Claroty: VPN Vulnerabilities Endanger OT Networks

… following a risk management framework like NIST 800-53, as it is most applicable to every organization and data type,” he said. “Additionally, database security controls, such as auditing all access to sensitive data and alerting on excessive data access are critical controls to identifying these attacks in real time. Finally, even with these active controls in place, a common source of data breaches can be through offline backups or replicas used for development and testing. Applying these controls according to data sensitivity ensures adequate protection measures are taken into account even when working with non-production environments.”

The biggest lesson for organizations, and the MSSPs and cybersecurity providers that support them is that a comprehensive information security strategy is mandatory when organizations deal with sensitive data, Klimek said.

“For small businesses and startups looking to collect this information, they must adequately prepare to budget for the controls and personnel required to protect this information before they make the business decision to collect the information,” he said. “It is all too often that organizations discover this reality after the fact. The cost of a data breach greatly exceeds the cost of developing and implementing a comprehensive information security program.”

Saryu Nayyar is CEO of Gurucul, which provides unified security and risk analytics.

Gurucul’s Saryu Nayyar

“The reported Drizly data breach is interesting for what it shows about attacker dwell time, the time between an initial breach and the victim noticing it,” she said. “The stolen data has been available on the dark web since mid-February. But Drizly only identified the breach on July 13 and reported it to customers on July 28. That is a two-week delay between identifying the breach and informing affected customers. More importantly, indications are the [hacker] had access to Drizly’s systems for six months, at least, before they were identified.”

Dwell time has been going down for the last several years, Nayyar said. But this shows it’s still far too high, she said.

“Tools exist that can reduce dwell time substantially. But organizations need to be proactive about adding them to their security suites,” she said.

NetEnrich Attack Surface Intelligence

NetEnrich, a resolution intelligence company, has unveiled an integrated threat and attack surface intelligence offering. It helps enterprises reduce their digital brand exposure while overcoming skills gaps.

Knowledge Now (KNOW) is a free global threat intelligence tool. It combines with Attack Surface Intelligence (ASI) to deliver context for faster response to known and emerging cyber threats.

KNOW and ASI address the growing risk and alert fatigue that IT and SecOps professionals face on a daily basis, NetEnrich said.

ASI lets security teams continuously see what adversaries see as they target the brand online and via their shadow IT. KNOW lets defenders learn about, search and gain context into malicious activity up to 15 times faster.

NetEnrich’s Justin Crotty

Justin Crotty is NetEnrich’s senior vice president of channels.

“Many MSPs are looking to build out their cybersecurity practices, but they face the same challenges as enterprises, like trying to scale their infrastructure while having to spend countless cycles chasing alerts and staying up on the latest attacks,” he said. “Any new intelligence to help prevent customer issues and reduce Tier 2 analyst cycles is a huge advantage, especially now. Integrating threat and attack surface intelligence and combining that [with] an established security operations center (SOC) as a service from one company can deliver exponentially faster resolutions while giving customers peace of mind.”