It is extremely common for business websites to use web applications. However, when these applications contain vulnerabilities they can be exploited by hackers. This makes it essential that companies start taking web application security more seriously. 

There are countless examples of poor web application security that have led to extremely serious data breaches and the loss of significant amounts of money. The well-publicised data breach at Equifax was caused by a failure to patch a flaw in a web application – this ended up costing the business in excess of $1.38billion.  

Continue reading

Whereas Apple computer infections show a growing trend, users can fall victim to other cyber-attacks that involve phishing and may lead to identity theft, financial losses, and other serious issues. Phishing is one of the dominating forms of today’s online attacks. With social engineering at its core, it mainly relies on booby-trapped links, typically arriving with emails, to hoodwink recipients into disclosing their personal information to fraudsters.

The particularly unnerving thing is that phishing kits available on darknet sources can be easily accessed by individuals who don’t have a solid programming background. It means that even people with basic computer skills may zero in on you.

Continue reading

Machine learning and artificial intelligence are changing the way that businesses operate. Whether it’s on the factory floor or in back-end IT, automated services and machines are increasing speed and productivity all while freeing up workers to focus on tasks which require a totally different set of skills.

Alongside this, we are seeing the role of AI in cyber security increase as well as the number of artificial intelligence security tools being used too. This is all because AI is trained to learn, develop and grow using the data it is provided with. Essentially, an AI system is constantly in a state of change and improvement. In an environment where hackers and security threats are everywhere and constantly looking for a way into a system, protecting company data has never had such a high priority. With this in mind, it’s important to understand exactly what is AI in cyber security and just how is AI in security being implemented?    

Continue reading

On my 1st week of the basic course in the Israeli army I was taught that in terms of information security there is no information item that is too negligible or too small to deal with.

The base location, the unit’s name, how big is my team – shall not be told.
There is no need to brag about the amazing projects we do
and
There is no reason to connect external media to computers

EVERYTHING about information security is important and must be afterthought.

That approach is based on the assumption, that a person who was educated from the very 1st moment not to disclose the name of the unit (barely the city it is located at) will be very minded and aware with information of real potential harm.

This is an excellent and well-proven attitude with regard to security, and I’d expect it to be a corner stone in mission critical cyber security organizations and industries such as: medical, energy, avionics and automotive.

Continue reading

By 2021, cybercrimes will cost companies USD 6 trillion, according to a study.

The number of internet users has grown from an estimated at 2 billion in 2015 to 4.4 billion in 2019, but so have the cybercrimes which are expected to cost companies USD 6 trillion worldwide, according to a study by Cybersecurity Ventures.

Similarly, the number of smartphone users has grown from 2.5 billion in 2016 to 3.2 billion in 2019 and is forecasted to grow to 3.8 billion by 2021. Smartphones and the internet will make further inroads to our economic system. But there are certain risks involved as well.

Mobile phones are becoming targets of cybercriminals because of their widespread use and increasing computing power. Consider the fact that more than 60 % of online fraud occurs through mobile phones. This threat is not just towards individual users but businesses as well. It does not matter how large the company is either. 43% of the cyberattacks in 2019 were aimed at smaller businesses because they do not have adequate protection.

Continue reading

Medical IoT devices operate in care facility environments that encompass care giving, case management, customer service, and clinic management. As such, the risk of data gathered and managed by medical devices extends beyond the device itself. A compromise of clinic management services can propagate to IoT device command and control, allowing compromise of devices in attacks that do not directly touch the device at all. This is clearly the major driver for the emerging category of “Medical IoT (IoMT) Cyber Security ”

A large hospital for examples could be home to as many as 85,000 connected devices. While each of these devices has a significant role in the delivery of care and operational efficiency, each connected device also opens the door to a malicious cyberattack. A recent report from Irdeto,  found that 82 percent of healthcare organizations’ IoT devices have been targeted with a cyberattack within the last year.

Going over the players in this industry, it is clear that the Medical IoT security category includes a number of different approaches with the common target to provide the customer with a clear assets discovery and timely alerting on security breaches and attacks on its Medical environment.

Although many large security players are addressing this niche too, CyberDB identified a number of emerging players that are focusing on this industry and as such we expect them to benefit from the growth in this market. These players are (in alphabetical order):

Continue reading

Breach and Attack Simulation is a new concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels. Breach and attack simulation is a fast-growing segment within the cybersecurity space, and it provides significant advantages over traditional security evaluation methods, including penetration testing and vulnerability assessments.

Going over the players in this industry, it is clear that the BAS category includes a number of different approaches with the common target to provide the customer with a clear picture of its actual vulnerabilities and how to mitigate them.

CyberDB has handpicked in this blog a number of exciting and emerging vendors. These players are (in alphabetical order):

Those companies have a number of characteristics in common, including  a very fast time to market, successful management team and strong traction. In addition, all of them have managed to raise Series A or B funding over the last 16 months, ranging from $5M to $32M.

Continue reading

Serverless Security Best Practices

According to a study by LogicMonitor, the number of applications hosted on-premises will decrease by 10%, to 27%, by 2020. In comparison, the number of cloud-native, more specifically serverless hosted applications, like AWS Lambda, Google Cloud and Microsoft Azure, will increase to 41%.

The trend to cloud, specifically serverless, and away from on-prem, is not new and of no surprise, as serverless hosted applications provide developers with a faster speed to market and allows for them to release new functionality on a more frequent basis. In addition, it can save organizations bundles in infrastructure costs. It has however left DevSecOps and security teams in a quandary. While they don’t want to impede development efforts, they are left with no choice but to place the security of serverless applications in someone else’s hands.

To alleviate this issue, there are several serverless security best practices that must be put in place in order to properly secure serverless apps launched by the developer.

Continue reading

Businesses need to take their cyber security seriously. There are huge financial implications for being hacked, not just from the perspective of lost revenue and weakened reputation, but also in the form of stricter regulations from laws such as the General Data Protection Regulation (GDPR). However, there are a number of myths about cyber security that make it difficult for companies to know what the best course of action is. Here are four myths about cyber security that are still affecting British businesses.

Myth #1: Cyber security is purely dealt with by the IT department

One commonly held myth that can actually put businesses at risk is the idea that cyber security is something that the IT department (and only the IT department needs to be concerned about). Of course, it is necessary to provide your IT team with the budget and resources to defend your business against the risk of a cyber-attack.

Continue reading

Amazon Web Services (AWS) offers a huge variety of benefits for businesses, and organisations are increasingly opting for cloud solutions for their data, website, and applications. However, there are still some businesses using AWS that have not put the proper cyber security controls in place. Here we take a look at ten great tips to improve your AWS cyber security.

  1. Understand your responsibilities

When you work with any kind of web services provider you need to understand what you are responsible for and what will be managed by the provider. This is absolutely true in terms of AWS – where Amazon runs its so-called ‘shared responsibility model’. In this model AWS is responsible for protecting the infrastructure of the AWS cloud system including hardware, software, and networking.

On the other hand, you as the customer is responsible for customer data, identity and access management, firewall and anti-virus configuration, and issues such as data encryption. It can sometimes be necessary to work with outside agencies to manage your own cyber security.

Continue reading