Tech News That Matters

Category Archive : Cybersecurity

Immigrants and Refugees Reskill with ThriveDX Cybersecurity Impact Bootcamp – PR Newswire

ThriveDX Chosen by the Israel Innovation Authority to Lead Program

MIAMI, Nov. 17, 2022 /PRNewswire/ — After three months of intensive training, ThriveDX, the global leader in cybersecurity and digital skills training and cyber talent building, announced the graduation of its first of many cohorts of the “Olim” (new immigrants) Cybersecurity Bootcamp in Israel. Many immigrated from the USA, Chile, Argentina, South Africa, Venezuela, France, Russia and also Ukraine – some of whom were impacted by the war between Ukraine and Russia. ThriveDX was chosen out of a large group of applicants to work with the Government of Israel and the Israel Innovation Authority to prepare trainees for jobs in the country’s highly esteemed cybersecurity industry, fueling more job opportunities for refugees and immigrants.


Immigrants and refugees, especially those currently fleeing the war in Ukraine, have a number of hurdles to overcome, including starting over, finding new careers in a new country, supporting their families, and other major life stresses. Other refugees have overcome similar challenges and gone on to become titans of their industries including Albert Einstein, Madeleine Albright and Gloria Estefan.

ThriveDX had the privilege to take in 25 new students and provide them an outlet and skills to transform their careers with their renowned cybersecurity bootcamp.

“As the Project Manager of the New immigrants Bootcamp, I am so happy that we had the opportunity to train these talented students from eight different countries, opening the door for them to the cybersecurity world. Getting them into the Bootcamp softens the difficulty of starting a new life in a new country, especially for the students that immigrated from Russia and Ukraine, fleeing the recent war,” said Daniel Rotman, Project Manager of the Olim project, ThriveDX. “This was made possible largely with the support of the Israel Innovation Authority, which has helped us finance this project and its important goals.”

ThriveDX’s Cybersecurity Impact Bootcamp was developed by veterans of the elite cyber-intelligence unit of the IDF, recognized as world leaders in their field, to create more accessible career opportunities in cybersecurity. The IDF Elite units are known for their unique training methods, designed to implement cutting-edge practices within a short time. These unique training methods make up the core of ThriveDX training programs. The Bootcamp successfully prepares people with little or no background in tech for entry-level cybersecurity jobs, and encourages underrepresented groups, such as women, minorities, and students from the socio-geographic periphery, to apply.

“I want to thank ThriveDX for giving me a great opportunity to participate in a cybersecurity bootcamp. Because of the Russian attack on my country and my city, I had only a few days to evacuate myself and my mom,” said one of the students in the ThriveDX Cybersecurity Impact Bootcamp. “This bootcamp allowed me, after such a stressful relocation, to feel a kind of comfort, giving me the opportunity to dive into learning about cybersecurity. I believe that the knowledge I gained during these three months will give a new start to my career and help me become a part of the high-tech community in Israel.”

“The Cybersecurity Impact Bootcamp does not just prepare trainees to land a rewarding career in cybersecurity, but it also opens up opportunities for underrepresented groups, thanks to its unique training method,” said David Chesterman, Head of Education Partnerships, ThriveDX.

“This Bootcamp gives companies access to diverse talent their workforce is missing, and provides trainees with a jumpstart for their new career. In a world with a lot of uncertainty, it’s encouraging to witness more immigrants and refugees taking their circumstances into their own hands, channeling the potential grief from their relocation into a bootcamp that can help provide a bright future”, said Roy Zur, CEO of ThriveDX Enterprise.

If you’re in Tel Aviv on November 28th and attending the HLS & Cyber 2022 Conference, ThriveDX will be there so please stop by. To learn more about the ThriveDX Cybersecurity Impact Bootcamp visit:

About ThriveDX

ThriveDX is the global leader in cybersecurity education, and an expert in providing cybersecurity training to upskill and reskill lifelong learners. Our teams are made up of military trained cyber experts, industry veterans and seasoned educators united to close the worldwide skills and talent gap in cybersecurity. Operating in two divisions – education and enterprise – ThriveDX’s award-winning solutions exist to bridge the skills gap and impact the talent shortage in the cybersecurity and overall tech industry.

The Education sector partners with top-tier academic institutions, enterprises, and government branches globally to offer advanced, professional development programs in cybersecurity and digital technology. The Enterprise branch (formulated by companies formerly known as Cybint Solutions, Kontra Application Security, Lucy Security, ThriveDX Labs, and HackerU Pro), is a suite of products and services that cater to non-technical employees, developers, IT professionals and anyone in between. For more information, visit

About the Israel Innovation Authority

The Israel Innovation Authority, an independent publicly funded agency, was thus created to provide a variety of practical tools and funding platforms aimed at effectively addressing the dynamic and changing needs of the local and international innovation ecosystems. To learn more please visit


DAST tools as force multipliers for human cybersecurity skills – Security Boulevard

In 1927, the U.S. Army Chief of Staff, Major-General Charles P. Summerall, delivered an address in which he discussed the human element of battle. At the start of his speech, he said that although the machines and weapons of war evolve, it is still humans who drive victory with their own unique skills and experiences:

It is trite to say that the human element remains, as it has ever been, the determining factor in battle. Machines and arms may be multiplied and changed, but the man who uses them will determine the final issues of victory or defeat.

Nearly 100 years later, cyberwar has become a new theater of global conflict, and Major-General Summerall’s words still ring true. Just as with physical warfare, the human element in cybersecurity can make all the difference between opening the door for an attack on critical infrastructure and keeping sensitive systems safe. 

Digging in on web application security

Leveraging technology to enhance human skills is especially important in application security (AppSec), as internet-facing web apps were the number one attack vector in 2021. With over 10,000 websites created every hour, that presents a lot of excess attack surface for DevSecOps teams to cover – definitely more than manual testing alone could cope with. As we move toward security solutions that help us close critical coverage gaps, there’s no denying that automation with static and dynamic application security solutions (SAST and DAST tools) is a must to fortify the processes and workflows behind air-tight cybersecurity. 

Machines and humans need to work together, just as Major-General Summerall stressed. Even if it works at peak efficiency (and that’s a big if), technology simply cannot replace experts in DevSecOps teams when it comes to making vital decisions and taking action. You need people with the know-how and necessary skills to make calls about serious vulnerabilities, breach attempts, and potential exploits. With critical infrastructures on the line, organizations and entire nations alike can no longer afford to neglect the pressing need to marry automated technology with human experience. 

Humans and automation work hand-in-hand

For all the industry hype (especially anything with AI in the name), automation in security isn’t about replacing humans entirely; it’s there to make testing and detection easier and faster at the most critical decision points. Think of security like running a sports team. It requires a strategy that includes key plays, the right positions, the best equipment and uniforms – but, most of all, talented players to execute it all in a way that translates into a win on game night. 

Application security that integrates automated features is no different. With the right strategy, people, processes, and tools, you can stay ready for the bad guys by playing expert defense and offense, with automation subbing in at critical points. Automation is no longer a nice-to-have but an essential part of your overall security mix, speeding up and scaling security testing to the level of modern development. Done right, the accuracy of automated security testing can take a lot of manual tasks and guesswork out of cybersecurity. That allows the human beings on your team to focus on challenges that really need their expertise and intuition without forever double-checking the machines. 

DevSecOps teamwork can make a big difference

Let’s be real: human beings make mistakes. Data from the Egress Insider Data Breach Survey 2021 showed that human error is the leading cause of insider data breaches, with a hefty 84% of organizations touting human mistake as the reason they experienced a security incident. Improved communication and capable tools can help close gaps in security and development more effectively, culling some of those errors. 

Relationships between development and security can be tricky to manage when communication isn’t clear, putting workflows in jeopardy. Data from an Invicti survey conducted with Wakefield Research – which included 500 DevSecOps respondents – found that just half (49%) of security and development professionals consider themselves to be “besties” with their counterparts. When these two critical teams break down communication barriers and figure out how to work together to shift security left and right in the development process, they can unlock the power to eliminate and prevent gaps that might otherwise lead to serious breaches. 

DAST tools with fewer false alarms help humans prove ROI

In our most recent AppSec Indicator, the data told a pretty common tale in tech: 100% of DevSecOps professionals track ROI for their AppSec tools, and 68% are under great pressure to demonstrate that ROI clearly. This is where the collaboration between humans and accurate automation can really shine, with tools like Invicti’s DAST solutions delivering reliable data to demonstrate measurable security improvements. 

Time-draining and workflow-breaking false positives are squashed with features like Proof-Based Scanning, which delivers 99.98% accuracy on confirmed scan results for 94% of direct-impact vulnerabilities. Automatically confirmed vulnerability reports sent directly to your developers via an issue tracker integration can save hundreds of hours each month when compared to manual or less mature processes. This translates into demonstrable ROI to validate investment decisions, support budgeting, and ultimately allow your teams to keep improving their security game.

Threat actors rely on human abilities – and so should you

Cybersecurity doesn’t have permanent fixes or one-size-fits-all solutions. In the cyber arms race, the bad guys are always looking for new weapons, new methods, and new ways in. They’re resilient, so we have to be, too. Once you have the ability to prevent errors and make natural human qualities work for you, not against you, security becomes easier to embed throughout your entire organization. Here are some practical tips for nurturing the human element of your AppSec strategy:

  • Make sure the right people have the right access to development and testing systems, including SAST and DAST tools, regularly reviewing access levels and revoking access when necessary. 
  • Properly train employees on security best practices, from secure coding guidelines for developers to company-wide education on resisting social engineering attacks that can lead to big breaches. 
  • Set up a security champions program and elevate your most dedicated, security-minded employees as security advocates and watchdogs. 
  • Invest more budget in automated cybersecurity and keep up with the modern tools and features necessary that help your employees work more efficiently. 

Streamlining vulnerability detection, prioritization, and remediation is one way to help the humans on your team work smarter, not harder.

Dig deeper into how Invicti’s accuracy and automation-backed scanning solutions save time and money by reading our technical guide on Proof-Based Scanning.

The post DAST tools as force multipliers for human cybersecurity skills appeared first on Invicti.

*** This is a Security Bloggers Network syndicated blog from Invicti authored by Meaghan McBee. Read the original post at:

Bosses say they’re serious about cybersecurity. It’s time for them to prove it – ZDNet

Getty Images

If there’s one profession that continues to dominate demand in tech hiring, it’s cybersecurity.

Demand for cybersecurity staff has skyrocketed since ‘remote work’ entered the lexicon and businesses doubled down on their digital assets as a means of insuring them against future uncertainty.

While the post-pandemic tech boom has been a blessing for tech-savvy professionals with a knack for anything software related, it has also left companies more exposed than ever to the dangers lurking in cyber space.

As the threats from ransomware, malware and intellectual property theft become all too real for businesses, hiring managers have turned to cybersecurity professionals to keep them safe. The problem is, there are nowhere near enough of them to go around – and many in the cybersecurity biz are beginning to drop out due to stress and burnout.

A number of factors underpin the shortfall of skilled tech talent in the workforce, a big one being the fact that technology now evolves at such an alarming rate it’s hard to know what skills will still be applicable in the medium to long term (although coding is generally a safe bet).

But decisions in the C-suite are also stifling businesses’ efforts to adequately defend themselves from cyber threats. While leaders absolutely want cybersecurity expertise on their teams, they’re not necessarily willing to pay for it. Or, to put it more accurately, they’re not willing to pay enough.

Take a recent report by O’Reilly, which found that only a third of HR decision makers in UK tech companies are willing to spend more than £10,000 ($11,600) on cybersecurity-related recruitment, learning and development over the next 12 months. When you consider that over half of cyber attacks cost businesses upwards of $100,000, it’s staggering that employers are unwilling to invest one-tenth of this sum to stop such attacks from happening.

Budgets are always contentious in businesses, and it’s difficult to convince company leadership to invest in something they can’t see for something that might not happen (even if it probably will) — particularly when many IT leaders still don’t have a say in company decision-making – even if it relates to tech.

But £10,000 doesn’t seem like a lot when you consider how much money employers have wrapped up in huge offices and flashy corporate hubs that are only being used once or twice a week. One way companies can find room in the budget for tech training is by figuring out how much office space they really need and downsizing accordingly.  

But money, while a key factor, is just part of a multifaceted cybersecurity skills problem. Many businesses still don’t have the right mindset to effectively navigate an increasingly complex work environment – and that’s usually a result of leadership.

Much like their employees, business leaders were thrown into remote working in 2020 with little planning or preparation. While they were busy sending out laptops, setting up VPNs and trying to keep tabs on suddenly invisible workers, few were considering what such a massive upheaval in workplace and IT practices meant for cybersecurity in the long-term.

Many leaders still haven’t addressed this, and are instead exercising a ‘set it and forget it’ attitude to cloud apps and security software that’s not delivering a holistic approach to risk management.

The scale of this problem was highlighted in an October report from cybersecurity firm Savanti. In a survey of 800 global board directors, 83% identified cybersecurity as a top priority, but fewer than half had taken any dedicated action – even if this simply meant requesting IT security updates, or auditing their company’s cyber-readiness.

The report also found that Chief Information Security Officers (CISOs) are being hired, managed and evaluated as technical experts rather than business leaders. So when to comes to big strategic decisions, there is nobody in the room to explain how they might impact IT or cybersecurity.

Little wonder that so many IT leaders are fed up with not being listened to, which perhaps explains why – according to Savanti – that the average tenure of a CISO is just 2.3 years.

The good news is that companies are, for the most part, starting to realize they can no longer sleep on cybersecurity issues. If they haven’t already been a victim of an attack or attempted attack themselves, they almost certainly know of a company that has – and a company that was likely better prepared than they were.

The intense media focus on cybersecurity has offered another incentive for businesses to stay out of the spotlight: falling prey to a cyber attack is a bad look, and the financial, operational and human implications could be catastrophic at a time when companies are trying to cope with an economic downturn.

Looking ahead to 2023, businesses need to balance costs with the growing need for tech skills. But if leaders are serious about building resilience and holding fast in a year of uncertainty, cybersecurity cannot be relegated to an afterthought.


ZDNet’s Monday Opener is our opening take on the week in tech, written by members of our editorial team. 


NATO Allies Double Down on Cybersecurity in Warfighting Ops – Nextgov

U.S. and Italian government officials convened in Rome on Thursday, marking the beginning of the North Atlantic Treaty Organization’s 2022 Cyber Defence Pledge Conference, with the chief overtone of the meeting to maintain a united front amid ongoing hostilities between Russia and Ukraine. 

Italian Deputy Foreign Minister Edmondo Cirielli opened the summit discussing how member governments are planning to modernize wartime operations—particularly by updating the cyber domain with emerging technologies to better suit technological advancements in war.  

With this year’s specific focus of “Resilience, Preparedness and Responsiveness to Cyber Threats to Critical Infrastructure,” representatives from participating countries—which include all NATO member nations—will review NATO efforts to improve those nations’ threat analytics and response, as well as initial resilience. 

“The conflict in Ukraine is a war of attrition, reminding us of World War I, but at the same time is an example of the 21st century battlefield,” Cirielli said. “We see trenches, but we also see the hacking…to disrupt Ukrainian military communication.”

Cirielli referenced artificial intelligence, specifically with the goal of more automation,  as a priority to implement across warfighting operations. 

Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies on the National Security Council, agreed with Cirielli in her opening statement. She doubled down on NATO’s commitment to implementing stronger cybersecurity protocols across the group’s individual digital systems. 

“National cyber leaders and experts will convene panels to focus on protecting the energy sector from cyber threats and ensuring the NATO Cyber Defense Pledge keeps pace with the evolving cyber threat landscape,” a State Department spokesperson told Nextgov. 

Neuberger emphasized previous NATO initiatives developed in the summer Madrid meeting, referencing the new NATO Strategic Concept framework that ally nations will adopt to build stronger cyber defenses within critical infrastructures.

“We are developing national cyber capabilities so that we are more secure as an alliance,” she commented. “We all have a responsibility to build national cyber defenses.” Part of this pledge includes working to move more quickly to provide “nimble” technical and political support to fellow NATO nations. 

NATO Secretary General Jens Stoltenberg was the third speaker on the meeting’s introductory docket to reinforce the nature of the “invisible war in cyberspace,” and pledged continued support for Ukraine, as Russia wages digital warfare. 

“Because of NATO’s strong support, we have been working to strengthen Ukraine’s cyber defenses for years with training, and information and intelligence sharing,” he said. “Cyber is constantly a contested space, and the line between peace, crisis and conflict is blurred.”

Stoltenberg further noted that NATO acknowledges cyberattacks as falling within NATO’s Article Five clause, which defines an attack on one member nation as effectively an attack on all. 

“Cyber is now a domain of operations equal to those of land, sea, air and space,” he confirmed.

He continued to say that NATO has been conducting regular cyber defense training, and highlighted both host nations—Italy and the U.S.—as allies with strong cyber defenses, specifically citing President Joe Biden’s recent legislation to better monitor ransomware attacks. 

Private companies have also come to the support of NATO countries. Stoltenberg noted Microsoft and Amazon cloud software providing a safe haven for Ukraine ministerial data, as Russia worked to hack its government networks. He also cited YouTube and other social media companies as taking stricter content moderation stances on Russian material. 

“The threat from cyberspace is real, and it is growing,” Stoltenberg concluded. “That is why our cyber defense pledge is so important. So I call on allies to recommit to cyber defense with more investment, more expertise and enhanced cooperation.”

Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape – ENISA

Keesler AFB cybersecurity program prepares to meet threats head on – WLOX

BILOXI, Miss. (WLOX) – It’s a fear we live with every day: getting our identities stolen by computer hackers. It’s something the military faces as well; a hack could cripple our national defense.

But, Keesler Air Force Base is ready to fight back with high-tech training. In the cyber world, you have to fight bad keystrokes with good keystrokes.

“The threat is up in our face, and we are at that line every day,” said MSgt. Tanner Thompson, operation superintendent for the 333rd Training Squadron.

Tech Sgt. Nicholas Lines puts the threat into a frightening perspective.

“We don’t get necessarily bombed on a daily basis,” he said. “We don’t get struck by maybe a terrorist attack on a daily basis. But we’re getting hit by cyber, everyday all the time.”


“Because the cost to buy-in to cyber is pretty low,” Lines said. “An internet connection, Google and a computer and you can start learning day one on how to commit cybercrime.”

So, the 333rd Training Squadron takes its cyber security mission very seriously.

“It is one of the arrows in our quiver,” Thompson said. “It’s an extremely valuable ability to have. It’s an extremely important domain of war.”

Students start off simple and get complex quickly.

“We are as prepared as we possibly can be while facing the unknown,” Thompson added. “We operate in a very ambiguous and ever-changing environment, but we adapt very rapidly.”

Part of the reason is that many of these new-wave warriors are already tech savvy.

“They see a lot of things in the news, and they see this career field is right on the edge of that fight and they just want to be part of it,” said TSgt. Jason Verges, 333rd Training Squadron instructor.

Thompson has faith in the future with this program.

“I think that we train the greatest students that we ever have,” he said. “We train the greatest cyber operators that we ever have on both the officer and enlisted side.”

“At the end of the day, there are fights to be had. And, whether you’re fighting boots on the ground or you’re fighting behind the computer, both are relevant to where we are today,” Verges added.

Want more WLOX news in your inbox? Click here to subscribe to our newsletter.

Fortra: New Name, Renewed Cybersecurity Mission –


Executives Discuss Rebranding, Focus on Solving Customer Challenges

Mike Devine, CMO, Fortra; John Grancarich, executive vice president of strategy, Fortra

Fortra is the new name of security vendor HelpSystems, but the mission remains: Find new ways to help customers solve cybersecurity challenges. Mike Devine and John Grancarich of Fortra talk about the rebrand, the company’s journey – including recent acquisitions, and the future.

See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs

In a video interview with Information Security Media Group, the two Fortra executives discuss:

  • The rebrand;
  • Current problems customers are facing;
  • How Fortra helps customers stand up to these challenges.

Devine joined Fortra in 2015 and is responsible for making sure people learn how Fortra can help them solve their cybersecurity problems. He has led marketing at fast-growth tech companies for many years. Before coming to Fortra, he was with Apple device management provider JAMF Software, where his team strengthened the brand and gained global market share. Prior to that, he was involved in growth at healthcare communications software provider Amcom Software, now Spok. Previous companies include HighJump Software and ENEL.

Grancarich works with the cybersecurity and automation customers that Fortra serves to develop a full understanding of their needs in light of today’s complex market dynamics and anticipate future trends and technologies. His leadership enables the Fortra team to conceptualize, develop and implement market-leading strategies and deliver continuous value to customers. Prior to joining Fortra in 2018, Grancarich was the founder of Product Fuse, where he worked with enterprise technology companies to build and implement successful product strategies. He was previously vice president of product management for KLDiscovery and held senior positions at Kroll Ontrack and Paul Hastings.

[Project Description] Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector – Computer Security Resource Center

Share to Facebook
Share to Twitter

Date Published: November 3, 2022


Michael Powell (NIST), Michael Pease (NIST), Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), John Hoyt (MITRE), Stephanie Saravia (MITRE), Aslam Sherule (MITRE), Lynette Wilcox (MITRE), Kangmin Zheng (MITRE)

The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attacks, presenting a real threat to safety and production, and economic impact to a manufacturing organization. Though defense-in-depth security architecture helps to mitigate cyber risks, it cannot guarantee elimination of all cyber risks; therefore, manufacturing organizations should also have a plan to recover and restore operations should a cyber incident impact operations. The goal of this project is to demonstrate means to recover equipment from a cyber incident and restore operations. The NCCoE, part of NIST’s Information Technology Laboratory, in conjunction with the NIST Communications Technology Laboratory (CTL) and industry collaborators, will demonstrate an approach for responding to and recovering from an OT attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response.  The NCCoE will map the security characteristics to the NIST Cybersecurity Framework and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations and will provide commercial off the shelf (COTS) based modular security controls for manufacturers. NCCoE will implement each of the listed capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. This project will result in a freely available NIST Cybersecurity Practice Guide.

The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber…
See full abstract

The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attacks, presenting a real threat to safety and production, and economic impact to a manufacturing organization. Though defense-in-depth security architecture helps to mitigate cyber risks, it cannot guarantee elimination of all cyber risks; therefore, manufacturing organizations should also have a plan to recover and restore operations should a cyber incident impact operations. The goal of this project is to demonstrate means to recover equipment from a cyber incident and restore operations. The NCCoE, part of NIST’s Information Technology Laboratory, in conjunction with the NIST Communications Technology Laboratory (CTL) and industry collaborators, will demonstrate an approach for responding to and recovering from an OT attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response.  The NCCoE will map the security characteristics to the NIST Cybersecurity Framework and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations and will provide commercial off the shelf (COTS) based modular security controls for manufacturers. NCCoE will implement each of the listed capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. This project will result in a freely available NIST Cybersecurity Practice Guide.
Hide full abstract


cybersecurity; industrial control systems; manufacturing; operational technology; recovery; response; restoration

Control Families

None selected

Cybersecurity Awareness Month: Eight Security Insights That You Should Know | – Spiceworks News and Insights

Cybersecurity Awareness Month is in its 19th year, though much like the proliferation of the internet, cybercriminals have also flourished because there are more potential victims out there. The month-long observance, initiated as a public-private partnership back in 2004, is an annual reminder that vigilance is the price of immaculate cyber hygiene. This year, Spiceworks looks at the top cyber crime and cyber defense insights by domain experts.

According to the FBI’s Internet Crime Report 2021, the federal agency’s Internet Crime Complaint Center (IC3) received 847,376 complaints (up 7%) last year that caused losses of nearly $6.9 billion. While a 7% rise may seem insignificant, data from the previous five years tells a different story.

Cybercriminal Complaints and Losses Between 2017-2021 | Source: FBI IC3

So there you have it. The surge in cybercriminal activity directly correlates to the increase in the attack surface. “To take a step back, the evolution from an onsite work model to the new paradigm of WFH or WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively but securely,” Don Boxley, CEO and Co-Founder of DH2i, told Spiceworks.

However, 2022 has proven to be a game-changing year for cybersecurity wherein law enforcement has taken an offensive stance against cybercrime perpetrators. “There does seem to be a successful pushback by law enforcement agencies in that we are seeing some signs of an activity and profit peak from types of cybercriminals, like ransomware,” Roger Grimes, defense evangelist at KnowBe4, told Spiceworks.

“This year, most ransomware gangs readily admit that it’s harder to earn money. Less organizations are paying and most that do pay are paying less. Law enforcement has been better at following the money (i.e., cryptocurrencies), identifying criminals, and identifying and removing otherwise legitimate organizations that partially profited from cybercrime. It’s been a rare, if only moderate, win for cyber law enforcement agencies.”

Grimes goes on to appreciate the coordinated and multi-pronged attack strategy adopted by the Cybersecurity and Infrastructure Security Agency (CISA) and the European Union Agency for Cybersecurity (ENISA).

“We haven’t won. We will never defeat all hacking. But we did see some cracks in the dike. We stopped some of the continued forward progress in rampant, never-ending, ever increasing, cybercrime. It gives me some hope for the future,” Grimes added.

Most common cyberattacks to expect

“What will be the most successful cyber attacks of the future? Same methods of attacks as the last four decades: social engineering and unpatched software. Nothing on the horizon is going to change that anytime soon,” Grimes continued.

“Those two attack methods have been the top two attack methods since the beginning of computers, and it is the world’s inability to correctly focus on them as the top attacks they are that allow cybercriminals to continue to be so successful.”

The Internet Crime Report 2021 noted ransomware and business email compromise (BEC), both of which require some level of social engineering, as two of the most commonly reported cyberattacks. Phishing, data and identity theft, etc., are also up there in the list of some of the most pervasive cybercriminal acts.

On the other hand, lapses in appropriate vulnerability management are a significant concern. The fact that 66% of organizations that Rezilion surveyed had a vulnerability patch backlog of 100,000 bugs is almost akin to laying out a red carpet for threat actors.

See M0re: Moving Cybersecurity Forward: Takeaways from International Cyber Expo 2022 

Meet the present-day cybercriminal and understand their motivations

The current threat landscape includes nation-state groups and cybercriminal syndicates whose operational elements increasingly resemble that of for-profit companies. Courtesy of professional hackers, gangs, companies, and nation-states, the current threat landscape is “likely to continue into the near-term future, if not forevermore,” Grimes added.

Chris Clements, VP of solutions architecture at Cerberus Sentinel, told Spiceworks, “The current threat landscape is incredibly diverse with nation state actors, organized cybercrime gangs, and a resurgence of bored teenagers hacking for the lulz.  One commonality, however, is the access each has to buy both initial access into their victim networks as well as powerful offensive tools.”

“The LAPSUS$ group showed just how much damage a relatively unsophisticated attacker can achieve just by buying stolen credentials and spamming MFA prompts with little regard for their own consequences. Even well-funded nation-state level actors regularly employ the use of readily available commercial and open-source tooling as part of their operations, after all, why reinvent the wheel when an existing tool works, plus there’s the additional benefit of throwing off attribution by utilizing the same tools and techniques of run of the mill cybercrime gangs.”

Using commonplace techniques, LAPSUS$ could inflict significant damage on Samsung, Microsoft, NVIDIA, Globant, Okta, T-Mobile, Ubisoft, the government of Brazil (Ministry of Health), Impresa, and possibly Electronic Arts.

“One major development in the past several years is the sheer amount of money that cybercrime gangs regularly extort from their victims. This creates a situation where there is a ‘gold rush’ effect for new groups and individuals with hacking skill to join in attacking any organization that’s easy to break into. The incentives are simply too strong, especially in areas of the world where criminal consequences are unlikely to be enforced.

The incredible sums of money also give cybercrime gangs vastly increased resources to ‘reinvest’ into their operations by recruiting talented hackers and developers to increase their effectiveness, but also the means to buy zero-day exploits that can cost hundreds of thousands.  After all, if they expect they can leverage a new exploit to extort millions, that’s a great ROI.” – Chris Clements, VP of solutions architecture at Cerberus Sentinel

Spiceworks’ Top Cybersecurity Awareness Month Insights From Experts

Securing network access

DH2i CEO Dan Boxley emphasized the importance of securing network access, especially as remote and/or hybrid work has taken precedence, thus increasing the attack surface.

Boxley said that remote work is something that employees have cherished because of its flexibility, enabling them to have a better work/life balance and be more productive and helping them decrease work-related expenditure. Organizations also have a larger talent pool to choose from, drive greater employee engagement and help in the reduction of overhead expenses.

“It’s really all about the people. However, it’s also all about the technology that we invest in to support our people’s success,” Boxley added.

“At the beginning of the transition, many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs.

Instead, forward-looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs.

With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.” Dan Boxley, CEO and Co-Founder, DH2i.

See More: Cyberstorage: The Data-first Answer to Ransomware

Solidifying storage and backups

Steve Santamaria, CEO at Folio Photonics, told Spiceworks, “Data now represents a strategic asset to almost every organization. Yet, while from IT to the C-suite, it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill-prepared to fully understand and address all of the threats, in all of their forms today and in the years ahead.”

Santamaria goes on to say that hard disks and tapes traditionally made up the building blocks of storage cyber-resiliency, each with its own set of advantages and drawbacks. Santamaria and Surya Varanasi, CTO at StorCentric, both called on for storage tech that has immutability at its core.

“What’s required is the development of a storage media that combines the cybersecurity advantages of disk and tape. A solution that can ensure an enterprise-scale, an immutable active archive that also delivers write-once-read-many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits. Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. 

In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for data center and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, radiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare.” – Steve Santamaria, CEO, Folio Photonics.

“Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed-up data by making it immutable and by eliminating any way that data can be deleted or corrupted. An Unbreakable Backup does exactly that by creating an immutable, object-locked format and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. 

“With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.” – Surya Varanasi, CTO at StorCentric, told Spiceworks.

Plugging internal threats

Verizon’s 2022 Data Breaches Investigations Report (DBIR) revealed that 82% of data breaches occur due to the human element. The breach at Toyota that leaked data of 296,019 customers due to an internal resource leaving server access keys in the source code, which was then publicly uploaded on GitHub, is a recent example.

Carelessness certainly is an undesirable aspect of organizational security, although purposeful insider malice from employees is worryingly on the rise. DTEX Systems detected a 72% increase in actionable insider threat incidents in 2021 from 2020.

Brian Dunagan, VP of Engineering at Retrospect, told Spiceworks, “While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack.”

See More: The Undeclared War: How Accurate Are the Threats? 

Ransomware protection

Brian Dunagan, VP of Engineering at Retrospect, told Spiceworks, “Given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.”

Ransomware attacks increased by 13% in 2022, according to Verizon’s 2022 DBIR, which is higher than the last five years combined. Ransomware is also present in 70% of malware breaches in 2022.

Additionally, ransomware gangs are consistently evolving, adding new tools to their tactics, techniques, and procedures (TTPs), from double extortion, ransomware-as-a-service, searchable online databases, and victim help desk, to bug bounty programs. 

“My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover.

A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes. 

“Of course, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.” – Brian Dunagan, VP of Engineering at Retrospect

Appropriate vulnerability management

So far in 2022, Microsoft has patched approximately 1,100 vulnerabilities in its products. At the same time, new vulnerabilities in several IT products and services are being discovered by the day.

Software vulnerabilities were the second-most commonly used attack vector by threat actors, according to Palo Alto Networks Unit 42’s 2022 Incident Response report. Menachem Shafran, VP of Product at XM Cyber, told Spiceworks, “This Cybersecurity Awareness Month, enterprises need to be more aware of the fact that vulnerability management, though critical, is broken.” 

“Every company has thousands of vulnerabilities and exposures, many of which have high scores on the Common Vulnerability Scoring System (CVSS), so it’s impossible to fix them all. Risk-based vulnerability management (RBVM) tools theoretically make prioritization easier by clarifying what is exploitable in the wild. However, current security prioritization approaches that combine CVSS scores with RBVM threat intel don’t provide anywhere near optimal results – even after filtering, and looking just at what is exploitable in the wild, you still have too much to handle.”

“My advice is to go even further than RBVM and start understanding what’s actually important and what isn’t in the context of your environment, even if in theory, an issue is high-risk. All you really need to know is whether or not it’s possible for a hacker to access your critical assets. In other words, do your vulnerabilities really matter? If they only affect unimportant machines, i.e., machines that are either non-critical systems or do not generate attack paths toward critical assets, I’d argue that they don’t.

The key to successful vulnerability management is to identify all the ways an attacker can move throughout your network and reach your business-critical assets. Once you have identified these attack paths, you can focus on locking down chokepoints and stopping hackers before they even get started.” – Menachem Shafran, VP of Product at XM Cyber

See More: Microsoft Destroys Russian Cyberespionage Group That Impersonated It in Email-based Phishing Campaigns

Email security

Mika Aalto, the CEO and co-Founder of Hoxhunt, reminded us how the threat landscape is still marred by the basics of cybersecurity hygiene or lack thereof. “Every breach begins with a malicious email,” Aalto told Spiceworks.

“Email attacks have evolved with the application of advanced technologies and new cybercrime-as-a-service platforms. We’ve analyzed millions of such phishing attack campaigns globally, and not only are they getting frighteningly slick, but attacks are also being executed both by profit-motivated cybercriminals as well as state-sponsored threat actors. Most organizations take a compliance-based approach to email security and will therefore be unwillingly contributing to the trillion-dollar cybercrime industry. But what if I told you that there is a cyber-risk master switch you could throw that would reduce your greatest areas of risk in unison? Train all your people because all risk comes back to email. As attack emails become more targeted and sophisticated, security training must keep pace. It’s less expanding awareness with behavioral science and integration into your broad security strategy. Ingraining cybersecurity habits in people makes it a reflex for them to outsmart the sophisticated phishing attacks designed to outmaneuver technical filters. Ransomware, business email compromise (or BEC, which remains the kingpin of cybercrime), credential harvesting; every breach begins with a malicious email.

As the attack emails become more targeted and sophisticated, security training must evolve beyond compliance and awareness and into behavioral science and security stack integration. Ingraining cybersecurity habits in people, and linking awareness to the security stack, makes it an organizational reflex to outsmart the sophisticated phishing attacks designed to outmaneuver technical filters.” – Mika Aalto, CEO and Co-Founder of Hoxhunt

Wrapping Up

Clements highlighted that no “silver bullet” will take care of all security needs of organizations. “With limited resources, organizations will too often look for ‘easy buttons’ for cybersecurity, and the unfortunate reality is that many cybersecurity vendors push their solutions as silver bullets that solve all cybersecurity needs,” Clements said.

“That’s not to say that there aren’t products and services that are crucial for successful cybersecurity programs, but without a focus on the fundamentals of cybersecurity, relying on them alone is like bringing a wiffle bat to the major leagues.”

Clements recommends a mix-and-match approach that includes the following:

  1. Build a cybersecurity culture and awareness 
  2. System and application hardening: to “drastically restrict an attacker’s ability to operate in an environment,” although this “can break compatibility with older technologies or disrupt user workflows
  3. Network segmentation: “limit damage from a single compromised user or system’” Clements asserts that segmentation “requires careful planning to ensure the needed network pathways exist.”
  4. Vulnerability scanning: to “identify low-hanging fruit and other mistakes.”
  5. Penetration testing: to “identify non-obvious attack pathways.” However, this can be expensive, given it requires highly skilled professionals.
  6. Continuous monitoring: to “detect and eradicate attacker access before widespread damage can be done.” Again, this can be expensive.

Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!

Image source: Shutterstock


Layoffs Mount as Cybersecurity Vendors Hunker Down – DARKReading

Cybersecurity firms Snyk and Cybereason separately announced significant layoffs during the last week of October, cutting their workforces by 198 and 200 workers and representing 14% and 17% of their workforces, respectively.

The two companies are the latest cybersecurity vendors to join a growing list of more than three dozen firms to pare their workforces in the past six months, as the global economy continues to flash signs of a slowdown and possible recession. On Oct. 24, for example, Snyk CEO Peter McKay announced that, while the developer security firm continues to grow, the company “must operate even more efficiently in order for Snyk to effectively withstand the continued headwinds facing the global economy.”

Cybereason CEO and co-founder Lior Div also claimed strong operations but stressed its need to move away from aggressive investments in research and development, sales, and marketing and instead focus on customer retention and innovating in its core market of extended detection and response (XDR).

“While we are making significant traction in these areas and our growth remains strong, we are seeing significant volatility in the global financial markets that require us to prioritize profitability over growth,” he said in an Oct.26 blog post.

Snyk and Cybereason are not alone. In June, privacy and security firm OneTrust announced it would lay off 950 employees, or 25% of its workforce. In late May, cloud security firm Lacework announced it would layoff approximately 300 workers, or 20% of its head count. Last week, cybersecurity automation firm Forescout announced it would be cutting costs but did not release the specific number of layoffs, instead saying the company intended to “optimize our cost base to prepare for difficult economic times over the next period to ensure the future success.”

In total, 32 cybersecurity firms have announced layoffs or restructuring since early May, according to layoff tracking site Layoffs.FYI, most citing the tightening market and need to protect the longevity of the business.

“While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success,” Jay Parikh, CEO of Lacework, said in a May update. “We have adjusted our plan to increase our cash runway through to profitability and significantly strengthened our balance sheet so we can be more opportunistic around investment opportunities and weather uncertainty in the macro environment.”

Investments Become Scarcer

Cybersecurity vendors’ retrenchment is not without cause. The vast majority (83%) of companies expect to contend with a recession in 2023, and most of those businesses are taking steps to prepare, according to the “2023 State of IT” report. IT budgets will likely stagnate: While half of businesses (51%) expect to increase IT budgets in 2023, a significant portion of those increases are due to inflation, not expanding purchases and services, the report stated.

Investments are drying up as well, leaving startup companies more reliant on their actual cash flow to fuel future operations. Venture capital financing totaled $3.1 billion in the third quarter of 2022, down from $7.9 billion for the same quarter in 2021, according to cybersecurity-focused venture capital firm Momentum Cyber.

“It’s at that point where investors can be much more scrutinizing with valuations, because if they feel like the whole economy is slowing down, they might not feel like they want to take that go-to-market risk,” Eric McAlpine, managing partner at Momentum Cyber, said in the company’s “Cybersecurity Market Review Q3 2022” report.

It should be said that not every company says layoffs are the result of economic realities. In August, for example, security software firm Malwarebytes reportedly sacked at least 125 employees, or about 14% of its global workforce, maintaining the company was not trying to achieve profitability but shifting to a different strategy. A month later, Malwarebytes announced a $100 million investment and a strategic shift to the managed detection and response (MDR) market.

Yet for the most part, companies appear to be hunkering down, cutting spending, and making sure they can survive as long as possible if market conditions worsen. Privacy and security firm OneTrust, for example, pointed to a potential poor economy as the reason for the paring of its workforce.

“My responsibility is to ensure OneTrust thrives and is positioned for sustained growth, and unfortunately, reducing our headcount and adapting to the capital markets sentiment is what is needed to keep us in our leadership position,” Kabir Barday, the firm’s CEO, said in a blog post. 

Cybersecurity Jobs Still Strong

While specific cybersecurity vendor companies are cutting workers, overall the job market for cyber pros continues to be strong — a good sign for those workers who have been laid off. Businesses continue to look for cybersecurity experts, with the workforce growing 6% to 1.34 million in North America over the past 12 months, according to (ISC)2, a cybersecurity professional organization.

And job listings for tech jobs in general on jobs site have climbed 49% above the pre-pandemic baseline as of Oct. 21.

Meanwhile, the continued shortfall in cybersecurity workers and the increasing adoption of cloud services will result in more organizations gaining their cybersecurity expertise delivered as a service. (ISC)2 expects greater adoption, especially by small businesses, that do not have the need or budget to fund a permanent on-site team.

“We have seen a greater demand for cybersecurity skills to defend, protect, and secure our trail of personal data as threats become increasingly complex and our digital footprint continues to grow,” says Clar Rosso, CEO of (ISC)2, urging organizations to not drop their collective guard.

“As organizations navigate increased economic pressures, I encourage them to continue to prioritize their cybersecurity needs,” Rosso says. “Bad actors and exploits will not go away if the economy worsens; in fact, one might argue the threat landscape worsens during challenging times.”