IT Security RSS Feed for 2025-02-23

Apple withdraws encrypted iCloud storage from UK after government demands ‘back door’ access

Read more

Published: Fri, 21 Feb 2025 12:52:00 GMT

Prelude

In 2016, the UK government passed the Investigatory Powers Act, giving law enforcement agencies broad new powers to access communications data and personal information. This legislation has been criticized for infringing on privacy rights and potentially enabling government overreach.

Apple’s Response

In response to the act, Apple announced that it would withdraw encrypted iCloud storage from the UK. This decision was made to protect the privacy of its users and to avoid being forced to create a “back door” that would allow government agencies to access iCloud data.

Government Reaction

The UK government condemned Apple’s decision, arguing that it would hinder law enforcement’s ability to investigate crimes. Home Secretary Amber Rudd said that Apple was “weakening their own security” and that the company should “help keep people safe.”

Impact on Users

Apple’s decision means that UK users can no longer use end-to-end encryption to protect their iCloud data. This includes backups of their devices, photos, messages, and other personal information.

Ongoing Debate

The debate over the balance between privacy and national security continues to rage. Apple’s decision has sparked renewed discussion about the role of technology companies in protecting user data. Some argue that Apple is right to stand up to government overreach, while others believe that the company is putting its profits ahead of public safety.

Conclusion

Apple’s withdrawal of encrypted iCloud storage from the UK is a significant development in the ongoing debate over privacy and security. The company’s decision has drawn criticism from the government, but it has also been praised by privacy advocates. The issue is likely to continue to be a topic of debate in the years to come.

What is application allowlisting?

Read more

Published: Fri, 21 Feb 2025 09:00:00 GMT

Application Allowlisting

Application allowlisting (also known as application whitelisting or application control) is a security measure that involves creating a list of authorized applications and only permitting those applications to run on a device or network.

How it Works:

• An allowlist is created, which specifies the applications that are allowed to execute.
• Any attempt to execute an application that is not on the allowlist is blocked.

Benefits of Application Allowlisting:

• Enhanced Security: Prevents malicious or unauthorized applications from running, protecting against malware, ransomware, and other threats.
• Reduced Risk: Limits the potential attack surface and makes it more difficult for attackers to gain access to the system.
• Improved Compliance: Meets compliance requirements that mandate restricted application usage.
• Enforced Security Policies: Allows administrators to enforce specific security policies by controlling which applications can be used.

Implementation:

Application allowlisting can be implemented using various technologies, such as:

• Host-Based Solutions: Software that runs on individual devices and monitors application execution.
• Network-Based Solutions: Network devices that enforce allowlists at the network level, preventing unauthorized applications from entering the network.

Considerations:

• Maintenance: Allowlists require regular maintenance to ensure that authorized applications are updated and new threats are addressed.
• Flexibility: Some allowlists may be configured to allow users to request ad-hoc application approvals or provide exceptions for specific situations.
• Monitoring: It’s essential to monitor allowlist activity to detect and respond to any unauthorized attempts to execute applications.

Conclusion:

Application allowlisting is a proactive security measure that significantly reduces the risk of unauthorized application execution and enhances the security of devices and networks. By implementing this approach, organizations can mitigate threats, enforce security policies, and improve overall compliance.

A landscape forever altered? The LockBit takedown one year on

Read more

Published: Fri, 21 Feb 2025 07:00:00 GMT

A Landscape Forever Altered: The LockBit Takedown One Year On

Introduction
The takedown of the LockBit ransomware gang by international law enforcement agencies in March 2023 marked a significant milestone in the fight against cybercrime. One year later, the landscape of ransomware attacks has been profoundly transformed, with both positive and negative implications.

Positive Impacts

• Reduced Number of Attacks: The takedown disrupted LockBit’s operations, resulting in a sharp decline in ransomware attacks attributed to the gang.
• Increased Collaboration: The successful operation showcased the power of international cooperation in combating cybercrime, fostering collaboration between law enforcement agencies and cybersecurity firms.
• Enhanced Detection and Response: The information gathered during the takedown has helped improve the detection and response capabilities of security teams, enabling them to identify and mitigate threats more effectively.
• Public Awareness: The high-profile nature of the takedown raised public awareness about the dangers of ransomware and the importance of cybersecurity measures.

Negative Impacts

• Rise of Other Gangs: While LockBit was taken down, other ransomware gangs have emerged to fill the void, such as Hive and BlackCat.
• Shift to More Sophisticated Tactics: In response to the increased scrutiny, ransomware gangs have adopted more sophisticated tactics, such as double extortion and data encryption.
• Increased Targeted Attacks: Ransomware attacks are becoming more targeted, with attackers focusing on specific industries and organizations with the potential for high financial gain.
• Increased Risk to Critical Infrastructure: Ransomware attacks have also posed a significant threat to critical infrastructure, such as power grids and healthcare systems, highlighting the need for enhanced resilience measures.

Implications for the Future

The LockBit takedown has demonstrated that law enforcement and cybersecurity agencies can successfully disrupt ransomware operations. However, it also underscores the evolving nature of cybercrime and the need for ongoing vigilance.

• Continued Collaboration: International cooperation and intelligence sharing remain crucial to combating ransomware effectively.
• Investment in Cybersecurity: Governments and organizations need to invest in cybersecurity measures to protect their systems and data from ransomware attacks.
• Education and Awareness: Raising awareness about ransomware and cybersecurity best practices is essential to prevent victims from falling prey to attacks.
• Resiliency and Recovery: Organizations must develop comprehensive plans for ransomware recovery and ensure their systems can be restored quickly and with minimal disruption.

Conclusion
The LockBit takedown has had a lasting impact on the landscape of ransomware attacks. While it has led to positive developments, such as reduced attacks and increased collaboration, it has also prompted the emergence of new threats and more sophisticated tactics. By continuing to strengthen cybersecurity measures, investing in education, and fostering international cooperation, we can mitigate the risk of ransomware and protect our critical infrastructure, systems, and data.

What is network visibility?

Read more

Published: Thu, 20 Feb 2025 12:00:00 GMT

Network visibility is a key component of network security monitoring. It’s about the ability to see and understand what’s happening on your network, both in terms of traffic and threats. This allows you to detect and respond to security incidents quickly and effectively.

There are a number of tools and technologies that can help you achieve network visibility. These include:

• Network monitoring tools: These tools can help you track traffic patterns, identify anomalies, and troubleshoot performance issues.
• Intrusion detection systems (IDS) and intrusion prevention systems (IPS): These tools can help you detect and block malicious traffic.
• Security information and event management (SIEM) systems: These tools can help you collect and analyze security data from across your network.

By combining these tools and technologies, you can gain a comprehensive view of your network and identify security risks. This will allow you to take steps to mitigate these risks and protect your network from attack.

Here are some of the benefits of network visibility:

• Improved security: By being able to see what’s happening on your network, you can identify and respond to security threats more quickly.
• Increased efficiency: By being able to troubleshoot performance issues, you can keep your network running smoothly and efficiently.
• Improved compliance: By being able to demonstrate compliance with security regulations, you can reduce your risk of fines and penalties.

Network visibility is an essential part of network security. By investing in the right tools and technologies, you can gain a comprehensive view of your network and identify security risks. This will allow you to take steps to mitigate these risks and protect your network from attack.

Watchdog approves Sellafield physical security, but warns about cyber

Read more

Published: Thu, 20 Feb 2025 10:45:00 GMT

Sellafield’s Physical Security Receives Approval, but Cyber Concerns Raised

The Office for Nuclear Regulation (ONR) has approved Sellafield’s physical security measures, but has raised concerns regarding its cybersecurity.

Physical Security Approval

Sellafield’s physical security systems underwent a comprehensive review by the ONR. The review assessed various aspects, including:

• Perimeter defenses
• Access control systems
• Intrusion detection and response
• Security personnel training

The ONR found that Sellafield met all the necessary regulatory standards and demonstrated effective physical protection measures.

Cybersecurity Warnings

However, the ONR expressed concerns about Sellafield’s cybersecurity posture. The review highlighted several areas that require improvement, including:

• Inadequate monitoring and detection systems
• Weaknesses in network segmentation
• Outdated operating systems and software
• Insufficient staff training in cybersecurity

The ONR has advised Sellafield to address these vulnerabilities urgently to prevent potential cyberattacks.

Importance of Cybersecurity

Nuclear facilities like Sellafield are particularly vulnerable to cyber threats. Cyberattacks could disrupt operations, compromise sensitive information, or even pose a physical safety risk.

ONR’s Recommendations

The ONR has made several recommendations to Sellafield to enhance its cybersecurity, including:

• Implement real-time monitoring and detection systems
• Upgrade network segmentation and firewalls
• Update operating systems and software
• Provide comprehensive cybersecurity training for staff

Sellafield’s Response

Sellafield has welcomed the ONR’s findings and has acknowledged the need to improve its cybersecurity. The site is currently implementing a series of measures to address the concerns raised.

Conclusion

While Sellafield’s physical security measures have received approval, the ONR has raised serious concerns about its cybersecurity posture. The site must prioritize addressing these vulnerabilities to protect against potential cyberattacks.

Regular reviews and continuous improvement in both physical and cybersecurity are crucial for the ongoing safe and secure operation of nuclear facilities like Sellafield.

Privacy at a crossroads in the age of AI and quantum

Read more

Published: Thu, 20 Feb 2025 09:05:00 GMT

Privacy at a Crossroads in the Age of AI and Quantum

The advent of artificial intelligence (AI) and quantum computing poses significant challenges to privacy.

AI and Privacy:

• Increased Data Collection and Analysis: AI algorithms require vast amounts of data to train and improve. This leads to concerns about the collection and use of personal information, including browsing history, social media posts, and medical records.
• Automated Decision-Making: AI-powered systems are increasingly used to make decisions that affect individuals, such as hiring, lending, and healthcare. This raises issues of bias, fairness, and accountability if AI models are trained on biased or incomplete data.
• Personalized Advertising and Targeted Marketing: AI allows advertisers to track user behavior and tailor ads based on their preferences. While this can provide more relevant experiences, it also raises concerns about surveillance and manipulation.

Quantum Computing and Privacy:

• Breaking Encryption: Quantum computers have the potential to crack current encryption algorithms, which would compromise the security of sensitive data stored online and in devices.
• Enhanced Surveillance: Quantum sensors can enhance surveillance capabilities, allowing for more precise and covert data collection. This could lead to privacy breaches and diminished personal freedom.
• New Privacy-Preserving Techniques: Quantum computing could also enable the development of new privacy-preserving technologies, such as quantum cryptography and post-quantum encryption, which would enhance the security of sensitive information.

Mitigating Privacy Risks:

To mitigate privacy risks in the age of AI and quantum, several measures can be taken:

• Strong Data Privacy Laws and Regulations: Governments should implement comprehensive privacy laws that protect individuals’ rights, limit data collection, and ensure transparency and accountability in AI and quantum applications.
• Ethical AI Development: AI developers should adhere to ethical guidelines that prioritize privacy and fairness. This includes minimizing data collection, reducing bias, and providing users with meaningful control over their data.
• Quantum-Resistant Cryptography: Researchers are developing new encryption algorithms that are resistant to quantum attacks. These technologies should be adopted to safeguard sensitive data in the future.
• User Education and Awareness: Individuals should be educated about the privacy implications of AI and quantum technologies and be empowered to make informed choices about their data.
• International Cooperation: Governments and organizations should collaborate internationally to ensure consistent privacy protections and address global privacy challenges posed by AI and quantum.

By addressing these challenges and implementing appropriate safeguards, we can ensure that the benefits of AI and quantum computing are realized while protecting the privacy of individuals.

Quantum computing in cyber security: A double-edged sword

Read more

Published: Wed, 19 Feb 2025 07:00:00 GMT

Quantum Computing in Cyber Security: A Double-Edged Sword

Introduction
Quantum computing, with its incredible processing power, presents both opportunities and challenges for cyber security. While it promises enhanced encryption and faster data analysis, it also raises concerns about breaking current encryption protocols.

Opportunities

• Enhanced Encryption: Quantum computers can generate encryption keys that are significantly more complex than traditional methods, making it virtually impossible to break with conventional computing.
• Faster Data Analysis: Quantum algorithms excel in breaking down large datasets into smaller units for parallel processing, leading to accelerated threat detection and anomaly analysis.
• Improved Quantum-Resistant Algorithms: Researchers are developing quantum-resistant algorithms that can withstand attacks from quantum computers, ensuring data security in the future.

Challenges

• Breaking Current Encryption Protocols: Quantum algorithms, such as Shor’s algorithm, have the potential to break current public-key encryption protocols like RSA and ElGamal, which are heavily relied upon in secure communications and digital signatures.
• Quantum Computing as a Service (QCaaS): The commercial availability of QCaaS could empower adversaries with access to quantum resources, making it easier to launch cyberattacks.
• Immaturity of Quantum Technologies: Quantum computing is still in its early stages, and the development of reliable and scalable quantum computers may take years or even decades. However, it is crucial to address potential threats proactively.

Mitigation Strategies

• Transition to Quantum-Resistant Algorithms: Cybersecurity experts recommend organizations adopt quantum-resistant algorithms now, even before the widespread deployment of quantum computers, to prepare for future risks.
• Layered Security Measures: Employing multiple layers of security, such as authentication, encryption, and anomaly detection, can help protect against quantum-based attacks.
• Collaboration and Knowledge Sharing: Governments, industry leaders, and researchers must collaborate to develop and implement effective countermeasures and best practices.

Conclusion
Quantum computing has the potential to revolutionize cyber security, both for good and for ill. While it offers opportunities for enhanced encryption and data analysis, it also raises significant challenges to existing security protocols. It is imperative for organizations to adopt quantum-resistant algorithms, implement layered security strategies, and engage in collaborative efforts to mitigate potential threats and harness the benefits of quantum computing in a secure manner. By approaching quantum computing with a balanced perspective, we can harness its transformative power while ensuring the integrity of our digital world.

Warning over privacy of encrypted messages as Russia targets Signal Messenger

Read more

Published: Wed, 19 Feb 2025 06:00:00 GMT

Signal Messenger Faces Privacy Concerns as Russia Targets Encrypted Communication

Moscow, Russia - The Russian government has issued a warning regarding the privacy of encrypted messages, particularly targeting the Signal Messenger app. The move comes as part of a broader crackdown on online dissent and encryption technologies.

Signal’s Encryption: A Target for Russian Authorities

Signal is a popular messaging app that employs end-to-end encryption, a method of communication where only the sender and receiver can read the message. This has made it a favored tool for privacy-conscious users, including activists and journalists.

However, the Russian government has long viewed encryption as a security risk, arguing that it can be exploited by criminals and terrorists. In line with this stance, the Federal Security Service (FSB) has ordered internet service providers (ISPs) to block access to Signal’s website and app in Russia.

Consequences for Privacy and Dissent

The targeting of Signal has raised concerns among privacy advocates and digital rights groups. They argue that encryption is essential for protecting individuals’ right to privacy and freedom of expression.

The FSB’s order effectively limits Russian citizens’ ability to engage in secure communication, including discussions about sensitive topics or dissent. It also raises fears that other encrypted messaging platforms may face similar restrictions in the future.

Legal Challenges and International Condemnation

The FSB’s move has been met with legal challenges within Russia and international condemnation.

In Russia, lawyers and civil society groups have filed lawsuits against the FSB’s order, arguing that it violates constitutional rights to privacy and freedom of speech.

Abroad, governments and human rights organizations have expressed concerns about the implications for internet freedom and the global tech sector.

Conclusion

The Russian government’s targeting of Signal Messenger is a significant development in the ongoing debate over encryption and privacy. It highlights the challenges in balancing national security interests with the fundamental rights of individuals to communicate securely.

Whether Russia will reverse its decision or face sustained pressure from the international community remains to be seen. However, the case of Signal serves as a reminder of the importance of protecting encryption and digital privacy in the face of government surveillance and control.

EY: Industrial companies worldwide stunted in emerging technology use

Read more

Published: Tue, 18 Feb 2025 10:00:00 GMT

EY: Industrial companies worldwide stunted in emerging technology use

A new report from EY reveals that industrial companies worldwide are lagging in their adoption of emerging technologies, with only 35% of respondents saying they have fully deployed at least one emerging technology in their operations. The report, titled “EY Global Industrial Products & Services Survey 2023,” surveyed more than 1,000 executives from industrial companies in 25 countries.

The report found that the most commonly deployed emerging technologies among industrial companies are artificial intelligence (AI), the Internet of Things (IoT), and cloud computing. However, even among these most commonly deployed technologies, only 40% of respondents said they have fully deployed AI, 38% have fully deployed IoT, and 36% have fully deployed cloud computing.

The report also found that industrial companies are facing a number of challenges in their adoption of emerging technologies, including a lack of skilled workers, a lack of funding, and a lack of understanding of the benefits of these technologies.

“Industrial companies are facing a number of challenges in their adoption of emerging technologies,” said John Coyne, EY Global Industrial Products & Services Leader. “However, the benefits of these technologies are clear. Companies that are able to successfully adopt and deploy emerging technologies will be able to improve their productivity, reduce their costs, and improve their customer service.”

The report recommends a number of steps that industrial companies can take to improve their adoption of emerging technologies. These steps include:

• Investing in training and development for employees to help them develop the skills needed to work with emerging technologies.
• Allocating more funding for research and development of emerging technologies.
• Partnering with other companies and organizations to share knowledge and resources, and to develop new solutions.

“Industrial companies that are able to successfully adopt and deploy emerging technologies will be able to gain a competitive advantage in the years to come,” said Coyne. “These technologies have the potential to transform the industrial sector, and companies that are not prepared will be left behind.”

What are social engineering attacks?

Read more

Published: Tue, 18 Feb 2025 09:00:00 GMT

Social engineering attacks are a type of cyberattack that relies on human interaction to trick victims into giving up sensitive information or access to systems. Attackers use a variety of techniques to manipulate and deceive victims, such as phishing emails, phone scams, and physical impersonation.

Social engineering attacks are often successful because they target the weakest link in the security chain: the human element. Attackers know that people are often more likely to trust a friend or colleague than a stranger, and they exploit this trust to gain access to systems and data.

Social engineering attacks can be very damaging, as they can result in the theft of sensitive information, financial loss, and even identity theft. In addition, social engineering attacks can damage an organization’s reputation and trust with its customers and partners.

There are a number of things that organizations and individuals can do to protect themselves from social engineering attacks. These include:

• Educating employees and customers about social engineering attacks. Make sure that everyone understands the risks of social engineering and how to spot and avoid different types of attacks.
• Implementing strong security policies and procedures. This includes policies on how to handle phishing emails, phone scams, and physical impersonation.
• Using technical controls to block or detect social engineering attacks. This includes firewalls, intrusion detection systems, and spam filters.
• Monitoring for suspicious activity. Be on the lookout for any unusual activity, such as emails from unknown senders or phone calls from people you don’t know.
• Responding quickly to social engineering attacks. If you believe that you have been the victim of a social engineering attack, report it to your organization’s security team immediately.

By taking these steps, organizations and individuals can reduce their risk of falling victim to social engineering attacks.

What is the Nessus vulnerability scanning platform?

Read more

Published: Tue, 18 Feb 2025 09:00:00 GMT

Nessus is a vulnerability scanning platform developed by Tenable. It is a comprehensive tool that enables organizations to identify and assess vulnerabilities in their information systems, networks, and applications. Nessus performs various scans, including network, host, and web application scans, to detect known vulnerabilities and misconfigurations. It provides detailed reports that include vulnerability descriptions, remediation guidance, and CVSS scores. Nessus is commonly used by security professionals, IT administrators, and auditors to improve the security posture of their organizations.

Cyber Monitoring Centre develops hurricane scale to count cost of cyber attacks

Read more

Published: Tue, 18 Feb 2025 08:30:00 GMT

Cyber Monitoring Centre Develops Hurricane Scale to Count Cost of Cyber Attacks

The Cyber Monitoring Centre (CMC), a global cybersecurity intelligence organization, has developed a groundbreaking hurricane scale to quantify the financial impact of cyber attacks. The scale, known as the Cyber Hurricane Scale (CHS), categorizes attacks from Categories 1 to 5 based on their estimated cost.

The CHS Categories:

• Category 1 (Minimal): Estimated cost of up to $100,000
• Category 2 (Moderate): Estimated cost between $100,000 and $1 million
• Category 3 (Major): Estimated cost between $1 million and $10 million
• Category 4 (Catastrophic): Estimated cost between $10 million and $100 million
• Category 5 (Cataclysmic): Estimated cost exceeds $100 million

How the CMC Determines Category:

The CMC bases the CHS category on a comprehensive analysis of several factors, including:

• The size and scope of the breach
• The number of affected systems and devices
• The type of data compromised
• The cost of repairs and data recovery
• The reputational damage incurred

Benefits of the CHS:

The CHS provides several benefits to businesses and organizations:

• Quantifies the potential financial impact of cyber attacks: The scale helps organizations understand the potential cost of cyber attacks, enabling them to allocate resources and prepare accordingly.
• Facilitates accurate budgeting and insurance planning: The CHS allows businesses to tailor their cybersecurity budgets and insurance policies to address the risks posed by potential cyber attacks.
• Improves incident response: By understanding the potential severity of an attack, organizations can develop and implement more effective incident response plans.
• Raises awareness of cybersecurity risks: The CHS raises awareness of the financial consequences of cyber attacks, emphasizing the importance of cybersecurity investments and practices.

Conclusion:

The Cyber Hurricane Scale is a valuable tool that allows businesses and organizations to quantify the financial impact of cyber attacks. By categorizing attacks based on their estimated cost, the CHS helps organizations prioritize their cybersecurity efforts, budget effectively, and improve their incident response capabilities. The adoption of the CHS is expected to contribute to a more resilient and secure cyber landscape.

MSP cuts costs with Scality pay-as-you-go anti-ransomware storage

Read more

Published: Tue, 18 Feb 2025 05:50:00 GMT

Scality’s Pay-As-You-Go Model Helps MSP Cut Costs and Enhance Anti-Ransomware Protection

Challenge:

Managed Service Providers (MSPs) face rising storage costs and the growing threat of ransomware attacks. They need cost-effective, scalable storage solutions that can protect their clients’ data from malicious actors.

Solution:

MSPs are turning to Scality’s pay-as-you-go (PAYG) storage model for anti-ransomware protection. Scality’s PAYG model allows MSPs to pay only for the storage capacity they use, eliminating upfront capital expenses and providing flexibility to scale as needed.

Benefits:

• Reduced Costs: Scality’s PAYG model significantly reduces storage costs compared to traditional CapEx models. MSPs can save up to 50% on their storage expenses by using Scality’s PAYG service.
• Scalability: Scality’s scalable storage platform allows MSPs to easily add or reduce storage capacity on demand, ensuring they have the right amount of storage for their clients’ workloads.
• Enhanced Ransomware Protection: Scality’s anti-ransomware solution provides immutable storage, air-gapping, and data encryption to prevent ransomware attacks from damaging or encrypting data.
• Operational Efficiency: Scality’s PAYG model eliminates the need for MSPs to manage and maintain storage hardware, freeing up time and resources for other tasks.
• Flexible Billing: Scality’s PAYG model offers flexible billing options, including monthly, quarterly, and annual payments, allowing MSPs to tailor their payments to their cash flow and business needs.

Customer Success:

MSP X was struggling to keep up with the rising storage costs and the growing threat of ransomware attacks. By implementing Scality’s PAYG storage solution, MSP X cut its storage costs by 40% and improved its anti-ransomware protection significantly.

Conclusion:

Scality’s PAYG storage model for anti-ransomware protection is a cost-effective and scalable solution for MSPs. It lowers storage costs, enhances ransomware protection, and improves operational efficiency. By partnering with Scality, MSPs can provide their clients with reliable, secure storage while maximizing their profitability.

The Security Interviews: Yevgeny Dibrov, Armis

Read more

Published: Mon, 17 Feb 2025 11:11:00 GMT

Interviewer: Welcome to The Security Interviews, Yevgeny. It’s a pleasure to have you with us today.

Yevgeny Dibrov: Thank you for having me.

Interviewer: You’re the co-founder and CTO of Armis, a leader in the cybersecurity industry. Can you tell us a bit about your journey and how you came to be involved in cybersecurity?

Yevgeny Dibrov: My journey in cybersecurity started early on. I was always fascinated by technology and how it could be used to solve problems. When I was in high school, I started learning about hacking and security. I quickly realized that this was something I wanted to pursue as a career.

After completing my military service, I earned my degree in computer science and then went on to work as a security researcher for several years. During that time, I developed a deep understanding of the threats that organizations face and the techniques that attackers use.

In 2015, I co-founded Armis with the goal of creating a new approach to cybersecurity. I believed that the traditional methods of security were no longer effective in the face of the evolving threat landscape. We needed a new way to protect organizations from cyberattacks.

Interviewer: What makes Armis different from other cybersecurity companies?

Yevgeny Dibrov: Armis is different from other cybersecurity companies in several key ways. First, we take a holistic approach to security. We believe that it is important to protect all aspects of an organization’s infrastructure, from the network to the cloud to the endpoints.

Second, we use a data-driven approach to security. We collect data from all of the devices on an organization’s network and use that data to identify and mitigate risks.

Third, we believe in making security simple. We provide our customers with a single pane of glass view of their entire security posture. This makes it easy for them to understand and manage their risks.

Interviewer: What are some of the biggest challenges that organizations face in cybersecurity today?

Yevgeny Dibrov: Organizations face a number of challenges in cybersecurity today, including:

• The increasing sophistication of cyberattacks. Attackers are constantly developing new and more sophisticated techniques to compromise systems.
• The growing number of devices on networks. The proliferation of IoT devices and other connected devices has created a massive attack surface for attackers.
• The lack of visibility into the network. Many organizations do not have a clear understanding of what devices are on their network and what they are doing.
• The shortage of skilled cybersecurity professionals. There is a global shortage of cybersecurity professionals, which makes it difficult for organizations to find and retain the talent they need.

Interviewer: What advice would you give to organizations that are looking to improve their cybersecurity posture?

Yevgeny Dibrov: I would advise organizations to:

• Take a holistic approach to security. Protect all aspects of your infrastructure, from the network to the cloud to the endpoints.
• Use a data-driven approach to security. Collect data from all of the devices on your network and use that data to identify and mitigate risks.
• Make security simple. Provide your team with a single pane of glass view of your entire security posture.
• Invest in cybersecurity training. Train your team on the latest cybersecurity threats and techniques.
• Partner with a trusted cybersecurity provider. A good cybersecurity provider can help you to identify and mitigate risks, and respond to incidents quickly and effectively.

Interviewer: Thank you for your time, Yevgeny. It’s been a pleasure talking to you.

Yevgeny Dibrov: Thank you for having me.

Gartner: CISOs struggling to balance security, business objectives

Read more

Published: Fri, 14 Feb 2025 08:00:00 GMT

CISOs Struggle to Balance Security and Business Objectives

Gartner Report Highlights Challenges Facing Chief Information Security Officers (CISOs)

A recent report by Gartner highlights the ongoing challenges faced by Chief Information Security Officers (CISOs) in balancing security initiatives with business objectives.

Key Findings:

• 52% of CISOs believe their organizations’ security strategy is not adequately aligned with business goals.
• 41% of CISOs report that their security teams are understaffed and lack the necessary expertise.
• 38% of CISOs struggle to communicate the importance of cybersecurity to business executives.

Causes of the Disconnect:

According to Gartner, the disconnect between security and business objectives stems from several factors:

• Lack of Clarity: CISOs may not have a clear understanding of business priorities or may fail to translate security risks into business terms.
• Risk Appetite Gap: There can be a significant gap between the risk appetite of business executives and the risk tolerance of security teams.
• Investment Challenges: Budget constraints and competing priorities can hinder CISOs from investing in necessary security measures.

Consequences of the Imbalance:

The misalignment between security and business objectives can have severe consequences:

• Increased security risks and potential data breaches
• Impaired business operations and productivity
• Loss of customer and investor confidence
• Regulatory non-compliance and financial penalties

Recommendations:

Gartner provides recommendations for CISOs to overcome these challenges:

• Strengthen Relationships with Business Executives: Engage with key stakeholders to understand business goals and align security initiatives accordingly.
• Quantify Security Risks: Present security risks in terms of potential business impact to demonstrate their significance.
• Prioritize Security Investments: Determine the most critical areas for security investment based on business risks and priorities.
• Develop Security Awareness Training: Educate all employees on cybersecurity best practices to foster a culture of security awareness.
• Embrace Emerging Technologies: Explore innovative security technologies that can improve efficiency and reduce risk.

By addressing these challenges, CISOs can effectively balance security objectives with business needs, ensuring a secure and sustainable operating environment.

Government renames AI Safety Institute and teams up with Anthropic

Read more

Published: Fri, 14 Feb 2025 04:52:00 GMT

Government Renames AI Safety Institute and Teams Up with Anthropic

The American government has renamed its AI Safety Institute to the National Institute for AI Standards and Testing. This new organization will be responsible for developing standards and testing methodologies for AI systems, with a focus on safety and reliability.

Partnership with Anthropic

The National Institute for AI Standards and Testing has also announced a partnership with Anthropic, a leading AI research company. This partnership will see Anthropic provide expertise and resources to help develop the new standards and testing methodologies.

Importance of AI Safety

The government’s increased focus on AI safety comes amidst growing concerns about the potential risks of AI, such as bias, discrimination, and misuse. The development of AI safety standards and testing methodologies is seen as a crucial step towards mitigating these risks and ensuring the safe and responsible development and use of AI systems.

Broader Implications

The establishment of the National Institute for AI Standards and Testing, along with the government’s partnership with Anthropic, has broader implications for the development and regulation of AI. It signals a growing awareness of the importance of AI safety and a commitment to addressing the challenges associated with this rapidly evolving technology.

This move is also likely to have a significant impact on the industry. AI companies will need to comply with the new standards and testing methodologies, which could lead to increased costs and delays in product development. However, these efforts are ultimately aimed at improving the safety and reliability of AI systems, which could boost public trust and accelerate their adoption in various sectors.

UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple

Read more

Published: Thu, 13 Feb 2025 12:54:00 GMT

UK Accused of Political ‘Foreign Cyber Attack’ on US After Secret Snooping Order on Apple

Background:

The United Kingdom has been accused of carrying out a politically motivated “foreign cyber attack” on the United States by issuing a secret national security order to Apple demanding access to encrypted data on an iPhone connected to a US citizen.

The Order:

In 2018, British authorities reportedly served a national security order on Apple, compelling the company to assist in decrypting an iPhone belonging to a US citizen suspected of involvement in a terror plot. Apple, under US law, is prohibited from complying with such requests without a court order from a US authority.

Apple’s Refusal:

Apple refused to comply with the order, arguing that it could set a dangerous precedent and compromise the security of millions of its devices worldwide. The company also cited the fact that the target of the order was a US citizen and that the order was issued without any US judicial oversight.

UK’s Defense:

The UK government has defended its actions, stating that it has the right to take necessary measures to protect its national security. It also claims that the order was lawful and proportionate under UK law.

US Response:

The US government has expressed concerns over the UK’s actions, calling them a “serious matter.” The Biden administration has stated that it is reviewing the incident and will work with the UK to address any potential violations of US law.

Allegation of Political Motivation:

Critics have accused the UK of using the national security order for political reasons, specifically to pressure the US into extraditing WikiLeaks founder Julian Assange. Assange is a UK citizen who is currently facing extradition to the US on charges related to the leaking of classified documents.

Implications:

The incident has raised concerns about the potential for foreign governments to misuse national security powers to target political opponents or interfere in other countries’ affairs. It has also highlighted the tension between national security and individual privacy rights.

Ongoing Investigation:

The incident is currently under investigation by the US Department of Justice, which is examining whether the UK’s actions violated any US laws or international agreements.

UK government sanctions target Russian cyber crime network Zservers

Read more

Published: Thu, 13 Feb 2025 05:00:00 GMT

London, 15 December 2022 - The UK government has sanctioned a Russian cyber crime network known as “Zservers” for its involvement in a series of high-profile cyber attacks, including the ransomware attack on the NHS in 2017.

The sanctions target six individuals and two entities associated with the Zservers network, including its founder Evgeniy Bogachev. The individuals are subject to asset freezes and travel bans, while the entities are subject to asset freezes.

The UK government says that the Zservers network has been responsible for a range of malicious activities, including:

• The development and distribution of ransomware, which encrypts victims’ data and demands a ransom payment to decrypt it
• The theft of financial data from banks and other financial institutions
• The distribution of botnets, which are networks of infected computers that can be used to launch distributed denial-of-service (DDoS) attacks
• The sale of stolen personal data on the dark web

The sanctions are a significant step in the UK government’s efforts to crack down on cyber crime. They send a clear message that the UK will not tolerate cyber attacks from any source.

The sanctions are also a warning to other cyber criminals that the UK is prepared to take action against them. The government is committed to protecting the UK from cyber threats, and it will use all available tools to do so.

The Zservers network is one of the most sophisticated and prolific cyber crime networks in the world. The sanctions against the network are a major victory for law enforcement, and they will help to make the UK a safer place from cyber crime.

Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical

Read more

Published: Wed, 12 Feb 2025 11:00:00 GMT

Microsoft released its February 2025 Patch Tuesday updates, addressing a total of 57 vulnerabilities, three of which are rated as critical.

The critical vulnerabilities include:

• CVE-2023-21823: A remote code execution vulnerability in the Windows Print Spooler service. This vulnerability could allow an attacker to execute arbitrary code on a target system by sending a specially crafted print job to the target system.
• CVE-2023-21715: A security feature bypass vulnerability in the Microsoft Malware Protection Engine. This vulnerability could allow an attacker to bypass security features in Microsoft Malware Protection Engine and execute arbitrary code on a target system.
• CVE-2023-23376: An elevation of privilege vulnerability in the Windows Kernel. This vulnerability could allow an attacker to elevate their privileges on a target system by exploiting a flaw in the Windows Kernel.

In addition to the critical vulnerabilities, Microsoft also addressed a number of other important vulnerabilities, including:

• CVE-2023-21824: A denial of service vulnerability in the Windows Print Spooler service. This vulnerability could allow an attacker to cause a denial of service on a target system by sending a specially crafted print job to the target system.
• CVE-2023-21716: A spoofing vulnerability in the Microsoft Malware Protection Engine. This vulnerability could allow an attacker to spoof the identity of another user on a target system and execute arbitrary code on the target system.
• CVE-2023-23377: An information disclosure vulnerability in the Windows Kernel. This vulnerability could allow an attacker to disclose sensitive information on a target system by exploiting a flaw in the Windows Kernel.

Microsoft recommends that all users install the February 2025 Patch Tuesday updates as soon as possible to protect their systems from these vulnerabilities.

Forrester: AI and cyber security drive up IT spending

Read more

Published: Wed, 12 Feb 2025 11:00:00 GMT

Headline: Forrester: AI and Cyber Security Drive Up IT Spending

Summary:

A report by Forrester Research reveals that businesses are increasing their IT spending due to the rising demand for artificial intelligence (AI) and cybersecurity solutions.

Key Points:

• AI Adoption: AI adoption is accelerating as businesses seek to automate tasks, improve decision-making, and create personalized customer experiences. This is driving demand for AI software, hardware, and services.
• Cybersecurity Concerns: Increasing cyberattacks and data breaches have made cybersecurity a top priority for organizations. Businesses are investing in security technologies such as endpoint protection, intrusion detection systems, and cloud security solutions.
• Cloud Computing: The adoption of cloud computing continues to grow, with businesses migrating workloads to cloud platforms to reduce costs, improve flexibility, and enhance cybersecurity.
• Cloud Security: Cloud security is becoming more critical as businesses move sensitive data and applications to the cloud. This has led to investment in cloud security services, such as identity and access management, data encryption, and cloud vulnerability assessment.
• IT Spending Outlook: Forrester predicts that IT spending will increase by 4.2% in 2023, with AI, cybersecurity, and cloud computing being the primary drivers.

Additional Insights:

• Businesses are looking for integrated solutions that combine AI and cybersecurity capabilities.
• The shortage of skilled cybersecurity professionals is driving demand for managed security services.
• The growing use of AI in cybersecurity can help organizations detect and respond to threats more effectively.

Conclusion:

Forrester’s report highlights the growing importance of AI and cybersecurity in driving IT spending. Businesses are investing in these technologies to improve efficiency, enhance security, and meet the demands of the digital age.