Tag Archive for: Digital Resilience

Key Insights from Black Hat 2023: RedSeal’s Perspective

Last week approximately 40,000 cybersecurity professionals, researchers, and experts, met in Las Vegas for the annual Black Hat conference to discuss the latest trends, emerging threats, and groundbreaking technologies in cybersecurity. The RedSeal team engaged in all the event had to offer and left with several key takeaways into the current state of cybersecurity and market transitions that are driving up cyber risk.

GenAI: Pioneering Technologies, Unveiling Novel Vulnerabilities

The advent of Artificial Intelligence (AI), particularly Generative AI, has ushered in a new era for organizations. Maria Markstedter, the founder of Azeria Labs—a prominent company specializing in ARM exploit development, reverse engineering, vulnerability research, and cybersecurity training—delivered an insightful keynote revolving around the emergence of AI. Confirming that while artificial intelligence and machine learning fuel innovation, they concurrently expose unprecedented security vulnerabilities. This dual nature of AI underscores the imperative for a proactive security approach.

On the heels of our experience at the Omdia Analyst Summit, Maria’s keynote fortified the belief in expanding strategies to deepen proactive measures. This entails educating teams, crafting new policies, deploying innovative cybersecurity technologies, and embracing a forward-thinking perspective. Central to this is the deployment of a robust cybersecurity solution, like RedSeal, to stop breaches by detecting vulnerable attack paths.

2023 White House Cybersecurity Strategy: A Path Forward Amid Challenges

The unveiling of the 2023 White House cybersecurity strategy heralded a new phase for national security initiatives. The prominence of the Cybersecurity and Infrastructure Security Agency (CISA) in this strategy symbolizes the government’s dedication to bolstering cyber defenses.

The introduction of a new rule mandating critical infrastructure entities to promptly report cyber-attacks within 72 hours, alongside ransom payments within 24 hours, holds immense potential for elevating incident response and coordination. The efficacy of this strategy hinges on seamless execution and adaptability in the face of the ever-evolving threat landscape and strives for collaboration across government and commercial accountability for establishing robust cyber defenses. Learn more about RedSeal’s position on the National Cyber Strategy here.

Bridging Silos: Navigating Cloud, OT/IoT, Data Center, and IT Convergence

As organizations embrace cloud migration, adopt IoT/OT devices, and integrate modern data center technologies, challenges arise—including the risks of lateral movement between these domains. Despite the ongoing convergence of these realms, numerous cybersecurity vendors remain entrenched within traditional infrastructure silos. Engaging discussions on enterprise applications and data during Black Hat highlighted the pressing need for product enhancements that streamline the incorporation of applications and data via ports and protocols information. “Attack Path Analysis” and “Security Graph” resonated within all security circles, underscoring the growing emphasis on mapping potential attack vectors, visualizing security postures and their impact within complex, hybrid environments.

Amidst these insights, RedSeal offered demos to hundreds of conference attendees. These demonstrations showcased how the RedSeal platform accurately uncovers potential lateral spread pathways across on-prem and cloud environments, enabling organizations to fortify their defense strategies comprehensively and address vulnerabilities proactively.

RedSeal also announced the unique support for third-party firewalls in public clouds, driven by experience that breaches stem from complexity. The automation of understanding third-party firewalls deployed in public clouds eliminates blind spots arising from distinct security consoles. With a unified view, the fragmentation of defenses is mitigated, preventing potential vulnerabilities. RedSeal’s integrated end-to-end perspective into cloud and on-prem environments calculate attack paths to critical data and applications, offering unparalleled insights to mitigate risk.

CISO Dialogues: Addressing the Cybersecurity Talent Gap

Engaging in conversations with Chief Information Security Officers (CISOs), we learned that while traditional IT security concerns and the rise of cloud and OT infrastructures remain top challenges, one concern consistently looms large – the scarcity of cybersecurity talent. As organizations grapple with a growing skills gap, CISOs are compelled to look outside the organization for resources to not only support team development but also have the people and tools required to confront evolving threats head-on.

Promisingly, solutions do exist. Organizations can bridge this gap by engaging with experts, allowing their teams to focus on core competencies. RedSeal’s recent case study, “Regional Health System Increases Network Visibility and Mitigates Cybersecurity Risk,” demonstrates the efficacy of engaging RedSeal’s Fully Managed Services (FMS) team to augment security teams to prioritize and focus on critical security issues, enabling the health network to redirect resources towards pivotal issues, deliverables, and patient care. Read more here.

Black Hat 2023 has our team exploring a myriad of insights into the present and future of cybersecurity challenges and opportunities. From the dynamics of cutting-edge technologies like GenAI to evolving governmental strategies and the indispensable need to bridge security gaps, the conference underscored the need for proactive approaches in securing our digital future with the right tools and the right teams. As we act on these key takeaways, RedSeal remains committed to driving innovation and empowering organizations with the most comprehensive, dynamic model of your hybrid network allowing you to navigate the dynamic cybersecurity landscape with confidence, trust and resilience. Get in touch to see how we can help you stay ahead in today’s fast-evolving digital environment.

Top 4 Cyber Challenges for Credit Unions

Credit unions continue to be the primary targets of cyberattacks like phishing, ransomware, and supply chain attacks. This is due to the highly confidential nature of the data they collect and store. If this data falls into the wrong hands, the outcome can negatively impact the institution’s reputation, as well as its legal and financial standing.

Cyberattacks aimed at credit unions come at a high cost. Financial loss can range from $190,000 for small credit unions to as high as $1.2 million for large credit unions.

As technology advances, so have the cyber threats targeting credit unions. The National Credit Union Administration (NCUA) has continuously encouraged credit unions to “strengthen their institution’s cyber vigilance and preparedness efforts” to protect themselves and their members.

Read on to learn how credit unions can mitigate cybersecurity risks. The key is to first understand the primary threats and then how to reduce their impact.

Cybersecurity Trends in the Finance Sector

Over the last decade, cybercriminals have found creative ways to target credit unions. Attacks have increased in volume and severity, with hacking and malware being deployed to cripple financial institutions. The first half of 2020 saw a 238 percent increase in cyberattacks targeting the finance sector.

Between March and June of 2020, ransomware attacks aimed at banks increased by 520 percent compared to the same period in 2019. A huge spike was also observed in 2021.

In June of this year, several credit unions in Canada discovered evidence of attempted access by unauthorized personnel. A 2020 survey by the National Credit Union Administration (NCUA) found that 46% of credit unions experienced a cybersecurity incident in the past year. Phishing attacks continue to be a major threat to credit unions, with the NCUA reporting that they accounted for over 50 percent of incidents in 2020.

According to a recent IBM report, the average cost of a data breach in 2022 was $4.35 million. The finance sector is a primary attack target, only second to healthcare organizations, with the average financial breach costing $5.97 million. Credit unions, as a result, are increasingly turning to technology to improve their cybersecurity posture.

Credit unions should also be aware of the risk employees or contractors with access to sensitive information pose to cybersecurity. They can potentially misconfigure servers, networks, and databases and become compromised by hackers. Combating this may involve implementing measures such as keeping an updated inventory of cloud resources, reviewing misconfiguration by identifying unintentionally exposed resources, and reviewing security policies.

With large amounts of money at risk, following cybersecurity best practices can help credit unions stay on top of cyber threats.

Common Cyber Challenges for Credit Unions

Credit unions and financial institutions face a wide range of cybersecurity dangers and challenges —  from hackers looking to exploit loopholes to sophisticated cyber warfare/cyber espionage maneuvers of advanced persistent threat (APT) actors.

Learning about the potential risk factors can help credit unions mitigate these risks.

Here are the most common cybersecurity challenges credit unions should be aware of.

Sophisticated Cyberattacks and Ransomware

A ransomware attack, which involves encrypting files and locking users out of their systems, happens every 11 seconds. Criminals then demand a ransom to release the data. Credit unions must have strategies in place to ensure their systems are protected from such attacks.

Ransomware attacks not only cause credit unions to lose large amounts of money in ransom payments and fines; they also erode consumer trust. In most cases, ransomware attacks happen because employees fall for phishing scams that trick them into downloading suspicious attachments, clicking malicious links, or launching sketchy .exe files.

By regularly assessing and analyzing your entire system, you’re better able to spot any new vulnerabilities and emerging threats. It’s also important to educate employees and customers about cybersecurity best practices so they are equipped to handle various types of cyberattacks.

Supply Chain Interruptions via Third-Party Vendors

Credit unions typically use third-party partners to offer better features and functionalities to their members. Cybercriminals take advantage by attacking less secure software vendors. These vendors then inadvertently deliver malicious code in the form of compromised products or updates, enabling cybercriminals to access the credit institution’s network.

To minimize this risk, credit unions should thoroughly vet vendors before entering into a business partnership with them. They should also scrutinize their security practices and perform regular system updates and maintenance to ensure their existing infrastructure performs optimally for the longest time possible.

Emerging Threats Associated with the Internet of Things (IoT)

Hacking techniques are continuously becoming more sophisticated. IoT adoption is increasing exponentially, and hardware assets connected to the internet such as cameras, printers, sensors, and scanners are becoming a major target of exploitation by cybercriminals.

With over 50 percent of all IoT devices susceptible to severe cyberattacks, credit unions should focus on investing in cybersecurity solutions that make it easier to identify all IoT devices connected to their network. This way, they can easily monitor IoT devices for any security issues and take action before the risks become harder to mitigate.

Shortage of Cybersecurity Skills

The demand for cybersecurity experts, especially among credit unions, is outpacing the supply of qualified professionals. According to the 2022 (ISC)2 Cybersecurity Workforce Study, even with an estimated 4.7 million professionals, there’s still a global shortage of 3.4 million workers in this field. This will affect smaller credit unions as they will find it difficult to hire expertise well-versed in various cloud technologies.

Technical skills such as secure software development, intrusion detection, and attack migration are by far the most valuable skills in this field. Security teams in the credit union space must look for innovative solutions to optimize productivity. This includes identifying security tools and technologies that are easy to use and deploy, providing more opportunities for external training, and identifying solutions that streamline cybersecurity processes.

How Credit Unions Can Strengthen Their Cybersecurity

To ensure your credit union has optimal protection against potential cyberattacks, RedSeal recommends a proactive approach by performing regular cybersecurity assessments to identify any loopholes in your system and also ensure proper defenses are in place. These include having an up-to-date inventory, identifying unintended exposures, and setting a security baseline to meet current and future compliance requirements. It’s also important to establish security protocols that follow industry guidelines and continuously apply security patches and updates to the system.

Working with a prioritized set of risks allows security teams to better allocate resources to areas where they’re needed most.

Want to know more about how you can mitigate cyberattacks in your credit union? Check out this white paper on digital resilience and ransomware protection strategies.

U.S. Not Ready for Online Voting, Stick to Mail-In Ballots

American democracy is resilient. From its rebuilding after our civil war to recovering from the Great Depression, America has been able to overcome the largest of obstacles. However, 2020 gives us unprecedented challenges that will test this resilience. Central to our country’s recovery from this pandemic will be ensuring the foundation of our democracy remains intact: free and fair elections.

Despite the current news cycle, our election system is very resilient because of our forefathers’ design. State and local governments distribute and implement elections individually, leading to different procedures and regulations within each jurisdiction, which creates independent – or segmented — operations.

In the cyber world, segmentation is central to digital resilience. A segmented network can help organizations minimize damage from some of the most advanced forms of cyberattacks by preventing them from overtaking the entire network. The independent orchestration of our elections is very similar. However, COVID-19 presents a conundrum: keeping people physically distant is profoundly challenging with in-person voting.

So, how do we combat this issue?

A few states are beginning to explore online voting to help citizens maintain social distance and ensure their franchise. The CARES Act even allows states to use some of the funds to pursue online voting systems. However, while online voting holds promise, there is simply not enough time to roll out a secure, vetted system before November’s elections. Plus we still haven’t repaired the issues that our 2016 elections revealed about the vulnerabilities of our existing online systems. America’s election process remains extremely vulnerable to cyberattacks. In fact, last December Valimail confirmed only 5% of the country’s largest voting counties are protected against email impersonation and phishing scams. Specifically, this vulnerability was found in Arizona, Florida, North Carolina, Pennsylvania, Michigan and Wisconsin, six key swing states in this upcoming election cycle. This vulnerability opens a door to bad actors that could allow voting data to be stolen, manipulated or deleted in 95 percent of the highest populated counties in the nation.

Luckily, we have a solution that’s already in place, accessible nationwide, resilient and in a sense, “un-hackable”: absentee voting by mail.

For decades, absentee ballots have been the bridge connecting those who are unable to make it to the polls on election day. Now, it can be the cornerstone for everyone. While filing for an absentee ballot can be an arduous process, states are now making it more accessible. For example, Michigan is automatically sending absentee ballot applications to every resident to both encourage social distancing and support democratic participation. This supports secure, offline elections with segmentation still in-play. Additionally, an overwhelming majority of Americans support expanding access to voting by mail. Recognizing that any change is difficult, 16 states delayed their primaries, which illustrates the urgency to act now so we can move onto the general election by November.

In these unprecedented times, we must support all efforts to ensure our elections remain fair, free and guaranteeing each citizen’s franchise. While we have the technology and the ideas necessary to move to completely online elections, that can and should only happen when it’s secure and tested accordingly. In these pressing times, there is no bandwidth to do so. However, the $2 trillion stimulus package  included $400 million for states to prevent, prepare and plan for COVID-19’s impact on the 2020 elections. This amount is a significant step in the right direction, but a full roll-out of voting by mail, let alone ensuring secure online voting would require a much larger investment. I urge lawmakers at both the state and federal level to embrace mail-in ballots. We need to ensure this year’s elections are available to every citizen, whether they are practicing social distancing or fully quarantined and without fear that exercising their franchise will expose them to a deadly illness. We can maintain the resiliency of our country and our elections and our health with mail-in ballot elections. We just need the will to do so.

Change Management Processes are Critical — From Nuclear Submarines to Your Network

How often have you made a network change that didn’t work the way you expected or even created a new issue? The list of configuration changes needed to build, maintain, and secure a network is daunting.  It’s all too easy to act without thoroughly thinking through and considering the impact on the whole network.  Initially it may appear as though quick action to make a small change would save time, but that can be a trap that leads to costly mistakes. Oftentimes changes have complex implications. The wrong change can result in in downtime and millions of dollars in lost productivity or revenue. No one wants to be that person.

Change management is the organizational process to ensure that we stop and consider the impact of change before acting. It’s used in many industries, including IT. Submarine commanders need change management in an environment just as complex as information technology but with more serious, life or death repercussions. In his book, Turn the Ship Around!¸ former submarine commander David Marquet describes “Deliberate Action,”  the process he used to create competency, reduce errors and improve resiliency. It required sailors to stop and think before making a change. Stopping, thinking, and then acting provides an opportunity to review and thoroughly think through the impact of an action.

Marquet got great results:

“Later, when Santa Fe earned the highest grade on our reactor operations inspection that anyone had seen, the senior inspector told me this: ‘Your guys made the same mistakes—no, your guys tried to make the same number of mistakes—as everyone else. But the mistakes never happened because of deliberate action. Either they were corrected by the operator himself or by a teammate.’

He was describing a resilient organization, one where error propagation is stopped.”

A nuclear submarine has highly engineered systems that are tightly coupled, all of which need to work for the whole system to operate properly. Errors can damage valuable and sensitive nuclear reactor equipment or even result in complete system failure and death of an entire crew.

Like a nuclear submarine, IT networks are highly engineered and tightly coupled and need resiliency to avoid catastrophe. Every interconnected system relies on others, as in nuclear submarines. And having a change management process to ensure that everyone stops and sufficiently thinks before acting is just as important. We need to avoid the temptation to bypass the change management process and execute a change quickly, thinking we’re “saving time.” Catastrophe can be lurking around the corner, and none of us wants to be responsible for a Code Red.

The RedSeal platform gives you the ability to quickly think through the impact of change prior to acting. It tells you what you have, how it’s connected, and where your risks are. RedSeal discovers the devices on your network and creates a digital network model of how everything is connected. The model can provide deep insights into the implications and impact of change. On the submarine, the requirement to stop and think not only gives sailors time to process using their own experience and knowledge, but also allows teammates with additional experience and knowledge to think and intervene before mistakes are made. RedSeal is a reliable teammate you can have by your side as you execute change management.  It knows how everything is interconnected and can better show you the impact of a proposed change.

 With RedSeal, you can engineer “Deliberate Action” into your change management. It may seem that stopping and thinking may take time and be expensive, especially during an incident, but errors can be significantly more damaging. RedSeal allows you to stop for shorter periods of time and avoid errors. By automating analysis steps and reducing complexity RedSeal helps you make your network more secure and resilient.

 

Marquet, David L., Turn the Ship Around! Penguin RH 2012. Pg 124

The new cybersecurity resilience

SC Magazine | May 1, 2020

Is your cybersecurity posture resilient enough to survive a pandemic? You’re about to find out.

The quick spread of COVID-19 has lent urgency to that mission and underscored the importance of building resilience. “Cyber, or digital resilience should be considered essential – like water, gas, and telephone/internet. Maintaining essential services that keep the lights on, keep people operating in their roles, and keep the digital world safe from attack is critical,” says RedSeal CEO Ray Rothrock, who penned the book Digital Resilience: Is Your Company Ready for the Next Cyber Threat?

Ray Rothrock: The Fortune Teller

Spirit Magazine, Texas A&M Foundation | Spring 2020

Ray Rothrock ’77 uses his proven penchant for predicting the future to bolster resilience against cyberattacks and advocate for a nuclear solution to the planet’s energy crisis.

Podcast: US Election Interference Happening Right Now, Virus Plans and more from RedSeal

The Top | April 8, 2020

Ray Rothrock joins Nathan Latka on the latest episode of “The Top.” Prior to RedSeal he was a general partner at Venrock, one of RedSeal’s founding investors. At Venrock he invested in 53 companies including over a dozen in cybersecurity including Vontu, PGP, P-Cube, Imperva, Cloudflare, CTERA, and Shape Security. He is on the board of Check Point Software Technology, Ltd. an original Venrock investment, and Team8, both Tel Aviv–based companies.

Best Practices for Cyber Resilience: Step One, Walk the Terrain

 

You’ve been asked to defend your organization from a myriad of threats: state sponsored attacks, cyber criminals, insiders. But where do you start?

Many years ago, as a young Marine lieutenant I learned that the first step to establishing a defense is to understand what you’re defending. You must know the terrain. Walk the terrain. Understand the key parts of the terrain and all avenues of approach. Then ask yourself how you would attack the same terrain. You must understand your own terrain better than the enemy.

In information security, we haven’t been given the luxury of understanding what we have — but we need to understand what we have to effectively defend it. Our networks were built to optimize for performance and availability, not for security. Understanding our cyber terrain has become a daunting task – but one fundamental to security.

Today, we rely on current inventory management technologies, but they provide just part of the picture. You get an overwhelming amount of detail and yet still struggle to understand how everything interconnects.

Ideally, you’d like to be able to understand what you have, how it’s all connected, and what’s at risk. Specifically, you’ll want to:

  • Visualize each of your sites and the connectivity between them.
  • Locate and identify devices missing from your inventory management and NCCM solutions.
  • Rationalize data from multiple data sources, including vulnerability scanners, CMDBs and EDRs.
  • Quickly determine where an attacker can traverse to in your network — from any point.

Most organizations begin by trying to get their endpoint or host inventory. This seems logical, since that’s where your applications and data are housed. But without an overall picture of how your network is configured, you have a collection of data points that don’t tell a full story.

The first step needs to be organizing your cyber terrain at the highest level. Identify your sites, then group your assets by site or facility. For example, assign devices to your Austin data center, Denver data center, branch offices, and AWS. Next determine the conductivity within and between these sites. This requires an inventory of networking devices and their configurations. You’ll end up with a model of your network devices, security groups and VPCs and quickly be able to get a picture all the connections and interconnections — intentional and unintentional — in your network. Inevitably, you’ll discover unknown network devices.

Then, with this framework in place, you can add your host information.

Cyberspace Solarium Commission Highlights the Importance of Digital Resilience

Morning Consult | March 17, 2020

By Ray Rothrock, RedSeal CEO

On March 11, the Cyberspace Solarium Commission released its long-awaited report, which provides more than 80 policy recommendations for “defending the United States in cyberspace against cyberattacks of significant consequences.” While the report is over 180 pages, Senator Angus King (I-Maine) said the report can be summed up in four words — define, develop, defend and deter. I would simplify this further, as these four words can be condensed into one concept: digital resilience.

How network modeling and cyber hygiene improve security odds for federal agencies

FedScoop | March 16, 2020

Agencies that have built network infrastructure over decades may not be doing enough to manage basic cyber-hygiene practices and stay ahead of modern threats, cautions a new report.

When out-of-date configuration rules lurk on networks, attackers essentially have a back door to walk into government systems. However, modern network modeling platforms, capable of integrating into existing infrastructure, can help agency IT departments identify and manage cyber risks and accelerate essential hygiene practices.