Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

45 Unfortunately, security experts and law enforcement officials often offer conflicting advice. Law enforcement officials discourage governments from paying ransom, since capitulation incentivizes cybercriminals to continue targeting similar organizations. Security and business consultants, such as Forrester for example, acknowledge that paying the ransom is a viable option for retrieving encrypted information – as well as the fastest and sometimes, least costly. One practical concern is that paying ransom does not guarantee agencies will retrieve the information that was seized. A survey of nearly 1,200 IT security professionals across 17 countries conducted by CyberEdge Group, a research and marketing firm, revealed that of the 38.7% of individuals who chose to pay ransom following an attack, less than one fifth (19.1%) were able to regain access to all critical data. Plan of Cyberattack Ransomware attacks are most often initiated via spear-phishing emails with appeals customized to targeted employees. When the unsuspecting recipient clicks on a malicious link within the email or opens an infected attachment, web-based command and control servers deploy malware payloads via device browsers. Despite being one of the oldest hacking techniques around, phishing remains the vehicle of choice for malicious actors, who excel at generating innovative and highly effective ways to manipulate recipients. The rise of free hosting providers has significantly contributed to the increase in phishing volume, since malicious actors can easily and inexpensively launch and importantly, quickly take down sites before they can be categorized as malicious. By coupling free hosting sites with targeted social engineering techniques, threat actors easily defeat traditional, reputation-based cyber security tools and systems. Detection and categorization-based cybersecurity solutions are powerless against this onslaught. And while employee training is essential, human error is inevitable. Just one erroneous click by a distracted employee can paralyze an entire city. According to a 2019 report from Cybersecurity Ventures sponsored by Herjavec Group, a business will fall victim to a ransomware attack every 14 seconds in 2019, and every 11 seconds in 2021. Ransomware damages are predicted to reach a global cost of $11.5 billion in 2019. Secure Zero Trust Browsing for Government Entities Government entities can circumvent most cyberthreats if they operate under the Zero Trust principle that no individual or element is to be trusted. No traffic, whether internal or external, should be assumed safe. Zero Trust solutions leverage granular security policies that allow organizations to control, restrict and monitor communications between data, applications, networks and individuals. All elements are microsegmented, and access is restricted in accordance with stringent security policies and user authentication.
46 It’s a basic fact of contemporary life that the internet is not safe. In fact, the internet is a critical part of the delivery chain for most threats. Zero Trust supporters address this fact by recommending that known secure sites be whitelisted and access denied to all other sites. This is, however, highly impractical for most businesses, which rely on the internet for many essential business tasks. Limiting access reduces productivity, leaves employees frustrated and increases workloads for IT staff, who must divert attention from critical tasks to manage access requests. Users are forced to wait for IT approval and intervention in order to complete their tasks. When it comes to browsing, Zero Trust security must ensure that no site can interact with vulnerable endpoint browsers and through them, organizational networks. One method of implementing Zero Trust browsing that is rapidly gaining traction is remote browser isolation (RBI), which sequesters all direct interaction with websites in virtual browsers located remote from endpoints. When a user opens a browser or tab, a virtual browser is spun up within a container in the cloud. All direct contact with websites and applications occurs within that container - no content reaches the end-user’s device. A safe media stream is sent from the remote browser to the user’s endpoint browser, allowing them to interact naturally with the site. Some RBI solutions also sanitize downloads through a content disarm and reconstruction process before releasing them to the endpoint. When the user stops browsing, the container along with all content from the browsed site is destroyed. RBI protects government agencies from users’ erroneous clicks on phishing emails by opening linked sites in the remote container. In addition, some solutions address credential theft by blocking known malicious sites and opening suspicious sites in read-only mode. Public sector organizations are on track to embrace the Zero Trust paradigm. Until that happens, however, their security situation will continue to be challenging and complex. Zero Trust Browsing using RBI provides a practical path to rapidly reduce threats and realize both security and productivity when it comes to threats delivered via the web. About the Author Gerry Grealish is the Chief Marketing Officer at Ericom, where he is responsible the company’s outbound marketing and business development activities. He is a security industry veteran, with over 20 years of Marketing and product experience in cybersecurity and related technologies. In addition to his work at Ericom, Gerry is a frequent contributor to cybersecurity dialogue in areas such as Zero Trust Security, Cloud Access Security Brokers (CASB), and Web/Cloud Security. Connect with Gerry on LinkedIn.
Page 1 and 2: 1 8 Most Common Cybersecurity Mista
Page 3 and 4: 2
Page 5 and 6: 4 The Internet Got Safer In 2019: A
Page 7 and 8: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10: 8
Page 11 and 12: 10
Page 13 and 14: 12
Page 15 and 16: 14
Page 17 and 18: 16
Page 19 and 20: 18
Page 21 and 22: 20 8 Most Common Cybersecurity Mist
Page 23 and 24: 22 You can prevent (or decrease) th
Page 25 and 26: 24 While it’s not feasible to res
Page 27 and 28: 26 The major difference is the addi
Page 29 and 30: 28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32: 30 • Conduct cybersecurity traini
Page 33 and 34: 32 Persistent Cybersecurity Industr
Page 35 and 36: 34 Automation is welcome and seen a
Page 37 and 38: 36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45: 44 Government Agencies Are Prime Ta
Page 49 and 50: 48 simpler way to approach these pr
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53 and 54: 52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98:
96 After suffering a cyber attack m
Page 99 and 100:
98 Some of the most damaging Inside
Page 101 and 102:
100 Out-Smarting the Cybersecurity
Page 103 and 104:
102 Empower Other Teams Network and
Page 105 and 106:
104 New Security Report Highlights
Page 107 and 108:
106 The Threat Lab team also analyz
Page 109 and 110:
108 Drive, AWS, Office 365, etc. It
Page 111 and 112:
110 former governor, this bill also
Page 113 and 114:
112 I mean, if you want to be able
Page 115 and 116:
114 Is It Safe to Connect to Public
Page 117 and 118:
116 5. Safe Browsing Additional dil
Page 119 and 120:
118 flawed method in which Evernote
Page 121 and 122:
120 Really, Imagine a Day Without W
Page 123 and 124:
122
Page 125 and 126:
124
Page 127 and 128:
126
Page 129 and 130:
128
Page 131 and 132:
130
Page 133 and 134:
132
Page 135 and 136:
134
Page 137 and 138:
136
Page 139 and 140:
138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?