Cybercriminals are focusing now more than ever on servers and people.

Edward Gately, Senior News Editor

October 8, 2018

9 Min Read
Cybersecurity
Shutterstock

It’s National Cybersecurity Awareness Month, a time to take stock of the ever-evolving threat landscape and for organizations to examine their cybersecurity postures.

The recent attack on Facebook’s computer network that exposed the personal information of nearly 50 million users is just the latest reminder that cybercriminals are relentless and succeeding. This breach was announced just over a year after last September’s massive Equifax data breach in which attackers stole personal data on 143 million Americans, including names, Social Security and credit card numbers, birthdates and addresses.

Chet Wisniewski, Sophos‘ principal research scientist, tells us the message behind Cybersecurity Awareness Month differs between individuals and consumers.

Wisniewski-Chet_Sophos.jpg

Sophos’ Chet Wisniewski

“Towards consumers, the message has largely been the same for a long time, having backups and changing your passwords, and keeping your computers up to date,” he said. “But if you look at the business side, I would say that there is a bit more of an evolution every year. I think one of the challenges is most businesses are not focused on security. It’s something they have to do, not something they want to do. Security ends up in most businesses being driven by things being hacked or regulation forcing them to do something.”

Most businesses get a “little too focused” on just the regulatory obligations and they take their eye off the ball and aren’t necessarily staying up to date with what the criminals are doing, Wisniewski said.

“The good news is that usually when there’s a big shift in attack methodology that the criminals are using, there’s a lot of media attention,” he said. “So if you’re smart enough to be paying attention to … what those things are and you start getting yourself prepared for them, you’re probably in a better position and unlikely to be a first victim. But that requires that your staff pay a lot of attention.”

As for the threat landscape, cybercriminals are focusing now more than ever on servers and people, Wisniewski said. People “can’t be patched, and that’s why we see so many phishing emails bringing things like ransomware on the desktops now,” he said.

For the last 10 years, most businesses understood the biggest thing they could do to reduce their risk was to harden the endpoints with next-generation antivirus, more and quicker patching, and getting rid of unnecessary software.

“We actually did a pretty darn good job,” he said.

“What I think we’re not doing well is realizing that if we’re doing a better job and it makes it tougher for the criminals, the criminals are simply going to go where we’re not looking; they’re going to go to the next easiest thing,” Wisniewski said. “If they can’t break in through a browser on the desktop, then it’s natural for the criminals to start looking to places where we’re not securing as well.”

The servers that are being hacked, such as those hosting e-commerce platforms, are in somewhat of a “perpetual status of partial security,” and “while we’ve shortened the time to patch on desktops, we haven’t on the servers,” he said.

“There’s such a fear of breaking reliable process that we just leave them out there partially patched all the time, and we don’t have the same layers of security to detect incidents,” Wisniewski said. “So the server side is really something we’re trying to raise awareness on. For me, it’s trying to get the administrators to recognize that these machines need to have at least the same or more security than the desktop.”

This represents a “huge” opportunity for the channel, especially with disaster-recovery plans and …

… playbooks on what to do in an emergency, he said.

“That’s really reusable work so channel partners have a real services opportunity,” Wisniewski said. “Their tech people can sit down and work out some basic ways you’re going to respond to different types of incidents for their market, and then take that and reuse that template to help companies quickly establish that. And that’s a good opportunity for a lot of revenue. And then on the other side, it’s keeping their customers up to date with that threat landscape.”

Tips and Best Practices

For Cybersecurity Awareness Month, Ivanti announced its top tips and best practices to help raise awareness.

9a5cb4791bbf4a1eab14659f75f6d47b.jpg

Ivanti’s Chris Goettl

“As I always say, when it comes to cybersecurity, a healthy dose of paranoia goes a long way,” said Chris Goettl, Ivanti’s director of product management for security.

Ivanti said every employee should follow these tips:

  • Always use password best-practices. Every user should change passwords often and create unique ones with 13 or more characters using a combination of words, numbers, symbols and both upper-and lower-case letters. Never use a network username as a password or easily guessed terms such as “password” and avoid simple combinations such as “1234.”

  • Be cautious when using public Wi-Fi. When travelling or working at your local coffee house or even in a hotel room, always be aware that public Wi-Fi can be easily compromised. Proceed on public Wi-Fi as if someone is watching. Don’t make purchases or log in to sensitive accounts such as a bank account.

  • Regularly update all applications and operating systems.

  • Protect your money. Just like you wouldn’t leave your cash on the table in a crowded restaurant, you need to be careful where you use your debit and credit-card information. If the information falls into the wrong hands, it can result in credit-card fraud or identity theft.

  • Don’t click until you’re sure. Phishing is one of the most common ways cybercrime is committed, and anyone can be a target.

  • Back up your data. To ensure that your company data is protected, be sure that it is part of the company-managed backup and recovery process. Without proper backups, your data could be lost for good in the event of a cyberattack.

Belden, Claroty Partner for Deeper Industrial Networks Monitoring

Belden and its Tripwire brand have entered a strategic partnership with Claroty to provide integrated “top-floor to shop-floor” industrial cybersecurity offerings.

McBride-Patrick_Claroty.jpg

Claroty’s Patrick McBride

The first such solution, Tripwire Industrial Visibility, provides visibility, monitoring and threat mitigation across the complete IT and operational technology (OT) infrastructure. Belden is leveraging Claroty’s technology in the offering.

“For Claroty and its channel partners, this announcement is a ringing endorsement for our technology,” said Patrick McBride, Claroty’s chief marketing officer. “Belden/Tripwire is another example of a top-tier industrial automation and cybersecurity vendor that tested Claroty’s technology and chose to leverage our solution. We can’t think of better validation than to have the industrial control systems (ICS) cybersecurity experts at Belden/Tripwire follow other top-tier industrial automation vendors in choosing to partner with Claroty.”

The partnership between Belden and Claroty also seeks to extend …

… Tripwire’s automated asset discovery reach with visibility into industrial assets inclusive of their communication patterns, including, but not limited to, programmable logic controllers (PLCs), remote terminal units (RTUs) and distributed control systems (DCS). The companies’ combined technologies will provide visibility into and threat monitoring across IP and non-IP network segments within industrial control system (ICS) networks.

“By partnering with Claroty, we now enable visibility that’s both deeper, all the way down to level 0, and also broader,” said Kristen Poulos, Tripwire’s general manager of industrial cybersecurity. “Network traffic over the wire forms a complete picture. OT managers are equipped with maximum information and visibility to make decisions to support optimum safety, quality and productivity.”

New Cyber Attack Simulation Training Platform as a Service Available to Channel

Cyberbit and CloudRange Cyber have launched CloudRange’s Cyber Attack Simulation Training Platform as a Service (CASTaaS), the first cyber-range offering available through the IT channel in North America.

With the new service, cybersecurity technology manufacturers, MSSPs, VARs and technology distributors can offer their customers advanced, simulated cybersecurity training powered by the Cyberbit Range cyber simulation platform.

Debbie Gordon, CloudRange Cyber’s founder and CEO, tells us that before now, there have not been offerings for security operations center (SOC) analyst training using specific technologies.

“Most training has been configuration and administration-focused,” shew said. “With Cloud Range, companies can train their security teams on defending attacks in a simulated environment. The benefit for channel partners is that this offering overcomes one of the biggest buying objections in the industry today, which is the fact that it is very difficult to find candidates who will fill the roles required to use the new technologies. As a result, customers delay or abandon the purchasing process. This provides an immediate solution for channel partners to offer customers.”

CloudRange training can be conducted either remotely or at a customer’s site, and is administered by CloudRange instructors. Training courses will range from introductory to advanced, covering the most important security scenarios including incident response, forensics, industrial control system (ICS) attacks, as well as custom scenario capabilities.

“The ‘weakest link’ in cybersecurity today is the people,” Gordon said. “There is a severe shortage of skilled people, and an even greater shortage of experienced people. Most security analysts have never experienced a live attack, and Cloud Range can train people quickly and actually provide the experience by learning how to defend against cyberattacks in a hyper-simulated environment. By properly rehearsing the detection, response and remediation playbooks in a simulated environment, security teams dramatically improve their skill levels and are able to respond much faster and more effectively.

Netwrix Report: Insiders Cause More than Half of Data Breaches

A survey of 1,558 organizations of various sizes and from many different regions and industries showed most cybersecurity incidents were caused by insider mistakes rather than hacker attacks, as assumed by most respondents.

Netwrix conducted an in-depth study of the major IT risks that are significant for most organizations and assessed respondents’ readiness to …

… withstand cyberthreats.

“Our report illustrates that the foremost reason why the organizations fail to address major IT risks lies in a lax approach to security basics,” said Steve Dickson, Netwrix’s CEO. “They are giving priority to some controls and are leaving the most important ones out of scope. Haphazard approach to security basics and poor visibility into sensitive data gives IT pros a false sense of security; however, paying more attention to all security basics can help organizations manage IT risks with more success.”

Not all critical security controls are reviewed regularly as required by best practices. The most neglected controls include getting rid of stale and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20 percent and 14 percent of organizations, respectively.

Some 44 percent of respondents either do not know or are unsure of what their employees are doing with sensitive data. Nonetheless, more than 60 percent of respondents think their level of visibility is high enough, which lulls them into a false sense of security.

Only 17 percent of organizations have an actionable incident response plan, while 42 percent have only a draft or no plan at all, according to the report.

Read more about:

Agents

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like