom, or follow us on Facebook, Instagram, LinkedIn, TikTok, and Twitter.

**About Malwarebytes  
**Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, that mission has expanded to provide cyber protection for everyone. Malwarebytes provides consumers and organizations with device protection, privacy, and prevention through effective, intuitive, and inclusive solutions in the home, on-the-go, at work, or on campus. A world-class team of threat researchers and security experts enable Malwarebytes to protect millions of customers and combat existing and never-before-seen threats using artificial intelligence and machine learning to catch new threats rapidly. These capabilities have been lauded by independent third parties including, among others, MITRE Engenuity, MRG Effitas, AV-TEST (consumer and business), G2 Crowd and CNET. With threat hunters and innovators across the world, the company is headquartered in California with offices in Europe and Asia. For more information, visit https://www.malwarebytes.com.

**SOURCE:** Malwarebytes

Malwarebytes Expands OneView Platform for MSPs

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.

The average ethical hacker can find a vulnerability that allows the breach of the network perimeter and then exploit the environment in less than 10 hours, with penetration testers focused on cloud security gaining access most quickly to targeted assets. And further, once a vulnerability or weakness is found, about 58% of ethical hackers can break into an environment in less than five hours.

That's according to a survey of 300 experts by the SANS Institute and sponsored by cybersecurity services firm Bishop Fox, which also found that the most common weaknesses exploited by the hackers include vulnerable configurations, software flaws, and exposed Web services, survey respondents stated.  

The results mirror metrics for real-world malicious attacks and highlight the limited amount of time that companies have to detect and respond to threats, says Tom Eston, associate vice president of consulting of Bishop Fox.

"Five or six hours to break in, as an ethical hacker myself, that is not a huge surprise," he says. "It matches up to what we are seeing the real hackers doing, especially with social engineering and phishing and other realistic attack vectors."

The survey is the latest data point from cybersecurity companies' attempts to estimate the average time organizations have to stop attackers and interrupt their activities before significant damage is done.

Cybersecurity services firm CrowdStrike, for example, found that the average attacker "breaks out" from their initial compromise to infect other systems in less than 90 minutes. Meanwhile, the length of time that attackers are able to operate on victim's networks before being detected was 21 days in 2021, slightly better than the 24 days in the prior year, according to cybersecurity services firm Mandiant.

**Organizations Not Keeping Up**

Overall, nearly three-quarters of ethical hackers think most organizations lack the necessary detection and response capabilities to stop attacks, according to the Bishop Fox-SANS survey. The data should convince organizations to not just focus on preventing attacks, but aim to quickly detect and respond to attacks as a way to limit damage, Bishop Fox's Eston says.

"Everyone eventually is going to be hacked, so it comes down to incident response and how you respond to an attack, as opposed to protecting against every attack vector," he says. "It is almost impossible to stop one person from clicking on a link."

In addition, companies are struggling to secure many parts of their attack surface, the report stated. Third parties, remote work, the adoption of cloud infrastructure, and the increased pace of application development all contributed significantly to expanding organizations' attack surfaces, penetration testers said.

Yet the human element continues to be the most critical vulnerability, by far. Social engineering and phishing attacks, together, accounted for about half (49%) of the vectors with the best return on hacking investment, according to respondents. Web application attacks, password-based attacks, and ransomware account for another quarter of preferred attacks.

"\[I\]t should come as no surprise that social engineering and phishing attacks are the top two vectors, respectively," the report stated. "We've seen this time and time again, year after year — phishing reports continually increase, and adversaries continue to find success within those vectors."

**Just Your Average Hacker**

The survey also developed a profile of the average ethical hacker, with nearly two-thirds of respondents having between a year and six years of experience. Only one in 10 ethical hackers had less than a year in the profession, while about 30% had between seven and 20 years of experience.

Most ethical hackers have experience in network security (71%), internal penetration testing (67%), and application security (58%), according to the survey, with red teaming, cloud security, and code-level security as the next most popular types of ethical hacking.

The survey should remind companies that technology alone cannot solve cybersecurity problems — solutions require training employees to be aware of attacks, Eston says.

"There is not a single blinky-box technology that is going to repel all the attacks and keep your organization safe," he says. "It is a combination of people process and technology, and that has not changed. Organizations gravitate toward the latest and greatest tech ... but then they ignore security awareness and training their employees to recognize social engineering."

With attackers focused on exactly those weaknesses, he says, organizations need to change how they are developing their defenses.

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

Researchers are warning that Lazarus has expanded its campaign using fake jobs with cryptocurrency exchanges to trick macOS users into downloading malware.

Just last month, researchers observed Lazarus using Coinbase job openings to trick macOS users into downloading malware. Now, SentinelOne says the same threat group has expanded its phishing campaign to include fraud job postings at another cryptocurrency exchange, Crypto.com.

According to the SentinelOne report on the new crypto job lure, the additional victims were initially contacted by Lazarus through LinkedIn messaging.

Lazarus is an advanced persistent threat (APT) group with ties to the North Korean state. SentinelOne pointed out that the attack group has been targeting cryptocurrency exchanges since 2018, and has specifically used fake cryptocurrency exchange jobs as lures since 2020.

"The Lazarus (aka Nukesped) threat actor continues to target individuals involved in cryptocurrency exchanges," the SentinelOne researchers wrote. "This has been a long-running theme going as far back as the AppleJeus campaigns that began in 2018."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.

The past two years have marked a host of changes for cybersecurity professionals, as the pandemic, the ransomware tsunami, and increasing political and regulatory scrutiny have all created mounting expectations as their role becomes part and parcel with the lifeblood of organizations.

In a session at next week's SecTor 2022 conference taking place in Toronto, Tony Anscombe, chief security evangelist at ESET, will address this recent period of upheaval and role evolution, and what cyberteams can expect going forward. The bottom line? They should be prepared for pressure, pressure, and more pressure.

**2020–2022: Cybersecurity Grows in Stature, Pressure Mounts**

During his panel on Oct. 5, entitled "Two Years of Accelerated Cybersecurity and the Demands Being Placed on Cyber Defenders," Anscombe will discuss how the importance of implementing a good cybersecurity team and platforms really became a conversation when the COVID-19 pandemic lockdowns sent everyone home — and more importantly, how it marked the beginning of a two-year evolution of cyber-defense having a central role in business discussions.

"The use of cloud technologies and remote desktop protocol (RDP) were hallmarks of 2020 being the year of digital transformation," he tells Dark Reading. "But it was also a year of cybersecurity transformation, because those teams began the move from a back-office role to the front office; they became the business enabler as opposed to the business obstacle. Companies were saying, 'OK, everybody's gone home — how do we keep going?' And realistically it was the security team that was the enabler for remote working, online ordering for the sandwich shops, taking remote payments, and other basic needs."

Thus, 2020 saw cybersecurity teams became far more visible in the daily life of businesses; but that was just the beginning of an ongoing elevation in stature, Anscombe explains — because then, ransomware attacks began accelerating, and ransom amounts started growing.

He explains that this period represents a tipping point for when it became commonplace for ransomware-as-a-service (RaaS) gangs to go after millions of dollars in a single hit, such as $4.4 million for Colonial Pipeline; $40 million for CNA Financial; and $70 million for Kaseya, to name just a few. Thus, ransomware became an important existential crisis for companies, and ransomware gangs became a near-ubiquitous threat.

"We saw an entire evolution of monetization in that particular year, which lured cybercriminals in and made it a business imperative to deal with, and then it became a frontline political issue after the attack on Colonial Pipeline," Anscombe says. "So you saw government stepping up and saying, 'Hey, we need to do something about cybercrime, we have voters lining up outside gas stations.'"

This year, the political aspects of cybercrime have only been exacerbated, he says, thanks to the conflict in Ukraine: "You see all the agencies around the world saying we need to protect critical infrastructure from nation-state attacks etc., so that's upping of the game again."

Defense is meanwhile easier said than done, as ransomware actors continue to grow in sophistication.

"At the moment, I think as a cybersecurity defender ... you've got these ransomware attacks that were once attachments of emails that are now advanced persistent threat (APT)-style attacks exploiting long-term vulnerabilities in systems, putting their markers in networks and coming back to them later on," Anscombe says.

**Regulation & Reporting Requirements Up the Ante**

Where cyberteams sit within the hierarchy of businesses has also been affected by additional regulation and cyber-incident reporting requirements, which creates the need for a cross-discipline discussion of risk with legal and compliance departments, Anscombe also notes. This creates enormous pressure on cyberteams thanks to fact that the sheer number of requirements is growing, creating thorny complexities.

"Imagine you're a public company, and you're in insurance or the finance industry, and you do business internationally, you've got to comply with privacy requirements for the California Consumer Privacy Act and GDPR, you've got to meet the FDIC's cyber-incident reporting requirements," he explains. "The SEC has proposed others. And if you're a water utility company, you might have to comply with the critical infrastructure reporting. This is becoming very bureaucratic, and it needs to be harmonized in some way."

He adds, "Most importantly, the role of the cyber-defender is about to change significantly again, because you're probably going to have to have a paralegal sitting at the end of the desk during incident response. And, one of the big, big challenges for a lot of businesses will be adhering to their cyber-risk insurance policy, which affects the finance department. It's kind of the backstop, you're going to have to fall back on these policies. And the policies are becoming more stringent."

Meanwhile, all of these increased and new pressures that security teams are feeling are exacerbating some of the existing challenges, such as the workforce-gap issue — which Anscombe believes will create even more change for cyber-defense teams.

"I think all of this change just puts more burden on the cybersecurity resourcing issue, and become even more challenging for companies that to find the right level of people," Anscombe says. "Does that mean companies then go to managed service providers (MSPs)? Does it mean they start dragging in more resource from partners? Does it mean more of it becomes outsourced? I think that's a maybe the thing to watch for the 2023 segment of cyber."

Amid Sweeping Change, Cyber Defenders Face Escalating Visibility — and Pressure

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

Australian telecommunication giant Optus is reportedly receiving help from the FBI in investigating what appears to have been an easily preventable breach that ended up exposing sensitive data on nearly 10 million customers.

Meanwhile, the apparent hacker or hackers behind the breach on Tuesday withdrew their demand for a $1 million ransom along with a threat to release batches of the stolen data till the ransom was paid. The threat actor also claimed he or she deleted all the data stolen from Optus. The apparent change of heart, however, came after the attacker already earlier had released a sample of some 10,200 customer records, seemingly as proof of intent.

**Second Thoughts**

The attacker's reason for withdrawing the ransom demand and the data leak threat remain unclear. But in a statement posted on a Dark Web forum — and reposted on databreaches.net — the alleged attacker alluded to "too many eyes" seeing the data as being one reason. "We will not sale data to anyone," the note read. "We can't if we even want to: personally deleted data from drive (Only copy)." 

The attacker also apologized to Optus and to the 10,200 customers whose data was leaked: "Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you."

The apology and the attacker's claims of deleting the stolen data are unlikely to assuage concerns surrounding the attack, which has been described as Australia's largest-ever breach.

Optus first disclosed the breach on Sept. 21, and in a series of updates since then has described it as affecting current and previous customers of the company's broadband, mobile, and business customers from 2017 onward. According to the company, the breach may have potentially exposed customer names, dates of birth, phone numbers, email addresses, and — for a subset of customers — their full addresses, driver's license information, or passport numbers.

**Optus Security Practices Under the Microscope**

The breach has stoked concerns of widespread identity fraud and pushed Optus into — among other measures — working with different Australian state governments to discuss the potential for changing driver's license details of affected individuals at the company's cost. "When we get in touch, we'll place a credit on your account to cover any relevant replacement cost. We’ll do this automatically, so you don’t need to contact us," Optus informed customers. "If you don’t hear from us, it means that your driver’s license doesn’t need to be changed."

The data compromise has put Optus security practices squarely under the spotlight especially because it appears to have resulted from a fundamental error. The Australian Broadcasting Corporation (ABC) on Sept. 22 quoted an unidentified "senior figure" inside Optus as saying the attacker was basically able to access the database via an unauthenticated application programming interface (API). 

The insider allegedly told ABC that the live customer identity database the attacker accessed was connected via an unprotected API to the Internet. The assumption was that only authorized Optus systems would use the API. But it somehow ended up getting exposed to a test network, which happened to be directly connected to the Internet, ABC quoted the insider as saying.

ABC and other media outlets described Optus CEO Kelly Bayer Rosmarin as insisting the company was the victim of a sophisticated attack and that the data the attacker claimed to have accessed was encrypted.

If the report about the exposed API is true, Optus was the victim of a security mistake that many others make. "Broken user authentication is one of the most common API vulnerabilities," says Adam Fisher, solutions architect at Salt Security. "Attackers look for them first because unauthenticated APIs take no effort to breach."

Open or unauthenticated APIs often are the result of the infrastructure team, or the team that manages authentication, misconfiguring something, he says. "Because it takes more than one team to run an application, miscommunication frequently occurs," Fisher says. He notes that unauthenticated APIs occupy the second spot in OWASP's list of the top 10 API security vulnerabilities.

An Imperva-commissioned report earlier this year identified US businesses as incurring between $12 billion and $23 billion in losses from API-linked compromises just in 2022. Another survey-based study that Cloudentity conducted last year found 44% of respondents saying their organization had experienced data leakage and other issues stemming from API security lapses.

**"Spooked" Attacker?**

The FBI did not respond immediately to a Dark Reading request for comment via its national press office email address, but the Guardian and others reported the US law enforcement agency as being called in to assist with the investigation. The Australian Federal Police, which is investigating the Optus breach, said it was working with overseas law enforcement to track down the individual or group responsible for it.

Casey Ellis, founder and CTO of bug bounty firm Bugcrowd, says the intense scrutiny the breach has received from the Australian government, public, and law enforcement may have spooked the attacker. "It's fairly rare for this type of interaction to be as spectacular as this one has been," he says. "Compromising nearly half the population of a country is going to garner a lot of very intense and very powerful attention, and the attackers involved here clearly underestimated this." 

Their response suggests the threat actors are very young and likely very new to criminal conduct, at least of this scale, he notes.

"Clearly, the Australian government has taken this breach very seriously and is going after the attacker voraciously," Fisher adds. "This strong response might have caught the attacker off guard," and likely prompted second thoughts. "However, unfortunately, the data is already out in the open. Once a company finds itself in the news like this, every hacker pays attention."

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.

Microsoft Azure Virtual Desktop (AVD) users now have the option for single sign-on (SSO), as well as passwordless authentication, with the public preview of the latest Microsoft upgrade. 

"Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys)," Microsoft's David Belanger explained in a blog post about the new feature's debut. 

According to the announcement of the public preview of the new cloud security feature, after users install the September Cumulative Update Preview, the features will be available on Windows 10 and 11, as well as Windows Server 2022. 

According to Belanger's post, the latest AVD upgrade will allow users to: 

*   Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and web clients
*   Use passwordless authentication to sign in to the host using Azure AD
*   Use passwordless authentication inside the session when using the Windows client
*   Use third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host

The Azure Academy tutorial for administrators explaining how to deploy the new updates said the new SSO option was the "most requested AVD feature of all time." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop

There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.

Digital transformation is transforming every aspect of the way organizations compete and operate today. This radical change is reshaping the way that enterprises produce, store, and manipulate an ever-increasing amount of data — emphasizing the need to ensure data governance.

Computing environments are also more sophisticated than they used to be, frequently encompassing the public cloud, the enterprise data center, and a variety of edge devices — including remote servers and Internet of Things (IoT) sensors. This complexity increases the attack surface, making it more difficult to monitor and secure.

A lack of data protection, global pandemic effects, and an increase in attack complexity have allowed for a significant rise in compromised and hacked data that is increasingly common in the workplace. In fact, an external attacker may breach the network perimeter of an organization and access local network resources 93% of the time.

It's a good thing, however, that the sensitivity of distinct data sets and the accompanying regulatory compliance requirements are taken into account by adequate data security.

**Data Security Is More Important Than Ever**

During the pandemic, more customers also became remote customers as more workers became remote workers. As a result, keeping an online environment secure has increased in significance for companies.

When supply chain and labor concerns are already making business difficult, such interruptions can make things even more difficult. As a consequence, a cyberattack can harm a company's reputation with clients and business partners, result in lost revenue, and pose a risk of data loss.

In fact, according to the 2022 data breach report from IBM and the Ponemon Institute, the average cost of a data breach has increased to a record high of $4.4 million.

This highlights the importance of protecting confidential information, which must be a significant responsibility for businesses and organizations.

**Four Data Security Practices Your Organization Should Implement**

A recent study indicated that most businesses have weak cybersecurity procedures, leaving them open to data loss. Although data security isn't the be-all, end-all of cybersecurity defenses — like perimeter and file security, to mention a couple — it is still one of several essential techniques for assessing dangers and lowering the risk involved in managing and storing data.

Fortunately, practical methods and strategies have been created to prevent poor data security practices. Here are four of the best data security practices you should know about.

**1\. Implement Access Controls**

Access controls are crucial to data security because they regulate who has access to and uses business data and resources. Access control rules ensure users have the proper access to corporate data and are who they say they are through authentication and authorization.

They are essentially the selective limiting of data access. Authentication and authorization are two important parts of access control. There can be no data security without authentication and authorization.

Access control reduces the possibility of unapproved users entering logical and physical systems and jeopardizing security. It is an essential part of security compliance programs, as it ensures that access control policies and security technology are in place to protect sensitive data, such as customer information.

**2\. Utilize Endpoint Security Tools to Safeguard Your Data**

Endpoints on your network are continuously in danger. As a result, you must have a robust endpoint security infrastructure to reduce the likelihood of potential data breaches. Start by putting the following strategies into practice:

*   **Antivirus software:** Ensure it is set up on all workstations and servers. Run routine scans to keep your system healthy and detect any infestations, such as ransomware.
*   **Anti-spyware software:** Spyware is a type of harmful computer software frequently installed without the user's awareness. You can remove or block those with the aid of anti-spyware and anti-adware software.
*   **Firewalls:** These operate as a barrier between your data and fraudsters, which is why most experts consider them among the best data protection practices. Internal firewalls are another option for enhancing security.

**3\. Employ Data Encryption**

One of the most fundamental data security best practices is encryption, which is frequently disregarded despite its importance. Data encryption serves to protect digital data confidentiality while it is stored on computers and sent over the Internet or other networks. These algorithms ensure confidentiality and support key security initiatives such as authentication, integrity, non-repudiation, and authenticity.

**4\. Develop a Risk-Based Security Strategy**

Pay close attention to the minor things, such as the hazards your business may encounter and how they might damage employee and customer data. Here, a thorough risk assessment is necessary. The following are some actions that risk assessment enables you to take:

*   Determine the kind and location of your assets.
*   Determine the cybersecurity condition you are in.
*   Maintain an accurate security approach.

Using a risk-based approach, you can adhere to regulations and safeguard your company from potential leaks and breaches.

**Safeguard Your Organization's Data and Protect Your Business in the Future**

Although it frequently appears on the agenda of executive committee meetings, given the escalating concerns posed by the pandemic, strengthening data security must require additional attention. Businesses should be proactive in addressing the threats and develop strategies for preventing successful cyberattacks — rather than reacting when they are already happening. Despite the fact that recovery measures exist, prevention is always better than a cure.

This pandemic has shown us that minimizing the hazards associated with cyberattacks requires careful planning and stronger data security practices. The proper procedures, such as implementing access controls and data encryption, must be used in conjunction with the appropriate security software in order to avoid the magnitude of a data breach and the hidden costs that come with it.

There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action. Businesses must improve the creation and implementation of security measures and make remote working methods resistant to cyberattacks. Start by following these data security practices so that you will be better equipped to handle the rising number of cyberthreats, and protect your company in the future.

4 Data Security Best Practices You Should Know

This Tech Tip outlines three steps security teams should take to protect information stored in Salesforce.

No one likes to hear the B-word: _breach_. Developers definitely don't want to hear that word in relation to a platform they use day in and day out.

When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS): Heroku and Travis CI.

Attackers had stolen OAuth tokens issued to Heroku and Travis CI and used them to access and download the contents of private repositories, GitHub found.

Where does the most sensitive information reside in your organization? For organizations using Heroku, Salesforce houses the information that, if exposed, could cripple the organization. Security teams need to think about protecting their Salesforce data. Why should they put the organization's cybersecurity at risk by relying on third-party integrations?

These three simple steps can help improve cybersecurity posture on Salesforce.

**1\. Use Salesforce-Native Applications**

Applications built on Salesforce ensure that your data remains in one place with the same cybersecurity posture as the Salesforce platform. With apps consolidated on a single platform, the attack surface is greatly reduced.

**2\. Establish a Zero-Trust Model**

Never trust, always verify. All users should have the minimum level of permissions and access needed to be able to complete their necessary tasks while requiring users to prove their need and identities before access. Audit everything.

**3\. Utilize Secrets Management**

Never store credentials in clear text, and always assume private repositories are public. Having a secrets management solution ensures that your secrets are rotated along with having an appropriate level of security compliance around your credentials.

With this improved cybersecurity posture, developers, infosec teams, and the CEO will be at ease knowing that the organization's most sensitive data is secure.

Lessons From the GitHub Cybersecurity Breach

TCP-based, DNS water-torture, and carpet-bombing attacks dominate the DDoS threat landscape, while Ireland, India, Taiwan, and Finland are battered by DDoS attacks resulting from the Russia/Ukraine war.

**WESTFORD, Mass.,** **September 27, 2022** — NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) today announced findings from its 1H2022 DDoS Threat Intelligence Report. The findings demonstrate how sophisticated cybercriminals have become at bypassing defenses with new DDoS attack vectors and successful methodologies.

"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead, NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications."

NETSCOUT's Active Level Threat Analysis System (ATLAS™) compiles DDoS attack statistics from most of the world's ISPs, large data centers, and government and enterprise networks. This data represents intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) analyzes and curates this data to provide unique insights in its biannual report. Key findings from the 1H2022 NETSCOUT DDoS Threat Intelligence Report include:

*   There were 6,019,888 global DDoS attacks in 1st half of 2022.
*   TCP-based flood attacks (SYN, ACK, RST) remain the most used attack vector, with approximately 46% of all attacks continuing a trend that started in early 2021.
*   DNS water-torture attacks accelerated into 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31% from 2H2021 to 1H2022.
*   The new TP240 PhoneHome reflection/amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4,293,967,296:1; swift actions eradicated the abusable nature of this service.
*   Malware botnet proliferation grew at an alarming rate, with 21,226 nodes tracked in the first quarter to 488,381 nodes in the second, resulting in more direct-path, application-layer attacks.

**Geopolitical Unrest Spawns Increased DDoS Attacks**

As Russian ground troops entered Ukraine in late February, there was a significant uptick in DDoS attacks targeting governmental departments, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms, as previously documented. However, the ripple effect resulting from the war had a dramatic impact on DDoS attacks in other countries including:

*   Ireland experienced a surge in attacks after providing service to Ukrainian organizations.
*   India experienced a measurable increase in DDoS attacks following its abstention from the UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
*   On the same day, Taiwan endured its single-highest number of DDoS attacks after making public statements supporting Ukraine, as with Belize.
*   Finland experienced a 258% increase in DDoS attacks year-over-year, coinciding with its announcement to apply for NATO membership.
*   Poland, Romania, Lithuania, and Norway were targeted by DDoS attacks linked to Killnet; a group of online attackers aligned with Russia.
*   While the frequency and severity of DDoS attacks in North America remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure.
*   Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period.

Similarly, as tensions between Taiwan, China, and Hong Kong escalated in 1H2022, DDoS attacks against Taiwan regularly occurred in concert with related public events.

**Unparalleled** **Intelligence**

No other vendor sees and knows more about DDoS attack activity and best practices in attack protection than NETSCOUT. In addition to publishing the DDoS Threat Intelligence Report, NETSCOUT also presents its highly curated real-time DDoS attack data on its Omnis Threat Horizon portal to give customers visibility into the global threat landscape and understand the impact on their organizations. This data also fuels NETSCOUT's ATLAS Intelligence Feed (AIF) which continuously arms NETSCOUT's Omnis and Arbor security portfolio. Together with AIF, the Omnis and Arbor products automatically detect and block threat activity for enterprises and service providers worldwide.

Visit our interactive website for more information on NETSCOUT's semi-annual DDoS Threat Intelligence Report. You can also find us on Facebook, LinkedIn, and Twitter for threat updates and the latest trends and insights.

**About NETSCOUT**

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) protects the connected world from cyberattacks and performance disruptions through advanced network detection and response and pervasive network visibility. Powered by our pioneering deep packet inspection at scale, we serve the world's largest enterprises, service providers, and public sector organizations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, Twitter, or Facebook.

Source

DARKReading