Here’s what you need to know about how to scan your website for vulnerabilities, common mistakes to avoid during the process, and the reliable tools you can use to enhance your website’s security. By conducting a site security scan, you can proactively address potential issues, avoid costly data recovery efforts, and mitigate legal liabilities after a breach.

How to Scan a WordPress Website for Vulnerabilities

WordPress is one of the most popular content management systems in the world, holding 62.5 percent of the global CMS market share. Its flexibility, ease of use, and extensive library of plugins and themes make it a preferred choice for developers and users alike. However, this popularity also makes WordPress a target for hackers and cybercriminals. Fortunately, scanning your WordPress website for vulnerabilities is a straightforward process.

1. Choose a Scanner

Choose a suitable scanner—you can opt for plugins like Wordfence or WPScan, which are specifically designed for WordPress security, or consider a more comprehensive commercial tool like Acunetix or MalCare Security Plugin.

2. Set Up the Scanner

If you are using a plugin, you need to install and configure it to scan your site. For online tools like WPScan, visit the provider’s website and follow the instructions. Commercial scanners typically require you to sign up for the service and configure the settings for your site.

3. Run the Scan

Schedule the plugin to scan your site at regular intervals; it will send scan results via email alerts. For online scanners, input your site’s URL into the tool’s webpage and wait for the scan to complete. Most commercial tools let you schedule scans according to their settings.

4. Patch Vulnerabilities

Address vulnerabilities based on the scan results. If using a plugin scanner, regularly update your WordPress core, themes, and plugins, and apply any recommended patches. For commercial scanning tools, follow instructions for patching vulnerabilities. Regardless of the scanner type, ensure that all necessary patches are applied to maintain your site’s security.

5. Monitor and Maintain the Site

To maintain the security of your WordPress site, regular monitoring and upkeep are needed. Periodically conduct scans to detect emerging vulnerabilities and routinely check for security issues to effectively secure the online presence of your website.

How to Scan a Joomla Website for Vulnerabilities

While not as widely used as WordPress, Joomla is still another popular CMS with more than 123 million downloads worldwide. This free CMS is renowned for its ease of use, flexibility, and powerful core features, making it a prime target for hackers and cybercriminals. To minimize risks, follow a systematic approach when scanning Joomla websites for vulnerabilities.

1. Detect the Installed Joomla Version

Determine the exact version of Joomla running on the target site. This is an important step as it helps in uncovering vulnerabilities specific to that particular version. By identifying the installed version, you can cross-reference it against security databases for any potential security flaws that may be present in the website.

2. Enumerate Installed Components, Modules, and Templates

Then, list all installed components, modules, and templates on the website. These extensions can introduce additional vulnerabilities beyond those present in the core Joomla software. Tools like JoomScan can enumerate common information about the Joomla site, including the version number, CVEs, firewall detection, and common logs.

3. Perform Black-Box Testing

Black-box testing is a technique used to simulate an external attacker attempting to gain unauthorized access to the Joomla website. You treat the website as a black box, without any prior knowledge of its internal workings or configuration. Try to find security weaknesses by interacting with the website in the same way a malicious actor would—by submitting malformed input, exploiting common vulnerabilities, and probing for sensitive information.

4. Use Specialized Joomla Vulnerability Scanners

Use specialized Joomla vulnerability scanners and security tools to automate the detection of known vulnerabilities, misconfigurations, and entry points for attacks. By running these scanners against the website, you can quickly unveil areas of concern and prioritize remediation efforts.

5. Check for Directory Indexing and Information Disclosure

Complete a passive scan to check if directory indexing is enabled on key locations. This can reveal sensitive information like source code, configuration files, and database dumps that could aid an attacker. Additionally, look for pages that disclose sensitive information in their HTML comments or in linked JavaScript files.

6. Carry out Threat Intelligence and Blacklisting Checks

Vulnerability scanners like JoomlaVS can check if the site is linked from pages known to host malware or be associated with spam. Verify if the site’s IP address or domain is blacklisted by security organizations or antivirus vendors.

7. Use Active Scanning Tools

Free scanners like OpenVAS can help expose known vulnerabilities in Joomla core, themes, extensions, modules, and components. By using these active tools, you can locate security weaknesses that may not be immediately apparent through passive analysis alone.

8. Analyze the Results

Review detailed reports to pinpoint high-risk vulnerabilities that could allow an attacker to gain unauthorized access, elevate privileges, or compromise sensitive data. Prioritize remediation based on factors like exploit availability, impact, and ease of exploitation.

9. Implement Fixes and Mitigations

Update Joomla core and extensions to the latest secure versions to patch known vulnerabilities. Implement strong access controls, password policies, and multi-factor authentication (MFA) to limit unauthorized access. Configure web application firewalls (WAFs) and intrusion detection systems (IDS) to protect against common attacks.

How to Scan a Custom-Built Website for Vulnerabilities

Custom-built websites can be particularly vulnerable to security threats, as they often lack the robust security features and regular updates found in modern content management systems. These sites require a more manual and creative means to vulnerability scanning. By following a structured approach, combining automated and manual techniques, and staying current with security best practices, you can scan your custom website for vulnerabilities and help boost its defense.

1. Gather Information

Start by using a web scanning tool like WhatWeb to gather information about the website, including programming languages, frameworks, and versions used. This information can help you pinpoint known vulnerabilities that may affect the site. Look for outdated versions of components with known exploits available. Determining the programming versions can also give clues, as new vulnerabilities are constantly being discovered.

2. Scan for Common Vulnerabilities

Use security scanners like ZAP, w3af, and skipfish to check for usual web server and application vulnerabilities. These scanners can reveal obsolete system components, configuration errors, and weak access points, giving you a good baseline understanding of your website’s security status.

3. Conduct a Thorough Application Scan

For a deeper scanning of your web application, consider a more advanced solution like Burp Scanner. This web vulnerability scanner can help you locate typical website vulnerabilities and other application-specific weaknesses. Sophisticated website scanners can test for more complex vulnerabilities and offer more in-depth security analysis.

4. Review the Code and Configuration

Conducting a hands-on security audit and manually reviewing the code, configuration files, and server logs can help reveal vulnerabilities that automated scanners may miss. Search for improper input validation, weak authentication, and other insecure coding practices. Looking for misconfigurations and unnecessary services is also important.

5. Obtain Necessary Permissions

Remember to always have permission before conducting any penetration testing activities on a website you do not own or manage. Unauthorized testing can be considered illegal in some jurisdictions, so ensure you have explicit authorization and follow any rules of engagement.

6. Stay Up-to-Date with Security Best Practices

Continuously stay informed about the latest security best practices and vulnerabilities to ensure your scanning methodology is effective and up-to-date. Follow security pages and join online communities to keep up with the latest cyberthreats and website vulnerabilities, then update your scanning procedures to account for threats and techniques.

10 Common Website Vulnerabilities

Websites are common targets for malicious actors because of the sensitive data they handle. Failing to resolve obvious website vulnerabilities can lead to devastating consequences, like data breaches, system compromises, and reputational damage. Website vulnerabilities scanners can help detect some of the most common website vulnerabilities, including the following:

• Broken Access Control: This happens when security restrictions are not properly enforced, often due to inadequate role-based access controls or insufficient validation of user permissions. As a result, an attacker gains unauthorized access to sensitive data or functions.
• Cryptographic Failures: Formerly known as sensitive data exposure, cryptographic failures expose sensitive information through weak encryption, improper key management, or insecure data storage. Attackers can exploit these vulnerabilities to intercept passwords, financial information, or personal data.
• SQL Injection (SQLi): This vulnerability involves an attacker injecting malicious SQL code into web application input fields, such as login forms or search bars. If successful, they can access, modify, or delete data stored in the backend database, which may lead to data breaches.
• Cross-Site Scripting (XSS): XSS vulnerabilities allow attackers to inject malicious scripts into a web application’s output, oftentimes by taking advantage of insecure user input handling. When executed in a victim’s browser, these scripts can hijack user sessions, deface websites, or redirect you to malicious sites. XSS is particularly dangerous for eCommerce and banking sites that handle sensitive financial information.
• Cross-Site Request Forgery (CSRF): CSRF attacks trick you into doing unintended actions, like changing your password or transferring funds, on a web application you’re already authenticated with. Attackers achieve this by embedding malicious code on a website or by sending a crafted link via email or instant message.
• Server-Side Request Forgery (SSRF): SSRF exploits a server’s ability to send requests to other systems. Attackers use this to access internal resources, steal sensitive data, or launch further attacks within a network.
• Insecure Design: This vulnerability results from failing to incorporate proper security during the web application’s development phase. Poor design choices, such as missing authentication layers or unchecked input validation, leave websites vulnerable to exploitation.
• Security Misconfiguration: Default settings, excessive permissions, or unnecessary features in a web application can create entry points for attackers. This could lead to unauthorized access, data breaches, or service disruptions.
• Outdated Components: Using old libraries, plugins, or software dependencies increases the risk of exploitation due to unpatched vulnerabilities. Outdated components often lack the latest security patches, enabling attackers to compromise the system or inject malicious code.
• Insufficient Logging and Monitoring: Without effective tracking and alerts, suspicious activities go unnoticed, allowing breaches to persist and possibly escalate. This could delay the identification of threats, increasing the risk of data loss and prolonged downtime.

Best Practices for Website Security Scanning

According to the World Economic Forum, damages incurred by cybercrime could reach $10.5 trillion annually by 2025. Adopting best practices for website security scanning can boost your defense against cyber threats. These practices establish a strong foundation for maintaining a secure and resilient infrastructure.

• Conduct Regular Scans and Monitoring: Schedule frequent scans to detect new vulnerabilities as they arise. Routine checks ensure risks from updates, new features, or configuration changes are promptly resolved. Complement scans with real-time monitoring tools to detect unusual activity or breaches quickly.
• Ensure In-Depth Vulnerability Assessments: Perform scans that cover all aspects of your website, including databases, APIs, and third-party integrations. Don’t overlook hidden files, misconfigured permissions, or outdated libraries that can create entry points for attackers.
• Customize Scanning Configurations: Configure scanning tools to align with your website’s specific structure. Generic scans may miss vulnerabilities unique to your site’s setup, and customizing the scan increases accuracy.
• Use Automated Scanning Tools: Integrate automated scanning tools to spot issues faster and more consistently. These tools can be scheduled to run periodically or triggered after major site quotes, reducing the risk of human error and improving efficiency in uncovering vulnerabilities.
• Validate and Cross-Check Results: While automated scanning tools are effective, they are not infallible, so don’t assume that all scan results are completely accurate. Manually verify detected vulnerabilities to rule out false positives or negatives–this way you can dedicate remediation efforts on actual risks.
• Track and Document Scanning Results: Maintain detailed records of each scan, including detected vulnerabilities, their severity, and actions taken. A clear record helps find recurring issues and promotes accountability in mitigating risks.
• Use AI to Boost Scanning: Incorporate artificial intelligence (AI) technologies like AI security software to automate vulnerability detection and real-time threat analysis. Consider applying generative AI for cybersecurity to simulate attack scenarios and predict potential risks.

Top 3 Website Security Scanning Tools to Consider

Choosing the right website security scanner plays a substantial role in keeping your online presence secure. Here are some of the top website scanning tools for WordPress, Joomla, and custom-built sites to help you detect vulnerabilities, monitor potential threats, and strengthen your website’s security posture.

WPScan

WPScan is a popular security scanner designed to assess the security of WordPress websites. Its key strengths include vulnerability detection, version enumeration, and user enumeration capabilities. This website vulnerability scanning tool can check the WordPress core, plugins, and themes against a large database of known vulnerabilities, so you can quickly deal with security issues that may arise. WPScan also delivers password brute-force testing and detects publicly accessible configuration files and database dumps.

WPScan requires a paid API subscription to access the full vulnerability database and receive detailed vulnerability information. However, the free API plan should be sufficient for many WordPress users, and the tool’s extensive security scanning capabilities make it a valuable choice for securing WordPress websites.

JoomScan

JoomScan is an open-source vulnerability scanner project under OWASP and is a reputable tool for detecting and analyzing vulnerabilities in Joomla installations. JoomScan can perform in-depth scans of Joomla sites, enumerate versions, detect core vulnerabilities, identify installed components/modules, and find directory listings and backup files. In addition, its modular and lightweight architecture ensures minimal footprint during scans.

While JoomScan brings valuable features, it has limited documentation and project updates, which may impact long-term viability against new Joomla vulnerabilities. However, as an open-source project, the community can contribute to tackle any shortcomings.

Astra Vulnerability Scanner

Astra is a comprehensive website security scanning tool that covers over 9300 tests, detecting common security issues, like SQL injection and cross site scripting (XSS). It provides real-time monitoring and alerts to keep you informed about emerging threats, as well as detailed reports to support remediation efforts. One of Astra’s best features is its focus on minimizing false positives through automated scans verified by security experts. It’s worth noting, though, that while Astra offers advanced features, some users find its interface confusing.

Astra’s vulnerability scanner is priced at $199 per month, which can be used by five team members.

Frequently Asked Questions (FAQs)

Conclusion: Protecting Your Website With Regular Security Scans

By routinely scanning your website for vulnerabilities, you can swiftly find signs of security issues and take action. While automated scanning tools can be useful in detecting common vulnerabilities, they may not catch everything. These tools should be used in conjunction with manual code reviews.

Choose a reliable and trusted vulnerability scanning tool that can accurately identify vulnerabilities without generating an excessive number of false positives. You can take it a step further by using AI security software and generative AI for cybersecurity to build a stronger defense against cyberattacks.

Discover effective ways to fortify your cloud security and protect your organization by checking out our article on How to Guard Against the Biggest Cloud Security Threats.

The post How to Perform a Website Security Scan: A Vulnerabilities Guide appeared first on eWEEK.

A panel of industry experts will discuss the complex factors involved with incorporating AI with cybersecurity, including challenges and practical solutions, staffing issues, and the future of AI and security. Our aim is to offer thought leadership that enables companies to build a more secure infrastructure using artificial intelligence.

See below for the resources you need to participate in the eWeek TweetChat.

Expert Panelists

The list of experts for this month’s TweetChat currently includes the following:

• Evan Kirstel, Chief Digital Evangelist, eVIRa Health
• Richard Bird, CSO, Traceable AI
• Javed Hasan, CEO at Lineaje
• Mike Kiser, Director of Strategy & Standard, SailPoint
• Phil Calvin, Chief Product Officer, Delinea
• Wayne Dorris, Program Manager, Cybersecurity, Axis Communication
• Yair Cohen, Co-founder and VP of Product, Sentra
• Bojan Simic, CEO, Co-Founder, HYPR
• Bernard Golden, Executive Technical Advisor, VMware
• Andi Mann, Global CTO and Founder, Sageable
• James Maguire, Senior Editor, eWeek [moderator]

Please check back for additional expert guests.

TweetChat Questions: AI and Cybersecurity

The questions we’ll tweet about will include the following:

1. Here in late 2024, what’s the current level of artificial intelligence adoption in enterprise cybersecurity? Nascent, fully mainstream?
2. What key trends are driving the adoption of AI in cybersecurity?
3. What are the biggest challenges facing security and AI? Cost, staff training?
4. How do you recommend addressing these AI-related cybersecurity challenges?
5. What Best Practices advice would you give companies to more effectively deploy AI in their security infrastructure?
6. What about artificial intelligence and security staff? Will companies require less security staff due to AI’s support?
7. How do you sense that is AI changing the hacker community? That is, will AI ever enable companies to be fully safe from hacking?
8. Let’s look ahead: what enduring challenges will AI-based cybersecurity deployments continue to face in the future?
9. Also about the future: Your best advice to help companies prepare for the future of AI and cybersecurity?
10. A last Big Thought about AI and cybersecurity—what else should managers/buyers/providers know about this emerging sector?

How to Participate in the TweetChat

The chat begins promptly at 2 PM Eastern/11 AM Pacific on November 19. To participate:

1. Open X in your browser. You’ll use this browser to post your replies to the moderator’s questions.

2. Open X in a second browser. On the menu to the left, click on Explore. In the search box at the top, type in #eweekchat. This will open a column that displays all the questions and all the panelists’ replies.

Remember: You must manually include the hashtag #eweekchat for your replies to be seen by the TweetChat panel of experts.

That’s it—you’re ready to go. Be ready at 2 PM Eastern/11 AM Pacific to take part. Note that there is sometimes a few seconds of delay between when you tweet and when your tweet shows up in the #eweekchat column.

TweetChat Schedule for 2024*

September 17: The Future of Cloud Computing
October 22: How to Get the Most from Your Data
November 19: Cybersecurity and AI: Challenges and Solutions
December 10: Tech Predictions for 2025

*All topics subject to change

The post eWeek TweetChat, November 19, Cybersecurity and AI: Challenges and Solutions appeared first on eWEEK.

In the aftermath of the ransomware attack, the city was forced to take the drastic step of completely shutting down its digital infrastructure. As a result, 100 percent of city services became unavailable overnight, causing significant disruptions. The city needed to address these issues by deploying a solution that was easier to use, worked better, and could be trusted to keep data secure. To do this, the city turned to Veeam.

I met with Kim Walker LaGrue, CIO of the City of New Orleans, at the VeeamON 2023 conference in Miami to discuss how Veeam’s technology has helped the city with both backup recovery and disaster recovery. Highlights of the ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.

Also see: The Successful CISO: How to Build Stakeholder Trust

• The New Orleans ransomware attack is a key example of how vulnerabilities can be exploited. The incident began with compromised credentials. The IT department noticed unusual activity when there were constant password resets, and remote access was detected on user workstations. It was discovered that a user had opened a malicious email, allowing an attacker to infiltrate the city’s network.
• To recover from the attack, the city cleaned and inspected its existing data, transferred it onto new storage platforms, and implemented a fresh backup strategy with Veeam at its core. This approach ensured that as data was reintroduced into production, it was not only clean and free of ransomware, but also immediately backed up through Veeam. Ensuring the cleanliness of data is a critical but often under appreciated aspect of recovery.
• The city bounced back from the ransomware attack in just about a month. But the real game-changer moment came a year and a half later when New Orleans had to deal with a major disaster. A hurricane caused the city’s main data center to be destroyed by a fire. The city had to rely completely on secondary storage and its backups. This time, New Orleans restored its entire environment and got the backups online in the secondary data center within 48 hours.
• Before turning to Veeam, the City of New Orleans was dealing with fragmented backup solutions deployed across different parts of its IT environment. The backup solutions weren’t efficient enough to ensure fast recovery, which is crucial in the event of a data breach or a natural disaster. The city wanted a solution to consolidate the backup processes for all these disparate systems into one location.
• The city chose Veeam due to several key factors: simplicity, responsiveness, user-friendly interface, and immutable backups—an especially useful feature where backups cannot be modified or deleted after they are stored. Overall, Veeam’s solution acted like a security blanket over the city’s infrastructure as it was being rebuilt. This gave the team confidence during a potentially stressful period.
• Operationally, moving to Veeam has provided the city’s data center team with flexibility and automation regarding data recovery. The team can now easily identify and restore specific elements, whether an individual file or a set of servers, from a single interface that Veeam offers.
• For other organizations dealing with ransomware, the best approach is to prioritize and categorize data because it holds the most value. So organizations can truly understand the nature of the information in their environment. This puts technology solutions in the best possible position to recover, eliminating the need for organizations to negotiate with threat actors or pay a ransom.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

The post How Veeam Helped New Orleans Fight Ransomware appeared first on eWEEK.

Cohesity already offers backup services for Microsoft 365 on Amazon Web Services (AWS) and on-prem data protection for Azure virtual machines (VMs) and Azure Stack HCI, a hyperconverged infrastructure cluster solution that hosts virtualized Windows and Linux workloads.

The expanded partnership includes new integrations to bolster IT’s defense against cyber threats and offers Cohesity services on Azure to support multicloud security initiatives.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Cohesity-Microsoft Integration Addresses Ransomware, MFA 

The first integration combines Cohesity DataProtect and Microsoft Sentinel. Both DataProtect on-premises and backup as a service (BaaS) offerings now integrate with Microsoft Sentinel, a cloud-native security information and event management (SIEM) platform that streamlines incident reporting and ransomware alerts.

The second integration with Azure Active Directory (AD) provides multi-factor authentication (MFA) and single sign-on, which allows organizations to securely manage and access Cohesity Data Cloud and Cohesity Cloud Services.

The third integration pertains to BigID and Microsoft Purview. Cohesity’s data classification service is powered by BigID, which has built an integration with Microsoft Purview. So, joint customers can benefit from actionable data intelligence for data discovery, privacy, security, and governance.

Microsoft Customers Can Use Cohesity for Backups

In addition to these integrations, Microsoft customers will have access to Cohesity Cloud Services on Azure to secure data across hybrid environments. Cohesity’s DataProtect BaaS offering now supports Microsoft 365, which means customers can back up their Microsoft 365 to a dataplane hosted on Azure. Cohesity FortKnox, a software as a service (SaaS) cyber vaulting service for predictable data recovery, will be available to Azure customers in the coming months.

Cohesity is building on its partnership with Microsoft in order to give customers access to different services across multiple cloud vendors, said Gregory Statton, Office of the CTO, Data & AI at Cohesity. Customers can use the Helios management control plane to deploy data planes in Azure and AWS, as well as manage local clusters within private data centers.

Also see: The Successful CISO: How to Build Stakeholder Trust

Cohesity is Leveraging OpenAI for Enterprise Data Insights

Cohesity vision for AI includes leveraging Microsoft’s integration with OpenAI, which is currently the most powerful language model available. While not productized, Cohesity is deploying GPT-3.5 and GPT-4 models within its own managed environment, which would help ensure that data stays under the customer’s control. According to Statton, the data does not need to be in Azure to take advantage of this functionality.

Statton shared two examples of how Cohesity could tap into Azure OpenAI to unlock novel insights from enterprise data.

First is interactive reporting using large language models. In the demo, AI models were used to generate rich executive summaries from a stream of data stored in Cohesity’s Security Center to detect potential ransomware. The AI models were easily able to break down data and list entities or VMs that have the highest affected files or anomaly strength. The model also provided recommendations on how to handle these issues, such as mass recovery or accessing insights through a security assistant chatbot.

Also see: Generative AI Companies: Top 12 Leaders

GPT Makes Data Queryable in Natural Language 

Another product highlight is a conversational interface for real-time insights. The language model was able to identify anomalous entities within Cohesity’s audit logs.

In the demo, this information was accessible to a range of users—from chief information security officers (CISOs) to practitioners—in a digestible manner. Cohesity layered a conversational interface on top of this. Users could gain a deeper understanding of what’s being generated from the logs by asking additional questions, such as “which users have interacted the most with the infected system?” The large language models generate conversational responses, based on the user’s data access permissions.

The same approach could be applied to any data stored on Cohesity. The language model understands the context and intent of users’ questions, whether they relate to documentation, workloads being protected, or data within the system. It could retrieve relevant information and provide answers to various questions, making it versatile and useful for users.

“It humanizes interactions with the system and it allows users to reduce the time to remediation or reduce the time to action by providing actionable insights,” Statton said. “That’s the power of AI language models.”

The post Cohesity and Microsoft Tag Team To Improve Data Protection appeared first on eWEEK.

A recent report from IBM’s Institute for Business Value (IBV), Security in the Quantum Era offers insights into how this process works. The report examines the potentially catastrophic dangers posed by cybercriminals, rogue states and other bad actors that have access to quantum-level tools. It also discusses what IBM is doing to address those issues and help enterprises secure their IT assets and infrastructures against quantum cyberthreats.

For more information, also see: Digital Transformation Guide: Definition, Types & Strategy

IBM’s Security Focus for the Quantum Sector

IBM has been proactive in developing a host of advanced security offerings, including a suite of IBM Quantum Safe services that are designed to be resistant to quantum-based encryption cracking techniques. Those services are available for the IBM z16 mainframe launched last April, the industry’s first quantum-safe enterprise system.

In addition, IBM has spent years building a global team of top cryptography experts to spearhead quantum-safe schemes and preparation plans. The company contributed to developing three of the four algorithms chosen by the National Institute for Standards and Technology (NIST) for post-quantum cryptography standardization and was also a founding member of the GSMA Post-Quantum Telco Network Taskforce.

To learn more, also see: Secure Access Service Edge: Big Benefits, Big Challenges

Benefits and Dangers of Quantum Computing

The IBV report begins with a simple premise: “Quantum computing is evolving from the fantastical to the feasible.”

On the upside, emerging quantum solutions could help solve intractable problems in areas like machine learning, materials science, pharmaceutical research and process optimization. If that future comes to pass, the potential scientific, social and business benefits are enormous and well worth pursuing.

However, like any technology, quantum tools can be leveraged for good or ill. Regarding that danger, the IBV report notes that in the wrong hands “quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions.”

As a result, commonplace trusted data encryption mechanisms such as RSA and ECC public-key cryptography (PKC) could be vulnerable, endangering organizations’ information and financial assets.

As the World Economic Forum stated last August, “Considering that the digital economy is estimated to be worth $20.8 trillion by 2025, the repercussions could be staggering.”

Another factor in this scenario is the long-term value of many forms of information, including data related to national security, business strategy, intellectual property, public infrastructure, medical records and product development. The IBV report suggests that those assets are potentially already subject to exfiltration in so-called “harvest now, decrypt later” attacks, with the intention of monetizing data once quantum decryption solutions are viable.

For organizations ranging from large enterprises to government agencies and entities to public utilities to telecommunications providers, preparing for future cyber-attacks backed with quantum-level cryptographic tools is vitally important.

Building “Quantum-Safe” Cryptography Solutions

What does the IBV report suggest enterprises should do to address these dangers?

• Prepare for potential quantum threats by educating teams on quantum-safe cryptography and demonstrate how businesses can identify achievable near and long-term cryptographic goals.
• Discover potential vulnerabilities by using quantum-safe cryptographic assessments, including how to develop and deploy a successful ecosystem for a common approach to data governance.
• Transform business operations by performing analyses that can spot cryptographic dependencies between business-critical systems, thus leaving data vulnerable.
• Observe the threat landscape by developing a dashboard to promote visibility and assessment.

Final Analysis

IBM’s work in quantum-safe offerings and services, along with its continuing investments in advanced security development, show the company doing what it does best. While many enterprise IT vendors tend to compartmentalize product teams and creation, IBM is highly focused on integrating software, infrastructure, data analytics and AI into workable new business solutions and services. Those are crucial to the thousands of enterprises that look to the company for help solving existing business-critical problems.

Just as importantly, IBM’s pursuit of next generation technologies is designed to explore new business opportunities and concerns. The company has been a leading light in commercial quantum system development. It seems likely that the insights it gleaned along the way were foundational to the Quantum-Safe services available with the new generation IBM z16.

The conclusions offered in the IBV’s new Security in the Quantum Era report suggest that the company is acting as it has so often in the past. In essence, IBM is using its considerable investments, insights and inventions to help enterprise customers understand, prepare for and successfully weather future changes and challenges.

The post IBM’s Vision for Security in the Quantum Era appeared first on eWEEK.

DigiCert is well known for helping companies implement digital trust across the enterprise. DigiCert ONE is a modular platform that can be deployed individually or as part of a suite, either on-premises, in the cloud, or in a hybrid environment. Using the platform, companies can issue millions of certificates on devices and servers to sign software for user authentication with digital identities attached to them.

Also see: The Successful CISO: How to Build Stakeholder Trust

Endpoints Drive Need for Digital Trust

With the rise of connected devices and cloud deployments, the network perimeter has expanded. For IT operations, this means greater complexity and risk. For identity and access management (IAM) administrators, the authentication needs are increasing. For software development and IT operations (DevOps), security operations (SecOps), and operational technology (OT) teams, the attack surface is expanding.

That’s where Trust Lifecycle Manager comes in. It brings together certificate lifecycle management and PKI services. It also tightly integrates with public trust issuance. On the certificate management front, the solution provides:

• Discovery (centralized repository of all public and private certificates)
• Management and notifications (prevents expired certificates)
• Automation (one-touch provisioning and renewal)
• Integration (governance across CAs, or specific vendor Certificate Authority)

Multiple Deployment Options For Trust Lifecycle Manager

On the PKI services front, Trust Lifecycle Manager oversees identity and authentication of users, servers, devices, and other IT resources. DigiCert offers three deployment options.

The first one is PKI as a service, where DigiCert manages customers’ public or private PKI. The second one is on-prem for those who have more complex environments. The third one is in the customer cloud. Approximately 50 percent of customers are deploying PKI as a service, 30 percent in the cloud, and the remainder on-prem.

“We’re seeing a pivot in the industry, where instead of looking at siloed areas, organizations are starting to look across them and see how trust can be managed and measured throughout the organization,” said Brian Trzupek, senior vice president of product at DigiCert. “All the previous announcements and the infrastructure work we’ve done is leading up to DigiCert being able to execute on this launch.”

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Digital Trust Is Challenging To Deploy With Point Products

When thinking about the building blocks of digital trust, standards that help create trust in the ecosystem are at the core. Creating digital trust is a complicated process involving several key steps that can be visualized as a pyramid, explained Trzupek.

At the base of the pyramid is defining trust through industry and technology standards. “This is where our leadership in the standards bodies that we participate in is so crucial. We’re the voice of the customer in those bodies. We’re taking their concerns, requests, and challenges into consideration,” said Trzupek.

Moving up the pyramid is establishing trust through compliance and operations. DigiCert operates global data centers in six regions with service-level agreements (SLAs) for high availability. “This gives us extraordinarily high availability as a company. We operate data centers under a compliance regime that’s managed by 25 annual audits to ensure that we can deliver trust in those regions,” said Trzupek.

Toward the top of the pyramid is managing trust for public and private PKI in the enterprise, which includes certificate lifecycle management. At the very top of the pyramid is extending trust even further into connected trust ecosystems—essentially everything beyond the perimeter like devices, software, identity, and content.

Although certificate lifecycle management solutions have been on the market for a while, what differentiates DigiCert from competitors is its PKI service provider roots and ability to offer a full-stack solution that combines private and public trust with CA-agnostic certificate lifecycle management.

DigiCert’s PKI Services draw from its rich history in PKI management, simplifying the complexity involved in managing identity and access with pre-built and customizable templates, deep integration and automated provisioning.

DigiCert Is Shifting From Product To Platform

Additionally, DigiCert has more than 100 integrations with third-party vendors, offered out of the box with Trust Lifecycle Manager. DigiCert is opening up application programming interfaces (APIs) to third-party vendors, so they can do this work on their own. According to Trzupek, this gives DigiCert the scale to help more customers.

DigiCert is actively adding support for management of other CAs beginning with Microsoft CA in Q1 and extending to other public and private CAs in subsequent quarters. With these expansions, DigiCert customers will be able to manage any certificate from any CA. Customers can already work with multiple CAs when building their certificate inventory with Trust Lifecycle Manager’s discovery features.

“This opens up a whole new market for us. Previously, we had to sell to customers who are only using DigiCert CA services,” said Trzupek. “We’ve created an entire integration API and surface layer through this product, which third parties can extend and add functionality to it as they see fit. That’s a game changer.”

The post DigiCert Rolls Out Trust Lifecycle Manager appeared first on eWEEK.

Really? I have my doubts. In the many years I’ve covered enterprise tech, I’ve never looked ahead and seen such a rapidly shifting landscape. As the pace of innovation leaps ahead, the leading sub-sectors of IT have become increasingly complex:

• Artificial intelligence: The stunning debut of ChatGPT in November put us on notice: AI is growing exponentially, offering a toolset (for free!) that would’ve been sci-fi not that long ago.
• Cloud has become the foundation of tech, but never has a foundation continued to evolve so fundamentally. Cloud is now very much multi-cloud. So customers benefit from the vast potential of combining the top hyperscalers – which is equaled only by the frustrating management and cost concerns.
• Edge computing exploded in 2022; I can hardly count the executives I’ve spoken with recently who see it as a new leading focus. The Internet of Thing’s immersive computing environment is creating a data-rich infrastructure that supports commerce and collaboration and, eventually, the metaverse.
• Data analytics – the engine that drives decision making – has forked into an array of mushrooming sub-sectors, from predictive analytics to data visualization to real time data mining. No longer a separate discipline, analytics is being built into ever more applications as a core element. I hope you like the mining of metrics for insight, because it’s becoming omnipresent.

Given tech’s furious pace of change, I see only one “safe” prediction: the revenue for tech will continue to spiral skyward at vertiginous rates.

Cloud, for instance, is growing at a robust 14.4 percent CAGR. It’s forecast to expand from its 2022 total of $483 billion to a cool $1.5 trillion in 2030. And that growth rate is downright modest compared with AI, which is forecast to increase at a rip-roaring 38 percent CAGR, leaping from 2021’s $147 million to $1.6 trillion in 2030.

By the way, that’s the first time I’ve used the phrase “rip-roaring” in a sentence about IT. Fitting that it would be about AI. There’s gold in them hills – as there is throughout the enterprise IT sector.

Tech Predictions 2023 and Beyond

Fortunately, my reluctance to predict the course of tech is not shared by executives across the enterprise IT industry. The thought leaders below offer their forecast for the sectors that will shape the enterprise in 2023 and beyond.

• Digital Transformation
• AI and Data
• Cloud Computing
• Edge Computing
• Cybersecurity

DIGITAL TRANSFORMATION

Ayman Sayed, Chief Executive Officer, BMC Software

Six Trends to Watch

As companies continue to evolve their remote work workforce and decentralized IT operations, it will be important that the organizations supporting them have products that align to their needs and their new operating models. In 2023, there are six key macrotrends to watch.

• First, the Future of Work, the way we work has changed forever. If there is one thing we learned from the pandemic, it’s where and how we work is constantly evolving. And technology will continue to be key to enabling this flexibility.
• Economic Growth Shifts: the turbulence of the financial markets feels normal now. The nations driving global growth are shifting, and geopolitical challenges have altered how business is conducted. Predicting market shifts and finding ways to succeed takes incredible amount of data analytics and insights, and this will only grow in the year ahead.
• Supply Chains, including procurement, manufacturing, distribution, inventory and last-mile delivery, have changed in ways where data and insights are critical. For many, there is incredible pressure to ensure that supply chain changes can be absorbed to shield customer and employee expectations.
• Cybersecurity: This is not only the job of a CSO any longer, cybersecurity is everybody’s job. Yet this needs to be done in a way that does not create friction or slow businesses down.
• The Value of Data: Statista reports that every person creates 97 zettabytes of data by the end of this calendar year. That is 21 zeros after 97 bytes of data. This creates immense opportunity if we can capture, analyze, and apply it for better business results.
• The socially responsible organization creates an opportunity and expectation for each of us to make the right decisions and collectively impact climate change, diversity, and inclusion, to make the world a better place. Because doing good in the world is good for businesses.

Shiva Nathan, Founder & CEO, Onymos

Metaverse technologies will remain just hype, while digital transformation technologies trends higher

While there might be flashes of jazzy product introductions around metaverse technologies, there will not be any mass adoption or game-changing impact in 2023 stemming from metaverse. These technologies will remain just hype for the foreseeable future until more and more enterprises gain a better understanding of this space and its impact.

Technologies accelerating digital transformation, with a focus on cost reduction, will gain steam in 2023. The digital transformation trend that started during the Covid pandemic will only continue to accelerate as enterprises look for new ways to extract efficiencies in systems and processes.

Ian van Reenen, CTO, 1E

IT sustainability and cost reduction

As remote work remains a constant heading into 2023, we’ll see more discussion around IT sustainability in terms of how to reduce IT costs as more employees opt to work from home, and how this can also have a more positive impact on the environment.

Around 70% of the carbon footprint of a laptop comes from the manufacturing process, so a tangible action organizations can take to become more cost-effective and sustainable is to evaluate how they can extend the life cycle of their laptops and other devices. A key question for leaders to ask is how their organizations can more efficiently reuse, repurpose, and refresh IT equipment.

AI and DATA

Srinivasan Venkatesan, Executive Vice President, U.S. Omni Tech, Walmart Global Tech 

A significant expansion beyond robotics to intelligent automation

Over the last several decades, the value of automation has largely been derived from using robotics to replicate human actions and eliminate laborious, repetitive tasks. This coming year, I predict we’ll witness a significant expansion beyond robotics to intelligent automation, which uses artificial intelligence and analysis to carry out data-driven tasks with very little human interaction. This enablement shifts reliance off humans and onto technology, so workers can focus their attention on other areas of the business.

As more businesses adopt this newer structure, they’ll find greater efficiencies in everyday tasks across their organization. Imagine streamlining hundreds of processes and decisions—everything from prioritizing employee work tasks, to determining the products stocked on shelves, to automating customer contact—with the push of a button. The possibilities and opportunities are endless for optimizing workflows and reducing costs.

Charlie Boyle, Vice President, NVIDIA DGX Systems

Enterprises will seek out AI solutions that can deliver on objectives

In 2023, inefficient, x86-based legacy computing architectures that can’t support parallel processing will give way to accelerated computing solutions that deliver the computational performance, scale and efficiency needed to build language models, recommenders and more.

Amid economic headwinds, enterprises will seek out AI solutions that can deliver on objectives, while streamlining IT costs and boosting efficiency. New platforms that use software to integrate workflows across infrastructure will deliver computing performance breakthroughs — with lower total cost of ownership, reduced carbon footprint and faster return on investment on transformative AI projects — displacing more wasteful, older architectures.

Ashok Srivastava, Senior Vice President & Chief Data Officer, Intuit

AI will completely transform security, risk and fraud

We’re seeing AI and powerful data capabilities redefine the security models and capabilities for companies. Security practitioners and the industry as a whole will have much better tools and much faster information at their disposal, and they should be able to isolate security risks with much greater precision. They’ll also be using more marketing-like techniques to understand anomalous behavior and bad actions.

In due time, we may very well see parties using AI to infiltrate systems, attempt to take over software assets through ransomware and take advantage of the cryptocurrency markets.

Quentin Clark, Managing Director, venture capital firm General Catalyst

Personalization will shape the employee experience

Personalization has become a Holy Grail for both businesses and consumers looking to build loyalty. Next year, such personalization will become more widespread in the workplace (individualized benefits, rewards, on-boarding, training plans).

Employees essentially are consumers, and they will increasingly expect the same personalization they’re used to in everyday life entering the workplace. At a time when recruitment remains challenging and businesses are preparing for slower growth rates, personalization can help companies do more with less and ensure talent stability.

Leonid Belkind, Co-founder and CTO, Torq 

Security automation’s proactive footprint continues expanding

Rather than focusing on retroactively building workflows and processes based on historic attacks, security automation deployments will shift to a proactive approach to help prevent attacks before they happen.

Part of this involves security teams harnessing early threat intelligence signals and building defenses against them into their workflows and processes. The result will be a comprehensive new offensive-capacity framework that combines the entirety of the security stack into the most powerful protection approach to date.

From Kuldeep Jiwani, SVP of Data Science, HiLabs

AI and ML systems must work in real time

Healthcare AI will soon move from a reactive to a proactive state. For this to happen, AI and ML systems will have to work in real time. This can be achieved in a couple ways:

• One way to realize proactive, or predictive AI, is to have a closed loop MLOps-based system where ML model training happens in the background to generate models that are only applied on live, real time data. The quality of prediction is observed and if it degrades, then an automated closed loop is triggered that retrains the data to generate a new model and puts the newer version back into a streaming prediction pipeline.
• Another way to achieve proactive AI is to implement a continuous learning framework where the same model learns from its mistakes and auto-corrects itself over time.

Evangelos Hytopoulos, Sr. Director of Data Science at iRhythm 

AI approaches will be based on the use of self-supervised and generative AI algorithms

The majority of AI models today are based on supervised learning, where labels are combined with measurements to teach an algorithm to predict unseen data. However, it takes a lot of effort to create a labeled data set and as a result, usually only a subset of the data can be labeled – thus limiting the learning capacity of the current models.

In upcoming years, we can expect to see AI approaches that are based on the use of self-supervised and generative AI algorithms in order to facilitate the incorporation of a larger volume of data in model training.

Supervised learning is capable of learning important features of the underlying measurements that are a richer representation of the data. The advantage of generative algorithms is the creation of synthetic data – labels coming from a different signal domain and the important features are learned from the domain of interest. In both cases, proper validation will be required to prove the validity of the algorithms and the lack of any bias in its predictions.

Mohan Kompella, VP of Product Marketing, BigPanda

Automation, AIOps and the recession

Very similar to what we saw at the start of the pandemic, the 2023 recession environment will force organizations to figure out how to scale through technology like automation and AIOps and not through headcount.

As companies implement hiring freezes and are forced to work with flat budgets, in addition to cutting staff, companies must identify ways to support existing employees and create a less stressful work environment for their IT, SRE and DevOps teams to avoid employee burnout. Effective, automated solutions that address these challenges will become a must-have.

Steven Mih, Co-founder and CEO, Ahana

Industry accepted open lakehouse stacks will emerge

As the market further chooses open options for table formats, compute engines and interfaces, the Lakehouse version of the LAMP stack will emerge. Linux Foundation and Apache Software Foundation projects will constitute those components.

CLOUD COMPUTING

Liz Centoni, Chief Strategy Officer and GM of Applications, Cisco

Multi-Cloud Realignment

As deglobalization and issues around data sovereignty accelerate, in the year ahead we will see a discernible shift in how companies leverage multicloud architectures. While 89% of enterprises are adopting a multicloud strategy for a variety of reasons (geopolitical, technical, provider diversification), the benefits come from additional complexity in connecting, securing, and observing a multicloud environment.

We will see a big move toward new multicloud frameworks such as Sovereign Clouds, Local Zone Clouds, Zero-Carbon Clouds, and other novel cloud offerings. This will create a path toward more private and edge cloud applications and services ushering in a new multicloud operating model.

John Engates, Field CTO, Cloudflare

The cloud takes on compliance

Complying with the patchwork of recently passed global privacy and data regulation has become a nightmare for corporate IT teams. In 2023, cloud services will finally take the burden of compliance off of these teams and automatically determine where data can be legally stored and processed.

We believe the majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies. Developers shouldn’t be required to know exactly how and where their data can be legally stored or processed. The burden of compliance should largely be handled by the cloud services and tools developers are building with.

Networking services should route traffic efficiently and securely while complying with all data sovereignty laws. Storage services should inherently comply with data residency regulations. And processing should adhere to relevant data localization standards.

Patrick Bossman, Product Manager, MariaDB

Availability will be the key to winning in 2023

One thing we have learned in recent years is outages can be crippling for business. In 2023, availability will be the secret sauce differentiating the winners from the losers. Companies need to avoid lock in and have the flexibility to scale. By diversifying cloud environments, companies will minimize the impact of outages on their ability to continue operations.

Andy Glassley, Director of Innovation, Core BTS

A concerted effort to modernize the cloud

Over the last decade, we have seen a huge spike in businesses moving to the cloud. Gone are the days where on-premises infrastructure could fully accommodate the ever-changing technologies businesses needed to stay competitive. We are now in the age of the Cloud Revolution that better enables application modernization through rehosting, refactoring, re-platforming, and more.

In 2023, we’ll continue to see organizations migrate to the cloud, but we’ll also see a concerted effort to modernize the cloud. Organizations will look to do more with their existing cloud investments and innovate through cloud-native applications, hybrid applications, and modern data foundations.

Haoyuan Li, Founder and CEO, Alluxio

Cloud adoption becomes heavily influenced by cost optimization

Cloud adoption is being influenced by a greater focus on cost optimization in 2023. Even though the public cloud has catalyzed the growth of countless companies, the global economic uncertainties will drive large organizations with data-intensive workloads to recalibrate their cloud strategies with a higher emphasis on cost optimization, such as reducing egress costs.

The focus will be on the ROI and TCO of their infrastructure, either in the cloud, on-premises, or both.

Cassius Rhue, VP, Customer Experience, SIOS Technology

Cloud  migration and repatriation will continue and bring new demand

Many companies fast tracked their cloud adoption journey due to world-changing events in the last few years and traded on-prem data centers for the cloud. This cloud migration will continue, and at the same time, many companies will realize that migration itself was not a one size fit all solution nor a panacea for issues of  ‘application’ availability.

The need for high availability of stateful applications in the cloud will prompt companies to use clustering software. Repatriated systems will leverage solutions the minimize churn, and the need for multiple application availability vendors.

Amit Rathi, VP of Engineering, Virtana

Cloud cost management will give companies the upper hand

Cost and resource optimization is going to be key for 2023. Considering the potential economic uncertainty, most companies want to have detailed insights into cloud spend and the ability to control the spend and optimize its resource utilization. Driven by the digital transformation over the last few years, companies have adopted multiple clouds based on their individual business needs.

As a result, most companies have very little insight about spend, the correlation with business applications and potential cost savings possibilities. As organizations start to drive toward a cloud adoption maturity that is coupled with business pressure on reduced spend, the companies that have a proactive approach will have a significant upper hand in dealing with uncertainty.

EDGE COMPUTING

Bjorn Andersson, Senior Director of Global Digital Innovation Marketing and Strategy, Hitachi Vantara

Private 5G will collect more data at the edge than ever before

The use of private 5G networks in industrial settings, such as manufacturing where sensors and robotics are heavily used, will begin delivering on the promises of device connectivity, machine reconfigurability and real-time data analysis.

Increased use of private 5G will enable troves of new connected devices, collecting more data at the edge than ever before, in addition to a broader adoption of IIoT-enabled solutions in 2023.

Rafael Umann, CEO of Azion

Edge developers will embrace open standards and frameworks

Developers who create apps through platforms that don’t offer easy portability will have little recourse if those platforms decide to increase prices or make other significant changes. Vendor lock-in is unacceptable for companies that must carefully plan their budgets.

As a result, in 2023, expect a strong focus on ensuring that edge web apps rely on open standards and frameworks. This focus will increase interest in WebAssembly, Jamstack, and other technologies not tied to a specific provider. Building apps using these technologies allows developers to shift from platform to platform as needed to optimize cost and performance.

Kris Beevers, Co-Founder and CEO, NS1

Hyperspecific ML and AI will catalyze edge adoption

In the near future, AI and machine learning (ML) models will become hyper-personalized. Each model will be optimized for a specific person, location, or application, accounting for their particular needs and idiosyncrasies.

Creating these models will require processing and deploying massive data sets, on a far greater scale than a central data lake could hope to handle. As a result, expect to see edge infrastructure become critical as a way to make the creation and storage of these models more sustainable at scale.

Nima Negahban, CEO and Cofounder, Kinetica

Enterprises treat their data spatial in 2023

The cost of sensors and devices capable of broadcasting their longitude and latitude as they move through time and space is falling rapidly with commensurate proliferation. By 2025, projections suggest 40% of all connected IoT devices will be capable of sharing their location, up from 10% in 2020.

Spatial thinking will help innovators optimize existing operations and drive long-promised digital transformation in smart cities, connected cars, transparent supply chains, proximity marketing, new energy management techniques, and more.

Tenry Fu, Co-Founder and CEO, Spectro Cloud

Edge burns white-hot

Kubernetes may have gained popularity as the operating system for the data center, but its real value may prove to be at the edge, where its portable and resilient application workloads can power an almost infinite variety of digital business processes and customer experiences.

Our research has found that 35% of production Kubernetes users are already running Kubernetes at the edge, and many many more plan to do so in the next 12 months. The use cases are incredibly varied, from fruit-picking drones to AI on MRI machines, and many of them have the potential to drive revenue and competitive differentiation for the companies that get them right.

But the challenges are equally immense, from manageability to security. The year 2023 is the tipping point, when the challenges get hit head-on, and edge truly goes mainstream.

CYBERSECURITY

Nick Landers, VP of Research, NetSPI

An emphasis on machine learning security, threats, and vulnerabilities

Machine learning is already deployed in numerous technologies, especially those concerned with security — for example email filters, security information and event management (SIEM) dashboards, and endpoint detection and response (EDR) products.

If you thought you could delay ML security conversations, think again. There is a growing group of security researchers focused on Adversarial ML, which includes both attacks on models themselves (inversion, extraction, cloning, etc) and the use of ML in network attacks and social engineering. In the upcoming year, we’ll see a growing list of vulnerabilities being published for ML-integrated systems.

Shash Anand, SVP of Product Strategy, SOTI

The growth of Zero Trust

Zero Trust is a mindset; don’t trust anyone or anything that wants to access data or join a network without verifying credentials. While to some it may perceive that this leads to loss of productivity because it may take longer, proving who you are is important for security purposes. Companies must have the right tools to offer single sign-on and validation based on multiple factors of authentication.

We can expect Zero Trust to improve mobile security because it ensures only authenticated users get access.

Jacob DePriest, VP, Deputy CSO, GitHub 

Cybersecurity transparency will be hailed as a strength

While organizations are improving how they detect and defend against cyberattacks, they must also evolve the way they communicate about them. We’ve seen a fair number of breach disclosures this year, and next year will be no different.

However, we’ll see more organizations lean further into transparency as a means to strengthen trust around their business. More security leaders will focus on building an environment where the security team is an empowered, trusted partner to the business. It’s important to prioritize open, transparent communications around security incidents to build trust with both internal and external stakeholders.

As a natural result, the internal bar for privacy and data protection will rise and the threshold for external sharing of security incidents will lower.

Tal Dagan, Chief Product Officer, Atera

Security concerns = number one priority for IT leaders

Companies are focusing more on cybersecurity and looking for solutions to make their devices less vulnerable. We expect more IT departments to implement IT monitoring solutions as organizations become more demanding of the quality of service and much more fearful of increasing cyber-attacks.

Adam Koblentz, Field CTO, RevealSecurity

Behavior-based analytical detection will be required

Many incidents in 2022 have shown us that 2-factor authentication is not enough to prevent breaches, APTs (Advance Persistent Threats). Criminal organizations are seeing 2-Factor Authentication as a mere hurdle, not a blocker.

In 2023, companies will need to assume compromise and act to detect it with increased speed and ease (which can only be done via automation). Companies will not use detection tools that are too noisy or inaccurate as they are too much of a burden on the team. Behavior-based analytical detection will be required to handle the threats facing organizations.

The post Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More appeared first on eWEEK.

Among the topics we discussed: 

• Let’s talk about XDR in the cybersecurity market. What is it, and why is it a growing solution?
• As you survey the XDR market, what forces are driving the market?
• How is Cynet addressing the security needs of its clients?
• The future of XDR and cybersecurity? What are some significant developments we can expect in the years ahead?

The post Cynet’s George Tubin on XDR Cybersecurity appeared first on eWEEK.

It’s been well documented that phishing as an attack vector has exploded over the past several years. SlashNext reported that over the first six months of 2022, there were over 255M attacks, a 61% increase in the rate of phishing attacks compared to 2021.

What is often overlooked is the total cost to a business. Such attacks require a great deal of time and energy from IT and security teams, which, on average, spend approximately 28 minutes dealing with a single phishing email at a cost of about $31 per message.

The findings come from a new report conducted by IRONSCALES and Osterman Research, surveying 252 IT and security professionals in the U.S. The report, The Business Cost of Phishing, uncovered that IT and security teams typically spend one-third of their time handling phishing threats weekly. For 70 percent of organizations, dealing with a single phishing email takes 16 to 60 minutes.

Also see: The Successful CISO: How to Build Stakeholder Trust

Dealing with Phishing: Like Finding a Needle in a Haystack

As the attack occurs, IT is looking for the message and reading the headers on the message, explained Ian Thomas, VP of product marketing at IRONSCALES. “If there’s an attachment, they’re running it through a sandbox to see if it’s malicious. Once IT realizes phishing is involved, they look for it in other mailboxes—potentially hundreds of mailboxes. When they find it, all the messages have to be pulled out. This requires a lot of investigating and takes roughly a half hour every single time.”

In addition to spending a lot of time on phishing-related activities, organizations have to pay a higher salary to every IT or security professional that handles phishing. According to the data, an organization with five IT and security professionals is currently paying $228,630 in annual salary and benefits to handle phishing. An organization with 10 IT and security professionals is paying $457,260 per year, and an organization with 25 IT and security professionals is currently paying $1,143,150 per year.

Phishing Attacks: Increasingly Challenging

Phishing is an increasingly sophisticated form of cyberattack that’s becoming more prevalent and better at evading detection. Most of the IT and security professionals surveyed in the report expect the volume of phishing attacks to increase over the next 12 months. As the attacks become more complex and damaging, organizations will spend more time and money on mitigating them.

Eighty percent of organizations feel the dynamics of phishing have worsened or remained the same over the past year. These dynamics include the number of phishing attacks, their sophistication, and their ability to bypass current detection mechanisms.

For example, hackers are using adaptive techniques or polymorphic attacks that slightly alter each phishing message, which decreases the likelihood of a message being flagged as a phishing scam.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Targeting Vulnerable End Users

The most common way phishing attacks are carried out is by tricking an email recipient into believing that the message they received is from a trusted source, such as a bank, a friend, or a fellow employee.

Hackers can obtain account credentials from earlier phishing messages or purchase the credentials on the dark web. The messages are sent from an organization’s own email infrastructure, which means they are likely to bypass detection.

Any messaging platform where two-way communication takes place is now a target for phishing attacks, said Thomas. Social media platforms like Facebook, LinkedIn, and Instagram are the most common ones, but Webex and Zoom users are also at risk. Hackers with employee credentials can take over a legitimate account and disguise themselves as the account holder to contacts, who receive phishing links and attachments directly in these apps.

Also see: Best Website Scanners 

Social Media in the Crosshairs

The report identified a worrying trend, where phishing attacks are spreading beyond email. According to the respondents, they’re seeing phishing attacks in messaging apps like:

• WhatsApp, Telegram, and Snapchat (57%)
• Cloud-based file sharing platforms like Dropbox and Google Drive (50%)
• Text messaging services (49%)
• Social media and direct messages (44%)
• Video conferencing platforms like Zoom, Webex, and Google Meet (43%)
• Collaboration platforms like Microsoft Teams and Slack (40%)

The number of phishing attacks is only expected to grow over the next 12 months. Therefore, organizations should prepare by revamping their cybersecurity tactics to include more robust solutions that can detect and stop phishing attacks—even advanced polymorphic and nested threats—and safeguard their communication and collaboration apps, not just email.

In the report, IRONSCALES recommends creating awareness among employees through surveys and training materials, so they can identify phishing scams. Organizations can use phishing simulation and training exercises to help employees understand various phishing techniques. For organizations that have a bring your own device (BYOD) policy, it should be revised to include guidance on text-based phishing scams.

IRONSCALES also recommends using the principle of least privilege access to reduce the attack surface. Even if an employee’s account gets compromised, their access will be restricted only to their job functions and duties. Taking these important steps can help organizations educate their employees and mitigate potential attacks.

The post Understanding the Business Costs of Phishing Attacks appeared first on eWEEK.

Among the topics we discussed: 

• Before we dive into specifics, what’s your sense of the trends and developments driving the security sector this year?
• How can companies synchronize their security across environments? Why is this important?
• What about AI in security? Seems like clients face a difficult task in assessing the AI capabilities of security vendors, because it’s so “under the hood.” Advice to them?
• Why would a company select Sophos? What’s the advantage?
• The future of cybersecurity? What will be driving the market in, say, 2026?

Listen to the podcast:

Also available on Apple Podcasts

Watch the video:

The post Sophos CTO Joe Levy on AI in Cybersecurity appeared first on eWEEK.