Author Archive

Amazon devices will soon automatically share your Internet with neighbors


Amazon’s experiment wireless mesh networking turns users into guinea pigs.

If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt out of an experiment that leaves your personal privacy and security hanging in the balance.

On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.

By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk “is currently only available in the US.”

The webpage also states:

What is Amazon Sidewalk?

Amazon Sidewalk is a shared network that helps devices work better. Operated by Amazon at no charge to customers, Sidewalk can help simplify new device setup, extend the low-bandwidth working range of devices to help find pets or valuables with Tile trackers, and help devices stay online even if they are outside the range of their home wifi. In the future, Sidewalk will support a range of experiences from using Sidewalk-enabled devices, such as smart security and lighting and diagnostics for appliances and tools.

How will Amazon Sidewalk impact my personal wireless bandwidth and data usage?

The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.

Why should I participate in Amazon Sidewalk?

Amazon Sidewalk helps your devices get connected and stay connected. For example, if your Echo device loses its wifi connection, Sidewalk can simplify reconnecting to your router. For select Ring devices, you can continue to receive motion alerts from your Ring Security Cams and customer support can still troubleshoot problems even if your devices lose their wifi connection. Sidewalk can also extend the working range for your Sidewalk-enabled devices, such as Ring smart lights, pet locators or smart locks, so they can stay connected and continue to work over longer distances. Amazon does not charge any fees to join Sidewalk.

Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history.

Bluetooth has had its share of similar vulnerabilities over the years, too, either in the Bluetooth standard or in the way it’s implemented in various products.

If industry-standard wireless technologies have such a poor track record, why are we to believe a proprietary wireless scheme will have one that’s any better?

The omnipotent juggernaut

Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home.

Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that’s never seen widespread testing.

Last, let’s not forget who’s providing this new way for everyone to share and share alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from and their internet activity (as AWS is one of the most dominant web hosting services)… now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”

Amazon’s decision to make Sidewalk an opt-out service rather than an opt-in one is also telling. The company knows the only chance of the service gaining critical mass is to turn it on by default, so that’s what it’s doing. Fortunately, turning Sidewalk off is relatively painless. It involves:

  1. Opening the Alexa app
  2. Opening More and selecting Settings
  3. Selecting Account Settings
  4. Selecting Amazon Sidewalk
  5. Turning Amazon Sidewalk Off

No doubt, the benefits of Sidewalk for some people will outweigh the risks. But for the many, if not the vast majority of users, there’s little upside and plenty of downside. Amazon representatives didn’t respond to a request for comment.

via:  arstechnica

Tulsa Cybersecurity Attack Similar to Pipeline Attack

A cybersecurity attack on the city of Tulsa’s computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said.

“I can’t share anything other than we know who did it,” Mayor G.T. Bynum said, adding that the city did not pay the hackers. “They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them.”

Bynum said Tulsa’s computer security system identified the attack and shut down the system before it was infiltrated.

The attack, discovered earlier this month, was similar to the ransomware attack that shut down the Colonial Pipeline for days, according to Tulsa Chief Information Officer Michael Dellinger.

Colonial Pipeline eventually paid a $4.4 million ransom, the Georgia-based company said.

Tulsa’s computer system remains shut down while each of the city’s computers and servers are examined and cleaned, Dellinger said. There has been no indication any data was breached, he added.

Dellinger said an investigation is underway to determine how the attacker infiltrated the system.

Bynum said city utility services, such as water, will not be disconnected until five days after the system is back online and electronic payments are possible.

Police and fire responses continue, but issues such as uploading police body cameras are slowed because of the computer shutdown.

via:  securityweek

Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Colonial Pipeline chief executive Joseph Blount has confirmed the company shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the U.S.

A Wall Street Journal (WSJ) report said Colonial Pipeline made the $4.4 million payment on the evening of May 7 in the form of bitcoin. The company did receive a decryption tool to retrieve the locked data but white the tool was somewhat useful, it was ultimately not enough to immediately restore the pipeline’s systems, the newspaper said.

While the pipline operator did not confirm the amount of the payment, it did confirm to SecurityWeek that it had paid the ransom.

“Colonial Pipeline is critical to the economic and national security of our nation,” a company spokesperson told SecurityWeek. “When we were attacked on May 7, a decision was quickly made to take our entire system offline. We needed to do everything in our power to restart the system quickly and safely. The decision was made to pay the ransom. This decision was not made lightly, however, one that had to be made. Tens of millions of Americans rely on Colonial – hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. Our focus remains on continued operations to safely deliver refined products to communities we serve.”

The Colonial Pipeline CEO told the WSJ that making the ransom payment was “the right thing to do for the country.”

“I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,” Blount said, noting that the multi-million payment to the ransomware-as-a-service group was a “highly controversial decision.”

[ READ: Colonial Pipeline Paid $5 Million to Ransomware Gang ]

The ransomware attack has already led to ‘state of emergency’ declarations, temporary lines at gas pumps and rising gas prices.

The U.S. Federal Bureau of Investigation (FBI) and law enforcement agencies typically advise against ransom payments to cybercriminals, especially since some payments may be subject to international sanctions violations.

Additionally, there are no guarantees the data decryption key will work to retrieve encrypted data and no way to be sure the data wasn’t stolen and resold on darkweb marketplaces.

However, even U.S. government organizations have been known to pay significant amounts of money to cybercriminals following ransomware attacks.

via:  securityweek

Scans for Vulnerable Exchange Servers Started 5 Minutes After Disclosure of Flaws

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft’s announcement, Palo Alto Networks reveals in a new report.

Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

For comparison, global enterprises need roughly 12 hours to identify vulnerable systems within their environments, provided that they are aware of all of their assets, Palo Alto Networks explains in their 2021 Cortex Xpanse Attack Surface Threat Report.

Adversaries are at work around the clock to identify vulnerable systems that could provide them with access to enterprise networks, the cybersecurity company says. The monitoring of 50 million IP addresses associated with 50 global enterprises (1% of the global IPv4 space) revealed that, on a typical day, such scans are performed each hour.

Ranging from insecure remote access, zero-day security issues, flaws in products such as Exchange Servers and F5 load balancers, and exposed database servers, new serious vulnerabilities are identified in global enterprise networks twice a day.

“Experiencing one issue every 12 hours highlights the ephemeral nature of today’s IT infrastructure, where not only infrastructure changes but so does the vulnerability footprint. Tracking an ever-changing landscape is an impossible task for humans and requires an automated approach,” Palo Alto Networks says.

The top security issue, the report reveals, is related to the remote desktop protocol (RDP), which accounted for approximately one third (32%) of the identified weaknesses. Expired certificates, database misconfigurations, high-profile zero-days, and insecure remote access through various protocols were also top issues during the first three months of the year.

The report also shows that the majority of the most critical security flaws identified in global enterprises were associated with cloud infrastructure (79%, compared to 21% for on-premises). Although easy to deploy, cloud is more difficult to manage, and the COVID-19 pandemic has accelerated cloud adoption, the report points out.

via:  securityweek

How Cybercriminals Can Leverage Your Vaccination Card Selfie

Gotta do it for the ‘Gram (Instagram), as the kids might say. After a year in quarantine, you just got your first shot or final shot of the COVID-19 vaccine. In your exuberance, you post a shot of your freshly minted vaccination card online. At this point, most of us have seen this play out at least once or twice on social media. The vaccination card post for many celebrating that small victory to return to a feeling of pre-2020 normal in postings similar to the below photos. I completely empathize with the sentiment because we’ve all experienced a lot of adjustment and pain throughout this last year. We’re trying to find the small things—like getting vaccinated! The problem is sometimes the wrong people are watching, people who can potentially weaponize and or monetize the personal identifiable information (PII) you just posted.

In a previous blog, it showed many  found examples of criminals pivoting into forging vaccine documents, and recently there have already been several cases of people traveling with forged documents or law enforcement breaking up criminal rings exclusively trading in vaccine proof.

(Images from public Internet posts)

(Images from public Internet posts)

We’ll take you on a quick look about why you should think twice about what you share online and how cybercriminals can potentially leverage your vaccine card selfie for financial gain.


In the case of criminals serving up personal data in dark web markets, it may be just the name and birthday that make a difference. This information may help create a persona for sale, or give attackers the puzzle pieces to help validate other data they may already have. Considering consumer information and profiles can be sold for pennies and small dollar amounts online, having your name and birthday in a public post may allow scammers access to a variety of opportunities. This is due in some part to birthdays often serving as an additional identification factor for many services, such as with banking, utility, or phone accounts. This also dangerously lowers the barrier of entry to your personal data, and when used with other information, such as an address or other similarly available data, criminals may attempt to take over accounts.

OSINT (Open Source Intelligence) can be incredibly effective in the hands of an expert, or even a novice. From the information included on a standard US CDC vaccination card, one can glean information such as: name, date of birth, administering location, date of immunization, type of immunization, and lot number of the vaccine. Depending on the photo, OSINT researchers can go even further to possibly pinpoint where exactly the photo was taken, what time of day, the type of camera, or find other revealing clues about the person.


All that from a vaccination card? Afraid so. There’s also more about posting cards that’s troubling. Outside of a few countries producing certified vaccination passports and similar documents, there doesn’t appear to be a lot to protect common vaccine cards, like anti-forgery or anti-tampering measures you might see with other official documents. We definitely haven’t seen any in use for vaccine cards in the US or Europe out of the samples we’ve seen. With many countries worldwide now looking at adding a so-called “vaccine passport” or other vaccine proof for travel, and possibly even for work, a document showing that the shot regimen is complete could become a boon for criminals.

In any case, with a high-enough resolution photograph and some decent graphic design skills, criminals could use portions of found images to produce realistic forgeries. There are already dozens of examples of vaccine cards posted online either via social media or in news stories, that it would seem fairly trivial to generate your own fake version.

What are you doing? I know the moments are exciting but try to rein in the posts that display so much of your personal information.

Instead, you can:

  • Share a picture of the vaccine sticker! 
  • Take a picture with the healthcare worker who gave you the shot! 
  • Get a great selfie in front of the clinic or hospital!
  • Use text and/or emojis instead of a picture to share your happiness!
  • Tell people instead of posting a photo!

But please, don’t use the card itself. Right now you should treat that card with the same attention and care as any other important identification document. Gently nudge people in your circle to be careful if you see it happening within your corner of the world, but also make sure you’re not being too cavalier with your information either. We’ve already talked about how bad people are with passwords and how a lot of your other information gets sold, just showing that there’s a market for anything in the cybercriminal underground.

But, I’m human ,and I want to belong! If you are an oversharer by nature, make your account as private as possible and keep the circle of followers close, as in no randos.. It’s wonderful to share all the joys with your friends and family. Really, it’s just about being safer out there, and making yourself a harder target. Take a cue from Generation Z and make a Finsta (fake Instagram) for just those moments and really close people.

Criminals have tons of opportunities, the methods and means, time, and financial motivation to steal, acquire, and buy all of the personal information floating out there, so why give them the easy ones for free? Be a harder target by giving those impulses a second thought, and maybe don’t post all of your information.

It’s not time to burn down all of your social media and retreat to a cave, but it’s good to understand what your risk is and take control of it.

via:  digitalshadows

Crypo News

ADVANCE WARNING: The U.S. Department of the Treasury is calling for businesses that receive transfers of more than $10,000 in crypto to report them to the IRS. The policy is said to go into effect in 2023, though it may have contributed to market volatility.

EXPECT ACTION: SEC chief Gary Gensler said Thursday that federal financial regulators should “be ready to bring cases” against bad actors in crypto, cyber and fintech. While far from descriptive, the statement shows consumer financial protections may become a greater concern under the Biden administration.

CAPITAL ALLOCATION? Coinbase is in talks to acquire Osprey Funds, an asset management firm with a popular closed bitcoin fund and newly launched Polkadot fund. In other institutional product news: ETF provider Teucrium Trading filed an application with the SEC to launch an ETF, benchmarked by bitcoin futures rather than physical BTC. This product could have an edge in getting SEC approval.

GREENING BTC: Greenpeace USA has stopped accepting bitcoin donations, citing its carbon footprint and lack of use. Bitcoin companies are scrambling to deal with the increasingly heated energy debate. BitMEX said today it is committed to becoming carbon neutral – it’ll start buying carbon offsets. Separately, Chinese mining firm invested $25 million in a new Texas facility, claiming its energy mix is 85% renewable.

BLOCKCHAIN BLOCKERS: On Tuesday, China issued a warning to institutions not to service crypto-related businesses, a restatement of existing policy that sent ripples through the market. The notice – though familiar – signals a sharpened focus on the financial industry. Separately, the Hong Kong government is moving to license virtual asset service providers and set up “necessary intervention powers” to restrict or prohibit some crypto services. Finally, Iran’s intelligence agency will begin cracking down on illegal crypto miners to reduce strain on the nation’s electricity grid.

Privacy Coin Monero Rises 30% After Biden Reveals Tax Plans for Crypto Transactions (Decrypt)

How Crypto Might Offer Haiti an Escape From Its Slavery Debt Legacy

via: coindesk

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.

Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are publicly known, although, unlike last month, none of them are under active exploitation at the time of release.

The most critical of the flaws addressed is CVE-2021-31166, a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale.

Another vulnerability of note is a remote code execution flaw in Hyper-V (CVE-2021-28476), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.

“This issue allows a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address,” Microsoft said in its advisory. “The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address.”

“It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host’s security,” the Windows maker noted.

In addition, the Patch Tuesday update addresses a scripting engine memory corruption flaw in Internet Explorer (CVE-2021-26419) and four weaknesses in Microsoft Exchange Server, marking the third consecutive month Microsoft has shipped fixes for the product since ProxyLogon exploits came to light in March —

  • CVE-2021-31207 (CVSS score: 6.6) – Security Feature Bypass Vulnerability (publicly known)
  • CVE-2021-31195 (CVSS score: 6.5) – Remote Code Execution Vulnerability
  • CVE-2021-31198 (CVSS score: 7.8) – Remote Code Execution Vulnerability
  • CVE-2021-31209 (CVSS score: 6.5) – Spoofing Vulnerability

While CVE-2021-31207 and CVE-2021-31209 were demonstrated at the 2021 Pwn2Own contest, Orange Tsai from DEVCORE, who disclosed the ProxyLogon Exchange Server vulnerability, is credited with reporting CVE-2021-31195.

Elsewhere, the update addresses a slew of privilege escalation bugs in Windows Container Manager Service, an information disclosure vulnerability in Windows Wireless Networking, and several remote code execution flaws in Microsoft Office, Microsoft SharePoint Server, Skype for Business, and Lync, Visual Studio, and Windows Media Foundation Core.

To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.

via: thehackernews

A new headache for ransomware-hit companies. Extortionists emailing customers

Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims’ customers, and asking them to demand a ransom is paid to protect their own privacy.

At the end of March, Bleeping Computer reported that the Clop ransomware gang had not stopped at threatening hacked companies and contacting journalists, but had taken the additional step of direct emailing victims’ customers whose details had been found in stolen data.

Organizations whose customers and commercial partners have been contacted include a hacked bank, a manufacturer of business jets, an online maternity clothing store.

Separately, security blogger Brian Krebs reports that a chain of gas convenience stores and a university in the United States have been similarly singled out for such unwanted attention following a ransomware attack.

It appears that similar emails have been sent, encouraging recipients to apply pressure on the organization that is being extorted to pay up – or personal data will be published.

A typical email reads as follows:

Good day! If you received this letter, you are a customer, buyer, partner or employee of <victim organization>. The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data. We inform you that information about you will be published on the darknet ( <link> ) if the company does not contact us. Call or write to this store and ask to protect your privacy!!!!

This is just the latest example of how ransomware gangs have raised the pressure on their victims. Initially, ransomware attacks simply locked companies out of their data until a ransom was paid. Then, cybercriminals exfiltrated sensitive data and threatened to release it if their demands were not met. Some ransomware gangs even created websites to publicize their successful hacks, publishing the equivalent of “press releases” about those customers who would not pay up.

In perhaps the most disgusting ransomware attacks I have ever read about, one gang stole the private details of confidential psychotherapy sessions at a chain of Finnish therapy clinics, and threatened patients that they would be released if payment was not made.

It must be hard enough for any organization to handle a ransomware attack, without also having the headache of your extortionists actively contacting your staff, customers, or partners in an attempt to apply even more pressure on you to pay up.

via:  tripwire

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.

Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL.

The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020.

Now according to Juniper, the second wave of attacks began on November 10 using payloads from a different GitHub repository, which, among others, contains a Linux crypto-miner (“ls”), a file with a list of passwords for brute-force attempts (“pass”), and a local privilege escalation exploit for x86_64 Linux systems.

The initial infection happens via X10-unix, a binary written in Go programming language, that proceeds to download the next-stage payloads from GitHub.

“The worm conducts a wide-ranging series of attacks targeting web applications, IP cameras, routers and more, comprising at least 31 known vulnerabilities — seven of which were also seen in the previous Gitpaste-12 sample — as well as attempts to compromise open Android Debug Bridge connections and existing malware backdoors,” Juniper researcher Asher Langton noted in a Monday analysis.

Included in the list of 31 vulnerabilities are remote code flaws in F5 BIG-IP Traffic Management User Interface (CVE-2020-5902), Pi-hole Web (CVE-2020-8816), Tenda AC15 AC1900 (CVE-2020-10987), and vBulletin (CVE-2020-17496), and an SQL injection bug in FUEL CMS (CVE-2020-17463), all of which came to light this year.

It’s worth noting that Ttint, a new variant of the Mirai botnet, was observed in October using two Tenda router zero-day vulnerabilities, including CVE-2020-10987, to spread a Remote Access Trojan (RAT) capable of carrying out denial-of-service attacks, execute malicious commands, and implement a reverse shell for remote access.

Aside from installing X10-unix and the Monero crypto mining software on the machine, the malware also opens a backdoor listening on ports 30004 and 30006, uploads the victim’s external IP address to a private Pastebin paste, and attempts to connect to Android Debug Bridge connections on port 5555.

On a successful connection, it proceeds to download an Android APK file (“weixin.apk”) that eventually installs an ARM CPU version of X10-unix.

In all, at least 100 distinct hosts have been spotted propagating the infection, per Juniper estimates.

The complete set of malicious binaries and other relevant Indicators of Compromise (IoCs) associated with the campaign can be accessed here.

via:  thehackernews

5 strategies for CISOs during a time of rapid business transformation

A survey of business leaders by PwC finds the pandemic is causing rapid changes in the roles CISOs play, and offers five tips for ensuring that security remains stable as we enter a new normal.

A study of business leaders by PwC has found that the role of chief information security officers (CISOs) have grown considerably due to the COVID-19 pandemic, with 40% saying they’re now having to fill both an operational role and the role of a digital transformation leader.

One of the major reasons CISOs are being pushed so hard could be because PwC found 40% of businesses have sped up digital transformation efforts due to pandemic shutdowns, with many having already advanced to year two or three of their five-year transformation plans.

All of these changes call for new modes of leadership and a complete transformation of organizational cybersecurity models, PwC argues, and it uses its survey’s findings to provide five moves CISOs should take to be sure cybersecurity keeps up with the evolution of the enterprise.

1. New strategies, and new modes of security leadership, are needed

Ninety-six percent of respondents said they’re adjusting their cybersecurity plans due to COVID-19, and the biggest evolution in security strategies seems to be baking security and privacy into every business decision.

Other security strategies that CISOs said they’re considering are new processes for budgeting, more granular quantification of risks, increasing interactions between CISOs and CEOs/boards, and increasing resilience testing for low-likelihood, but high-impact, events.

Increasing confidence, PwC said, requires putting a dollar amount on cyber risks. “The economics of cybersecurity has long focused on the cost side (compliance, updating capabilities, and so on). This must change,” the report said.

Costs should instead be considered as part of the overall business budget “in a strategic, risk-aligned, and data-driven way.” Evaluate the costs of security projects, the costs of compliance, the costs of risk reduction, and the value of cybersecurity investments in order to build a prioritized list of what needs to be done first in order to meet business objectives.

“This kind of rigor and sophistication will be increasingly demanded—especially as the markets and regulators hold CEOs and board members more accountable for cybersecurity and privacy,” the report said.

3. Do everything possible to level the playing field against attackers

Investing in cybersecurity innovation is essential, PwC said. Zero trust architecture, real-time threat intelligence, endpoint solutions, and other tools have all grown in recent years, and getting in on the ground floor with new security products can be the key to closing the gap between rapidly-evolving cyberthreats and security.

The next major evolution in security will be cloud products, the report found, with 76% of respondents saying they’ve already moved their security operations to the cloud. Cloud products, PwC said, are dynamic, nimble, and are secure by design, while in-house legacy systems are static and insecure in their default state.

“CISOs who transition their organization to the cloud are able to build-in hygiene mechanisms from the beginning—in automated ways. They’re also able to eliminate friction from the system and simplify service delivery to their customers,” the report said.

4. Account for every possible scenario

Resiliency plans need to account for everything, PwC said, from highly likely, low-impact attacks to unlikely but devastating ones.

The report recommends drawing up a likelihood-impact grid (axes from low to high likelihood, and low to high impact) and using that to allocate your efforts and budget. Don’t ignore lower risk attacks, but plan according to the threats most devastating to your industry and company.

“More than three-quarters of executives in our Global DTI 2021 survey say that ‘assessments and testing, done right, can help them target their cybersecurity investments,'” the report said.

5. Build security teams with the future in mind

Fifty-one percent of respondents said they plan to increase the size of their cybersecurity teams in the next year, to which PwC said it’s essential to hire for 21st-century skills.

The most sought-after traits that respondents cited were analytics skills, communication skills, critical thinking, and creativity: “Shaping the future of cybersecurity — one that is in step with the business — means hiring the people who are ready to work collaboratively with others to tackle new, as-yet-undiscovered problems and analyze information,” the report said.

Hiring from within by training existing employees should be considered as well, and the report also found that managed security services providers can be a good solution when talent is hard to find as well, with 90% of respondents saying they use or plan to use managed service providers in the future.

via:  techrepublic.