White House rolls out zero trust strategy for federal agencies
The Biden Administration released a new cybersecurity strategy for federal agencies that will move the government toward a “zero trust” security model. The nearly 30-page plan lays out dozens of measures federal agencies need to take in the next two years to secure systems and limit the risk of security incidents.
Government agencies have until the end of fiscal year 2024 to put in place many of the measures described in the plan, which include more stringent network segmentation, multi-factor authentication, and widespread encryption. Departments are given 60 days or 120 days to appoint leads, who will implement the measures and classify certain information based on sensitivity.
This move by the White House is a welcome one. Zero Trust strategy is now the gold standard for cybersecurity. It is a proactive security approach that is capable of defending against increasingly sophisticated and expensive attacks that can come from outside or within your network. But one has to understand that Zero Trust is neither a quick fix nor is easy and straightforward to implement. Today’s dynamic environment can make implementation difficult.
Organizations need a partner to help them succeed in their Zero Trust journey. Entrusting your security to an expert not only delivers value to your customers but also frees up your team to focus on their activities.
A good Zero Trust security provider will shoulder the complexity of implementation to ensure a smooth deployment with minimal business disruption.
BlackCat ransomware targeting US, European retail, construction and transportation orgs
Palo Alto Networks’ Unit 42 released a deep-dive into the BlackCat ransomware, which emerged in mid-November 2021 as an innovative ransomware-as-a-service (RaaS) group leveraging the Rust programming language and offering affiliates 80-90% of ransom payments.
In December, the ransomware family, also known as ALPHV, racked up at least 10 victims, giving it the seventh-largest number of victims listed on their leak site among ransomware groups tracked by Unit 42.
Doel Santos, threat intelligence analyst with Unit 42, told ZDNet the group has already attacked a wide range of industries, including construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components and pharmaceuticals.
BlackCat (aka AlphaVM, AlphaV) could turn out to be the most sophisticated ransomware of the year, as it allows attacks on a wide range of corporate environments. This ransomware written in Rust is increasing in popularity due to its high performance and memory safety.
The ransomware is promoted on Russian-speaking hacking forums and recruits affiliates to perform corporate breaches and encrypt devices. Victims are threatened with data leakage and if they refuse to pay the ransom they are provided with a list of data types that have been stolen.
What is surprising is that the ransom demands range between $400,000 to $3 million payable in Bitcoin or Monero and with Bitcoin there is an additional 15% fee added to the ransom.
It is time to start taking cybersecurity seriously. With a bit of prevention, the damage inflicted by ransomware attacks can be minimized or even avoided altogether.
SECUDE’s HALOCORE and HALOCAD extend Microsoft Information Protection and provide automated data security, protecting data even if the data is downloaded outside the business environment.
‘We’re losing control of our data’ as breaches reach an all-time high
The number of data breaches hit a record high last year, and experts are concerned explicitly with the increasing number of cyberattacks. According to the 2021 Annual Data Breach Report published by the Identity Theft Resource Center (ITRC) on Monday, the overall number of data compromises (1,862) is up more than 68% compared to 2020 (1,108). Out of the 1,862 compromises, 1,600 of those were cyberattacks.
Another concern outlined in the report is the increasing amount of ransomware attacks. Over the past two years, ransomware-related data breaches have doubled — from 83 in 2019 to 321 in 2021.
“If we continue on pace where we are right now, ransomware will become the number one root cause of data breaches by the end of 2022, surpassing phishing,” Lee said.
This report is no surprise. Cyberattacks against organizations have increased especially in the last decade or so. Data breaches are a permanent threat to organizations, especially large enterprises. Although the types of breaches are different the impact is always the same. The recent cyberattacks have shown that the fallout for organizations is far greater than just the legal consequences.
Industry leaders are agreeing to the fact that the future is an ongoing battle for data security. Organizations will be caught in a cycle of data breach prevention, breach mitigation, and data protection advancement. As hackers are always learning new methods, the risks for businesses is only going to increase. Data security is now essential for every business and the investment has to be holistic and ongoing over the years.
Bosses think that security is taken care of: CISOs aren’t so sure
Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom. The World Economic Forum’s new report, The Global Cybersecurity Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations.
According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn’t result in significant disruption.
However, only 55% of security-focused executives believe that cyber resilience is integrated into risk management strategies – indicating a significant divide in attitudes to cybersecurity.
This gap can leave organisations vulnerable to cyberattacks, because boardrooms believe enough has been done in order to mitigate threats, while in reality there could be unconsidered vulnerabilities or extra measures put in place.
More often CISOs believe that their organization will experience a cybersecurity breach within the next two or three years but the C-Suite are highly confident their cybersecurity plans are well established but only a small percentage are actually “cyber secured”.
It is time for organizations to realize that cybersecurity issues are no longer limited to just the IT department; instead, they threaten every aspect of the business and pose a significant threat to ongoing business continuity as well as reputation. Such issues not only encompass the technical environment but also extend well beyond that and cover the entire business ecosystem.
Collaboration on security management and incidents within the organization will greatly reduce the risk. Every organization should ascertain which areas present threat opportunities and invest to defend them accordingly. Establishing a security governance program will encourage enterprise-wide collaboration. The CISO should be empowered with the mission of managing information security risk across the organization, as well as lead the initiative among the C-suite.
Log4j: Google and IBM call for list of critical open source projects
Google and IBM are urging tech organizations to join forces to identify critical open source projects after attending a White House meeting on open source security concerns.
The meeting, led by White House cybersecurity leader Anne Neuberger, included officials from organizations like Apache, Google, Apple, Amazon, IBM, Microsoft, Meta, Linux, and Oracle as well as government agencies like the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA). The meeting took place as organizations continue to address the Log4j vulnerability that has caused concern since it was discovered in December.
Kent Walker, president of global affairs at Google and Alphabet, said that, given the importance of digital infrastructure to the world, it is time to start thinking of it in the same way we do our physical infrastructure.
“Open-source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges,” Walker said.
Cybercriminals are making the most of the Log4j vulnerability. The vulnerabilities allow an attacker to perform remote code execution by exploiting the insecure JNDI lookups feature exposed by the logger library log4j. Therefore, organizations need to understand that they too will be attacked and get ready for that possibility with increased resilience to reduce the severity of the impact.
Organizations should patch their security updates frequently to minimize and mitigate such vulnerabilities. But it will take up time and resources to identify and patch this vulnerability. The patching process is complex and resource-intensive. And it is also hard to determine how many assets are exposed and to identify the organization’s risk.