Setting priorities for internal security measures and outsourcing complex practices help protect small and midsize businesses.

Due to their limited security budgets and high dependence on unmanaged IT systems, small businesses are often left vulnerable and frequently targeted by cybercriminals. While large enterprises can usually recover from an attack, many small businesses are forced to shut down if they cannot afford to pay ransoms or restore the function of their network systems. These ransomware attacks can leave behind millions in damages. However, to keep your small to midsize business (SMB) as unscathed as possible in the face of an attack, it becomes imperative to understand internal vulnerabilities and how to strengthen your organization's cybersecurity posture from the top down.

One of the reasons SMBs have seen an uptick in ransomware attacks is the sheer ease with which criminals can successfully penetrate their defenses. Threat actors don't need to employ expensive and highly technical gangs to assist in a breach. Instead, they simply infiltrate internal networks through the use of software with artificial intelligence and machine learning. Once in, they can seize data, open backdoors for future exploitation, and freeze entire IT systems.

Additionally, SMBs are part of a far bigger picture. SMBs are often key members of larger companies' supply chains, and the revenue from these relationships with large companies is essential to their well-being. Those larger companies are imposing strict rules or policies on the security posture of their smaller counterparts to protect themselves against vulnerabilities in their supply chains. SMBs that are slow to adapt to this demand may start losing business whether or not they actually get hacked. And if they do get hacked, the larger companies are more likely than ever to discontinue the business relationships.

Establishing a well-thought-out disaster recovery plan that allows for routine and proper testing is essential to protecting the operation of the organization. A holistic approach to cyber infrastructure management enables an organization to properly deploy effective protections. Here are three steps to begin implementing those protections.

**1\. Keep Evolving Your Risk Management**

Insufficient security measures not only escalate the risk of attack, but they escalate the risk of significant compliance violations as well. Risk is constantly evolving, and managing that risk is an essential part of every cybersecurity program and critical to business resilience. But it is often overlooked and not well executed. Frequently, SMBs run outdated software that all but invites attackers to target well-known vulnerabilities. Fortunately, the ability to share intel has vastly improved the ability to continuously seek out indicators of compromise, allowing IT teams to quickly mitigate sophisticated actors before they can bring harm to the company.

**2\. Establish Continuous Vulnerability Monitoring**

The most effective approach to recognizing vulnerabilities is a monitoring system that detects attacks as quickly as possible, with swift remediation tactics in place. Security monitoring generally refers to the process of analyzing several logs or network devices (firewalls, servers, switches, etc.) for potential security incidents.

Most often, a security incident and event management (SIEM) system is used to aggregate, consolidate, and normalize that data. Advanced behavioral analytics augment the SIEM alerts and provide a comprehensive view of the customer landscape. Within this system, suspicious activity can be identified and quickly brought to IT personnel's attention to determine if it represents a true threat. SMBs can outsource this function to receive access to enterprise-grade security technology and expertise they otherwise might not have been able to attract, afford, or retain. Continuous monitoring means threats can often be mitigated ahead of time, and vulnerabilities can be quickly patched around the clock.

**3\. Select Appropriate Security Vendors**

Most SMBs lack the technical expertise to properly evaluate a security solution/provider. If this is the case with your organization, consider engaging a third-party managed security provider to assist in the evaluation. Selecting a security solution/partner should be a well-thought-out decision that is focused on results. You must ask yourself whether the provider protects your business from as many angles as possible. What specific tools is this partner going to use? And how are they keeping up with the continued advancements that bad actors are using to gain access to your data?

Security vendors should be able to ingest data from several sources, including firewalls, endpoints, virtual private networks, flow data, DNS, DHCP, intrusion detection and prevention systems, and cloud log data. There should be a wide range of analytics using various methodologies, such as statistical models that look for advanced beaconing and domain beaconing. Applied math helps to identify account enumeration, cohort anomalies, data loss, pattern matching, dispersion analysis, and statistical variance. Machine learning can also be used to check bidirectionally long term and short term using probability, Arima modeling, and neural networks to look for long and slow activity. These analytic processes continuously learn from the data they ingest and become more powerful over time.

Staying on top of security can create the resilience to defend against damaging attacks that could force shutdowns or create large disruptions in business. By crafting a strong defense against an aggressive threat landscape, businesses can remain both compliant with legal and contractual requirements and resilient to real-world threats.

3 Steps Small Businesses Can Take to Prevent Cyberattacks

Cybersecurity and telecom providers from around the world can now test their technologies and use cases in OneLayer's digital twin private network environment.

**TEL AVIV, Israel, Oct. 27, 2022 /PRNewswire/ —** OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today the launch of one of the world's first 5G private network security labs. The lab, which will be open to the public for research purposes, acts as a digital twin to simulate specific threat scenarios posed to an enterprise network. The data collected during these simulations will help companies find the best security solutions for each organization and its needs.

Private cellular networks provide organizations with improved connectivity and increased reliability, a dedicated bandwidth with capacity and range, no lag time, and connectivity of IoT and OT devices across vast areas. As organizations increasingly adopt private networks, they must also address securing such networks, so the same standard of security applied to enterprise IP networks is addressed in the cellular domain.

The OneLayer 5G Security Lab provides a simulated environment for cyber and telecom companies to examine diverse security challenges and solutions in this domain. Using core equipment from Nokia, Druid, and Airspan, the lab can create private networks based on different types of cores, end units, and IoT devices to model different types of cyberattacks and the solutions to defend against them.

"The goal of this security lab is to provide the opportunity to test private networks and security use cases to improve the understanding of connected IoT and OT devices for continued R&D of OneLayer's private cellular security platform," said Liron Ben-Horin, VP of Systems Engineering at OneLayer. "We intend to collect and analyze data in order to profile devices and segment networks appropriately. We want to share our tools and capabilities with the private network ecosystem to foster industry collaboration. As such, we welcome any company that is researching or testing LTE/5G devices to join us on this journey at our Tel Aviv-based security lab."

"OTORIO and OneLayer have joined forces in order to leverage OneLayer's 5G Security Lab to test the integrations with various technologies and telecom systems," said Matan Dobrushin, VP Research at OTORIO. "We are excited for our mutual research collaboration to ensure the usability, efficiency and safety of OTORIO's solutions in hybrid networks."

"We are excited for the opportunity to leverage OneLayer's Security Lab and to work together to improve the cybersecurity of 5G core network devices," said Sharon Brizinov, Director of Security Research at Claroty's Team82. "The collaborations coming out of the security lab will benefit enterprise security overall as we explore the ever-growing attack surface of the Extended Internet of Things (XIoT) and these devices' connectivity within cellular networks."

"Armis recognizes the growing risk raised by private cellular networks," said Barak Hadad, Head of Research at Armis. "Together with OneLayer, we can help defenders gain full visibility to their core networks and their connected devices."

"I'm excited to see a Tel Aviv-based startup, OneLayer, investing in a unique 5G devices lab. These types of activities enable the Israeli ecosystem and cybersecurity market to ensure we are ahead of the bad guys as the network continues to evolve," said Eli Fainberg, VP Product at Forescout.

**About OneLayer**

OneLayer provides enterprise-grade security for private LTE/5G networks. Its platform and IoT security toolkit can be implemented in private cellular networks to provide better visibility, control and protection for organizations. The company was founded by world-class cybersecurity experts with a deep understanding of both cellular protocols and IoT security needs and veterans from the IDF's 8200 and 81 intelligence units. OneLayer is backed by industry-leading advisors and has partnered with experts both in the cybersecurity domain as well as the telecom industry. To learn more about OneLayer please visit https://one-layer.com/ or LinkedIn.

OneLayer Opens 5G Security Lab for Network Security Companies to Research Threats to Private Cellular Networks

The healthcare sector is twice as likely to face data breach consequences as any other industry surveyed.

**FRISCO, Texas, Oct. 27, 2022 /PRNewswire/ —** Netwrix, a cybersecurity vendor that makes data security easy, today announced additional findings for the healthcare sector from its global 2022 Cloud Security Report.

61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. Phishing was the most common type of attack reported.

"The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions," comments Dirk Schrader, VP of Security Research at Netwrix. "Plus, the high value of data gives cyber criminals better opportunities at financial gain: They can either sell stolen sensitive medical information on the dark web or extort a ransom for 'unfreezing' the medical systems used to keep patients alive."

An attack in the healthcare sector is more likely to result in financial consequences. 32% of respondents from other industries report that an attack had no impact on their business, while only 14% of healthcare organizations say the same. Unplanned expenses to cover security gaps and compliance fines are the most common types of damage that the healthcare sector faces due to a cyberattack.

"Healthcare organizations plan to increase the share of their workload in the cloud from 38% to 54% by the end of 2023. Fast cloud adoption should be accompanied by relevant security measures and special attention to internet-of-things (IoT) devices and systems; for example, compromise of respirators or IV infusion devices can lead to physical harm to patients," adds Schrader. "Network segmentation will help prevent one compromised device from impacting the entire system. IT teams must also strictly limit who — humans and machines — can access what data and systems according to the least-privilege principle, and regularly review and right-size those access rights."

**About Netwrix**

Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

Netwrix Study: 86% of Cloud Attacks in the Healthcare Sector Result in Financial Losses or Other Damage

Survey points to gaps in understanding of what's driving higher costs and limiting access to cyber insurance coverage — and what businesses can do about it.

**SCHAUMBURG, Ill., Oct. 26, 2022 /PRNewswire/ —** Good news for cybersecurity: More risk managers have purchased cyber insurance to help protect their businesses and customers from the potentially disastrous consequences of breaches and hacks. The bad news: Increasing premiums and restrictions for cyber coverage over the past year have created frustration for some business leaders.

This is the mixed picture emerging from the just-released 12th annual Information Security and Cyber Risk Management study from Zurich North America and Advisen Ltd., a Zywave Company. The 2022 study indicates that 86% of respondents now have cyber insurance, up three percentage points from 2021 and the highest percentage in the history of the survey. About 83% of respondents say they've taken steps to assess their cyber risk, and 69% have invested in cybersecurity solutions to mitigate risk.

Such findings suggest that CEOs, CIOs and risk managers increasingly grasp the threat that cyberattacks pose to their businesses, customers and the economy. But comments in the survey also reveal gaps in understanding of the drivers of insurance rates and restrictions and the role that risk mitigation actions play in the ability to access coverage at an affordable price.

"Our latest survey shows that many respondents recognize cyber threats and claims have increased in frequency and severity, but some business leaders struggle with the extent of the impact on insurance costs, policy terms and risk selection," said Michelle Chia, Head of Professional Liability and Cyber at Zurich North America. "What's clear is that cyber resilience is critical to business resilience. Carriers, distributors, risk managers, IT professionals, governments and employees everywhere need to work together to strengthen cyber resilience in this fast-evolving risk landscape."

Other highlights from the survey:

*   54% of respondents who experienced a claim reported it to their cyber insurance carrier. More than 70% recouped costs from their cyber insurance carrier, while a portion of claims are still in process.
*   52% have increased their organization's oversight of IT vendor management in response to geopolitical conflict concerns.
*   52% of respondents agreed that their cyber insurance meets their expectations and provides value, and 61% said their coverage meets some but not all organizational needs.
*   Over 93% of respondents said they expect Data Breach and Cyber Extortion/Ransomware coverage to be included in cyber insurance policies, followed by Data Restoration (87%) and Business Interruption (75%).
*   81% of respondents reported having cyber incident response plans in place, but less than 60% test these plans regularly.
*   62% of respondents cited "Enhance Employee Training" as one of their top cybersecurity priorities over the next year.

"While there's more to be done, it's encouraging to see organizations taking steps to shore up their cyber resilience," Chia said. "Insights from this survey present the opportunity for insurance carriers and brokers to provide continuing education on the shifting cyber risk environment and mitigation techniques. Those responsible for managing cyber risk can refer to this survey's insights to help gain organizational support for additional investments to enhance cyber resilience and access to insurance coverage."

The survey was completed at least in part by 353 risk managers, insurance buyers and other risk professionals. The majority classified themselves as either a chief risk manager or the head of a risk management department (28 percent); a different member of a risk management department (25 percent); a chief information security officer or chief privacy officer (5 percent); or other executive, such as a CIO, CFO or CEO (20 percent).

The full Information Security and Cyber Risk Management survey report is here.

**About Zurich North America**

Zurich North America is one of the largest providers of insurance solutions and services to businesses and individuals. Our customers represent industries ranging from agriculture to technology. Zurich North America is part of Zurich Insurance Group, a leading multi-line insurer serving people and businesses in more than 210 countries and territories. Founded 150 years ago, Zurich is transforming insurance. In addition to providing insurance protection, Zurich is increasingly offering prevention services such as those that promote wellbeing and enhance climate resilience.

Reflecting its purpose to "create a brighter future together," Zurich aspires to be one of the most responsible and impactful businesses in the world. It is targeting net-zero emissions by 2050 and has the highest-possible ESG rating from MSCI. In 2020, Zurich launched the Zurich Forest project to support reforestation and biodiversity restoration in Brazil.

The Group has about 56,000 employees and is headquartered in Zurich, Switzerland. Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.

2022 Advisen-Zurich Survey Illuminates Growing Cybersecurity Concerns

Leaning on social media to amplify your company's brand? Here's a look at the emerging cybersecurity risks that can arise from TikTok, LinkedIn, Twitter, and other platforms.

7 Hidden Social Media Cyber-Risks for Enterprises

Chrome's Stable Channel 107 rollout includes security fixes from a slew of independent researchers, racking up nearly $60,000 in bounties.

Google Chrome's rollout of its latest browser update includes 14 individual security fixes — three high-severity — found by independent researchers who earned bug bounty payouts totaling more than $57,000. 

There is still one high-severity bug with a payout amount listed as "TBD," meaning the final collective tally could top $60,000. 

The latest update, Chrome 107 for Windows, Mac, and Linux, will roll out over the coming days, Google announced, along with the new version's security improvements. 

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the Chrome team said about the update's release. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Chrome Pays $57K (and Counting) in Bug Bounties for Latest Update

Developers will be able to scan for vulnerabilities in source code, containers, dependencies, and applications in production.

GitLab has announced a number of new security and compliance features and enhancements to its platform that are intended to help organizations secure the software supply chain.

The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, GitLab says.

The increased focus on governance will help organizations identify risks by providing them with visibility into their projects and the dependencies in use, security findings, and user activities, GitLab says. The platform will be able to track changes and implement controls to define what goes into production, helping organizations ensure that they are adhering to license compliance and regulatory frameworks.

The new enhancements are designed to provide developers with tools to proactively scan for vulnerabilities and implement controls to secure applications. Developers also have access to actionable and relevant secure coding guidance within the GitLab platform.

"With the recent addition of GraphQL schema support in 15.4, these API security scans help secure applications with minimal configuration compared to prior releases," GitLab says. "Additional application security scanners include static application security testing, secret detection, container scanning, dependency scanning, infrastructure-as-code scanning, and coverage-guided fuzz testing."

GitLab promises upcoming features, such as a mechanism to parse and ingest existing software bill of materials data from third parties to create a comprehensive software bill of materials for the project, as well as the ability to cryptographically sign both the build artifact and attestation file to prove builds have not been altered. Another upcoming feature will allow GitLab administrators and group owners to create new customized roles with granular permissions to help security teams align role-based access control with the organization's policies.

The security of the software supply chain is increasingly top of mind for security professionals. For 70% of all respondents in Dark Reading's "State of Supply Chain Threats" survey in August, supply chain security was among the top five security priorities. In the same vein, GitLab's "2022 Global DevSecOps Survey," released earlier this year, found security was the highest budget priority for organizations.

GitLab Adds Governance, Software Supply Chain Enhancements

The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.

Ransomware gangs are hitting the industrial sector hard — and especially manufacturing companies, with significant spikes in cyberattack activity against US organizations spotted in the third quarter. Meanwhile, emerging ransomware groups are bursting onto the scene, threatening to push the rate of attacks up even higher.

According to a Dragos Q3 analysis of ransomware attacks on industrial organizations, 36% of the recorded cases globally hit North America (46 incidents). This is a significant 10% increase over last quarter, when a quarter of cases affected the region.

However, the analysis also found that the rate of attacks globally remained flat quarter over quarter — 128 incidents for Q3 vs. 125 in Q2.

The majority (68%) of observed incidents were aimed at the manufacturing sector. Out of the confirmed attacks (i.e., those publicly reported, seen in the firm's telemetry, or confirmed on the Dark Web), 88 were against that segment, especially those producing metal products (12 attacks).

Stephen Banda, senior manager of security solutions at Lookout, noted that the manufacturing sector, like everyone else, is moving to the cloud; digitizing manufacturing, inventory tracking, operations, and maintenance increases agility and efficiency, with less production downtime and a greater nimbleness. But it also opens up new attack surfaces.

"To remain competitive, manufacturers are investing in intellectual property and new technologies like digital twins," he tells Dark Reading. "In short, manufacturers are transforming the way they produce and deliver goods - moving toward industrial automation and the flexible factory. This transformation, known as Industry 4.0, puts pressure on mobile devices and cloud solutions."

Yet for most manufacturers, security solutions still remain on-premises, he adds.

"This creates efficacy and scalability challenges when tasked with protecting productivity solutions that have moved to the cloud," he notes. "Security therefore must also move to the cloud to adequately safeguard manufacturing operations."

As for other industrial segments, 9% of attacks targeted the food and beverage sector (12 incidents), followed by oil and natural gas (6%, or eight incidents) and the energy and pharmaceuticals sectors (collectively making up 10% of attacks, with seven and six incidents respectively). The chemical, mining, engineering, and water and wastewater systems segments had just one attack each.  

**Different Threat Actors Target Different Industrial Segments**

In terms of the actors on the industrial stage, the LockBit gang was behind more than a third of all global incidents (35%), while some other known names focused on the energy sector (Ragnar Locker and BlackCat/AlphaV, notably). But the quarter also saw the rise of some emerging actors, like Sparta Blog, BianLian, Donuts, Onyx, and the slow-burning Yanluowang.

In all cases, various groups seemed to have specialties, Dragos noted, including:

*   Ragnar Locker has been targeting mainly energy.
*   Cl0p Leaks has been targeting only water and wastewater.
*   Karakurt has targeted only manufacturing in Q3, while in Q2, it only targeted transportation entities.
*   LockBit 3.0 is the only group that targeted chemicals, drilling, industrial supplies, and interior design.
*   Stormous has only targeted Vietnam.
*   Lorenz has only targeted the United States.
*   Sparta Blog has only targeted Spain.
*   Black Basta and Hive mainly targeted the transportation sector.

Bud Broomhead, CEO at Viakoo, noted that specific ransomware strains targeting specific industries should galvanize intelligence sharing.

"This should spur more industry-level coordination to protect against those threats, specifically between companies that otherwise would compete in the marketplace," he says. "Rather than every organization individually mounting defenses, industry-wide responses are needed (put another way, cybercriminals are attacking an industry which requires industry-level responses). Threat actors don’t exist in silos, so why should the response to them be siloed?"

That coordination could be vitally important, given that going forward, Dragos researchers warned that more new ransomware groups will appear in the next quarter, as either new or reformed ones, due to the changes in ransomware groups and the leaking of the LockBit 3.0 builder — all of which could lead to greater attack volumes.

"\[We have\] high confidence that ransomware will continue to disrupt industrial operations, whether through the integration of \[operational technology\] OT kill processes into ransomware strains, flattened networks allowing for ransomware to spread into OT environments, or through precautionary shutdowns of OT environments by operators to prevent ransomware from spreading to OT systems," Dragos researchers said in the Wednesday report.

Broomhead noted that ramped up attacks are likely being driven by twin engines, including the Russia-Ukraine conflict.

"The rise in ransomware attacks against industrial organizations who rely on OT systems is likely coming from threat actors viewing such organizations as easier victims because OT systems and devices are much more vulnerable than traditional IT systems," he says. "While there may be a rise in targeting industrial organizations because of the conflict in Ukraine, those organizations have been targeted for a long time by several foreign adversaries, therefore this increase is a combination of industrial OT systems being easier to exploit and increased activity due to Ukraine."

Ransomware Gangs Ramp Up Industrial Attacks in US

When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains why store owners and security managers need to also protect their physical locations from the cyber threat, too, however.

_This article was written by Dakota Murphey._

Figures from SonicWall's Biannual Report revealed that e-commerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers' minds.

However, for those retailers that have a physical store as well as an online presence, there might be an assumption that the cybersecurity in-store doesn't need to be considered as a top priority. Well, doing so could be a big mistake.

In this article, we take a look at why retail stores are more vulnerable to cybercrime than ever before.  

**Security Is Weaker**

There can be no doubt that one of the major issues around security in-store is the issue of complacency. It is assumed that physical stores themselves are unlikely to be targeted by cybercriminals — surely it is more likely that they will put their resources into using hacking or phishing? 

In reality, cybercriminals are always looking for ways to maximize their time — they want quick wins. Increasingly, as retail stores are less well protected they are being seen as an easy way into the computer system of a company. Perhaps the lesson that needs to be learned here is that you should never assume that you won't or can't be attacked.

Cybercriminals are far more sophisticated than they've ever been. If there are gaps in security, they can identify and tap into them. Retailers, for instance, need to balance consumers' privacy and data protection with their own tight security measures that protect their internal IT systems and physical stores. Failure to install security effectively and comply can result in firms facing fines for breaches in privacy laws under stringent CCTV regulations and GDPR guidelines.

**Stores and Websites Are Intrinsically Linked**

You might think that there is a divide inside your business: your physical store and your online store. However, it is generally the case that your physical premises are linked to your digital system just as much as an office might be. Do you log in to your system at work? Do you track customers' details using an IT system? 

For the majority of businesses, the physical store is actually just as dependent on your IT system as the site online. This presents a potential problem. If your physical retail store can potentially allow access to your whole IT system, cybercriminals can use nefarious methods in your physical premises. 

**The Rise of the Internet of Things**

Physical stores are increasingly reliant on Internet of Things devices — that being any device that is connected to the Internet. This might include stock checkers, smart shelves, predictive maintenance equipment and much more. 

Physical security devices such as CCTV, video surveillance, and alarm systems are often connected to the Internet and can also be a vulnerability for targeted cyberattacks. The wider use of video surveillance technology and other types of physical devices extends to more than pure crime detection. They have intelligent capabilities that can be applied to monitor crowds, secure physical sites, and support building management platforms. 

Although such integrated systems do a good job in providing smart data to support security firms and facilities managers managing retail sites, any data, files and surveillance videos can be vulnerable to cyberattacks. 

Whether stored or managed on cloud-based applications or as on-premise solutions, such physical security devices that protect retail stores also open up another potential entry point to your IT system that criminals can exploit. And, if CCTV, video surveillance and alarm systems are not managed properly, they can be a major problem.

**The Invasion of Shadow IT**

Shadow IT is the use of any kind of software or applications that aren't approved by the IT team. This is becoming a big problem, especially in stores where staff make use of personal devices as a part of their role. 

"The popularity of shadow IT is partly due to its perceived benefits," says George Glass, head of threat intelligence at cybersecurity specialists Redscan, "these include the ability to take initiative in setting up and using technology and the freedom to adopt systems and software more quickly in order to reduce workload. However, these apparent benefits come at a significant cost."

The issue arises when this shadow IT is not checked for vulnerabilities or is not kept up to date because it is not known by the IT team. These vulnerabilities and flaws can present a potential opening for cybercriminals. 

**Prioritizing Speed of Service Over Security**

It is naturally the case that many businesses in retail want to prioritise fast and effective customer service. Unfortunately, this can ultimately result in good security practices being overlooked in favour of getting on with tasks. For example, if a customer comes in requesting a password reset on their account, there may be some pressure to simply go ahead with this rather than following the correct procedure. 

Retail stores need to understand the interconnected nature of cybercriminals and in-person crime. With the rise in cashless retail and a surge in online sales (that has witnessed an unprecedented rise in recent years), retailers' IT security has had to keep in step and reposition itself with the evolution of consumers' buying habits. This increased awareness, however, has been reinforced by the UK Government's measures to support security technology within the retail industry. 

While retail stores are more vulnerable than ever to cybercrime, there is much that businesses can do to mitigate risk. Perhaps the most important factor is providing staff training to ensure that everyone understands their role in preventing cybercrime. 

_Dakota Murphey_ _is a freelance tech writer._

_**This story first appeared on**_ _**IFSEC Global**__**, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.**_

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.

Open source software is deeply embedded in enterprises today: from the Linux kernel to data center infrastructure, and from databases to application servers and front ends. The importance of securing the supply chain has become front and center in the industry, with the US government's involvement and the formation of industry bodies such as OpenSSF to work on solutions.

We know that we must secure the open source software we use — it's also important that open source be an integral part of the solutions that we create. Proprietary solutions alone are not enough to counter the threat to the ever-expanding areas of vulnerability. To properly secure our software dependencies in depth, solutions must interoperate tightly with key open source infrastructure such as the Linux kernel and Kubernetes.

Through our experience with creating the Falco runtime threat detection tool, and contributing it as open source to the Cloud Native Computing Foundation (CNCF), we've learned valuable lessons about how important it is to provide open source solutions for security.

**1\. Collaborative development goes broad and deep.**

Security is a never-ending battle against expanding attacks and attack surfaces. Through collaboration, we are able to bring together more expertise, apply more scrutiny, and cover a broader range of use cases than through proprietary development. Nobody can be an expert on everything, but many people can come together to contribute their singular deep expertise into an open source project.

While Falco's core competency specializes in monitoring Linux syscalls, the team strategically added a plug-in interface. Through this, other infrastructure can be secured, from Kubernetes admission controllers to cloud services such as AWS CloudTrail or Okta. The open nature of the project means that experts in particular platforms — whether open or proprietary — can contribute their know-how and help the entire user base. Proprietary approaches can't reach this same level of scale.

Moreover, you don't need to ask anyone's permission to extend open source to cover a new service or platform: If what you need isn't there, and you're able to contribute, you can ensure that your needs will be covered in the future.

**2\. Standards-based development promotes choice.**

When open source software is part of a multivendor body such as the CNCF and in widespread use, adopters can reasonably view it as being a _de facto_ standard. Using open source standards provides an interoperable framework in which an ecosystem of tools, support, and training exist. As a user, you always have the freedom to control your own solution by directly using the open source, or choosing commercial tools that interoperate.

Drawing from Falco as an example, multiple vendors such as Sysdig, Red Hat, and Sumo Logic have built their own solutions based on the codebase. At their core, they are aligned on the protocols that Falco uses for event capture, meaning users get choice, a richer ecosystem of tools that use the standards, and future optionality.

**3\. Open source is transparent.**

Open source gives you the full visibility to examine exactly how a piece of software works. This transparency brings a double benefit.

First, if you're trusting every node in your systems with a tool, you want assurance about its security. Even if you're not auditing the code yourself, you benefit from many contributors with the resources to find and fix vulnerabilities. For software that has achieved widespread adoption, these contributors likely include cloud-scale operators with deep expertise.

Second, open source brings you insight and possibly influence on the direction of the software. You can become a contributor and influence technical direction, or allocate funding towards supporting its sustained development. When that software lives inside an industry foundation, you may benefit from established standards in governance, auditing, and sustainability.

**4\. Modern platforms are built on open source.**

To provide the assurance users need, security should be considered as an integral factor of any platform, not an optional extra. Open source is the engine room of the modern software stack, and therefore security solutions must also reach into the open source foundations. The cloud-native era has driven new approaches to operations and architecture, and security is no exception. Following the desire to "shift left" and incorporate security earlier in the software development life cycle, the same benefits apply to doing that with the open source foundations that run our enterprise platforms.

**Conclusion**

Open source is the only approach with the agility and broad reach to set up the conditions to meet modern security concerns. Users depending on massive open source infrastructure — the basis of today's clouds — should be careful of any security solution that does not acknowledge and leverage open source itself.

When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.

**About the Author**

    

Edd Wilder-James' career spans open standards, open source, and data analytics, in roles covering technology, content, business, and strategy. At Sysdig, his team is committed to growing Falco as the standard for runtime threat detection. Previously, Edd led teams working on open source programs at Google, working with TensorFlow, Kubeflow, Go, and Kubernetes. He has over two decades in the open source world, chairing OSCON for six years, and is a former Debian and GNOME contributor.

Source

DARKReading