Data security has always been a priority number one for business entities, and this question is topical in modern realities. The COVID-19 pandemic forced employees to turn to remote work, making inroads for cyber attacks. That’s why measures on data protection are necessary for every organization. Today, we do not imagine our lives without online Zoom, Skype, and Microsoft meetings that are very often held using a screen recorder or instant messages. It was reported that as of November 2020, Zoom has 300 million active participants per day.

Most companies have unprotected data and poor cybersecurity practices, and recent research says in 2020, the average cost of a data breach was $3.86 million. You can avoid losses caused by unprotected data by chasing the right protection measures. Most data breaches are related to human error and their unawareness of basic security rules. In this article, you will find practical tips to keep your data safe. 

Continue reading

Cybersecurity is facing something of a crisis – and it’s only getting worse. This crisis has been hanging over the industry for a number of years, but recent events have really shown the level of the problem.

The Covid-19 pandemic has had a massive effect on many industries, but one thing it has done universally is to push more companies online and made them more reliant on their internet services, connected devices and websites. 

Perhaps it is not surprising, then, that we have also seen an upsurge in cybercrime. Cybercriminals have seen the opportunity in the fact that businesses were forced to make use of technology, and in some cases, they may not have been ready to do so. This has left them vulnerable and potentially easier to breach. 

Continue reading

Are you contemplating a career in cyber security? If you approach the challenge with patience and plan your career path ahead of time, you’ll greatly increase the chances of success. There’s been no better time to enter this exciting, growing field. With each passing day, and frequent news headlines about this or that company getting hit by hackers and digital criminals, the demand for trained, experienced cyber security workers is higher than it’s ever been. If you’re set on getting in on the growth phase of the industry, learn the basics, know how to finance a pertinent education, and understand some of the key facts about selecting a major and finding a job after graduation.

Continue reading

2020 has been a year of learning for businesses on many levels. From enabling global remote practically overnight to switching to cloud-based applications and infrastructure – the list of learnings has been long. But none have managed to make quite a dent as much as the dramatic rise in malicious attacks on cloud and on-site networks. If anything, 2020 has been the year of the pandemic as well as large-scale, well-publicized security breaches.

According to RiskBased, just the first half of 2020 saw nearly 36 billion records exposed in data breaches. Verizon showed that 45% of breaches involved hacking, 17% were malware-based and 22% were phishing attacks. Suffice to say that the need for comprehensive cybersecurity planning and management has never been quite this palpable.

The financial cost of data breaches is only the tip of the iceberg with IBM estimating the average cost to be around $3.86 million in 2020 with an average lifecycle of around 280 days from identification to containment. Even a minor breach can leave businesses with exposed sensitive information that can leave users vulnerable to identity theft, financial damage, ruin the reputation of your business and leave you liable for compliance violations. Companies like IT Support Vermont can help businesses locally to adjust to the quickly changing cyber-attack landscape to try and adapt their technologies, processes, and policies.

Cybersecurity threats are only expected to evolve and grow increasingly difficult to identify and eliminate. So, without further ado…,

Continue reading

While the offensive-defensive strategies for vulnerable networks and data protection run in a never-ending cycle, the complexity and volume of cyberattacks still increased. Although traditional cybersecurity measures are still imperative to fight these cyberattacks, there is a growing need to combine the strength of artificial intelligence security to defend vulnerable networks and data from cyber attackers. 

In a recent report by antivirus company, Norton, it states that the global cost of data breach recovery is USD 3.86 million. Additional reports show that it takes up to 196 days for an organization to recover from any data security breach. These statistics show the increasing need for companies to use AI security to avoid both financial losses and waste of time. 

Continue reading

On my 1st week of the basic course in the Israeli army I was taught that in terms of information security there is no information item that is too negligible or too small to deal with.

The base location, the unit’s name, how big is my team – shall not be told.
There is no need to brag about the amazing projects we do
and
There is no reason to connect external media to computers

EVERYTHING about information security is important and must be afterthought.

That approach is based on the assumption, that a person who was educated from the very 1st moment not to disclose the name of the unit (barely the city it is located at) will be very minded and aware with information of real potential harm.

This is an excellent and well-proven attitude with regard to security, and I’d expect it to be a corner stone in mission critical cyber security organizations and industries such as: medical, energy, avionics and automotive.

Continue reading

Medical IoT devices operate in care facility environments that encompass care giving, case management, customer service, and clinic management. As such, the risk of data gathered and managed by medical devices extends beyond the device itself. A compromise of clinic management services can propagate to IoT device command and control, allowing compromise of devices in attacks that do not directly touch the device at all. This is clearly the major driver for the emerging category of “Medical IoT (IoMT) Cyber Security ”

A large hospital for examples could be home to as many as 85,000 connected devices. While each of these devices has a significant role in the delivery of care and operational efficiency, each connected device also opens the door to a malicious cyberattack. A recent report from Irdeto,  found that 82 percent of healthcare organizations’ IoT devices have been targeted with a cyberattack within the last year.

Going over the players in this industry, it is clear that the Medical IoT security category includes a number of different approaches with the common target to provide the customer with a clear assets discovery and timely alerting on security breaches and attacks on its Medical environment.

Although many large security players are addressing this niche too, CyberDB identified a number of emerging players that are focusing on this industry and as such we expect them to benefit from the growth in this market. These players are (in alphabetical order):

Continue reading

Breach and Attack Simulation is a new concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels. Breach and attack simulation is a fast-growing segment within the cybersecurity space, and it provides significant advantages over traditional security evaluation methods, including penetration testing and vulnerability assessments.

Going over the players in this industry, it is clear that the BAS category includes a number of different approaches with the common target to provide the customer with a clear picture of its actual vulnerabilities and how to mitigate them.

CyberDB has handpicked in this blog a number of exciting and emerging vendors. These players are (in alphabetical order):

Those companies have a number of characteristics in common, including  a very fast time to market, successful management team and strong traction. In addition, all of them have managed to raise Series A or B funding over the last 16 months, ranging from $5M to $32M.

Continue reading

IoT Security in 2019

In recent years, IoT has been on the rise, with billions of new devices getting connected each year. The increase in connectivity is happening throughout markets and business sectors, providing new functionalities and opportunities. As devices get connected, they also become unprecedently exposed to the threat of cyberattacks. While the IoT security industry is still shaping, the solution is not yet clear. In this article, we will review the latest must-know about IoT visibility & security and we will dive into new approaches to secure the IoT revolution.

IoT visibility & security in 2019:

1. IoT endpoint security vs network security

Securing IoT devices is a real challenge. IoT devices are highly diversified, with a wide variety of operating systems (real-time operating systems, Linux-based or bare-metal), communication protocols and architectures. On top of the high diversity, comes the issues of low resources and lack of industry standards and regulations. Most security solutions today focus on securing the network (discover network anomalies and achieve visibility into IoT devices that are active in the network), while the understanding that the devices themselves must be protected is now establishing. The fact that IoT devices can be easily exploited makes them a very good target for attackers, aiming to use the weak IoT device as an entry point to the entire enterprise network, without being caught. Besides that, it’s important to remember that network solutions are irrelevant for distributed IoT devices (i.e., home medical devices), that has no network to protect them.

Manufacturers of IoT devices are therefore key for a secure IoT environment and more and more organizations are willing to pay more for built-in security into their smart devices.

2. “Cryptography is typically bypassed, not penetratedShamir’s law

In recent years we see a lot of focus on IoT data integrity, which basically means encryption & authentication. Though very important by itself, it’s important to understand that encryption doesn’t mean full security. When focusing mainly on encryption & authentication, companies forget that the devices are still exposed to cybersecurity vulnerabilities that can be used to penetrate the device and receive access into the decrypted information, thus bypassing the authentication and encryption entirely. In other words, what’s known for years in the traditional cyber industry as Shamir’s law should  now make its way to the IoT security industry: “Cryptography is typically bypassed, not penetrated” and therefore companies must invest in securing their devices from cyber attacks and not just handle data integrity. To read more about that, please visit Sternum IoT Security two-part blog post.

Continue reading

Businesses need to take their cyber security seriously. There are huge financial implications for being hacked, not just from the perspective of lost revenue and weakened reputation, but also in the form of stricter regulations from laws such as the General Data Protection Regulation (GDPR). However, there are a number of myths about cyber security that make it difficult for companies to know what the best course of action is. Here are four myths about cyber security that are still affecting British businesses.

Myth #1: Cyber security is purely dealt with by the IT department

One commonly held myth that can actually put businesses at risk is the idea that cyber security is something that the IT department (and only the IT department needs to be concerned about). Of course, it is necessary to provide your IT team with the budget and resources to defend your business against the risk of a cyber-attack.

Continue reading