Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

We provide the cartoon. You write a witty cybersecurity-related caption to explain the scene above. Our favorite will win a $25 Amazon gift card.

The contest ends on April 26, 2023. Here are four convenient ways to submit your ideas:

*   Email _\[email protected\]_ with the subject line "The Edge April 2023 Toon."
*   Via social media: Twitter, Facebook, and LinkedIn.

**Last Month's Winner**

Congratulations, Mark Phinick! HCL Software's global VP of BigFix sales snagged first place for March's "Domino Effect" contest. His caption appears below.

    

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Name That Edge Toon: Tower of Babble

If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.

Customer satisfaction is today's business battleground. The winners are the companies that deliver the best, highest-functioning software and applications in the shortest amount of time.

ChatGPT is the latest example of a winning app. In just a few months, the tool has reached 100 million users, making it the fastest-growing consumer application ever. Its success has also set off an artificial intelligence (AI) apps arms race, with competitors, including Google, emerging to grab market share as fast as possible. This race illustrates the ongoing struggle companies face to quickly develop high-performing software and applications that are also highly secure. This is a delicate balance in today's environment, where trading security for speed could lead to disastrous consequences.

**Security-Speed Balance**

One method that companies are embracing to strike this balance is implementing the "shift left." The shift left in this context refers to moving practices related to testing software as early in the development process as possible. By embracing the shift left, technology teams — specifically DevOps teams — can identify bugs, errors, and vulnerabilities early on and resolve them, resulting in high-performing, highly secure software, and applications.

Here are four steps DevOps teams can take to embrace the shift left, improve application performance, reduce vulnerabilities, and win the security battle.

**Step 1: Define the Security Strategy**

No army worth its salt heads into the field without a detailed map of the terrain, information on adversaries, and a hierarchy in place with responsibilities for every rank. The same should be true of any DevOps unit shifting left.

Companies should take the time to identify who will be in charge of what responsibilities, determine metrics for success, and formalize procedures. DevOps leaders should build appropriately staffed teams, implement processes that maximize security, and determine what kind of tests they will run and how often they will run them. Businesses should also identify and prepare for specific known vulnerabilities that could lead to issues.

Shifting left involves developing a new set of principles for software delivery and security; thus, planning and defining the strategy is very important.

**Step 2: Understand the Development Pipeline and Deployment Process**

As companies shift left, it's critical to have a thorough understanding of the software development pipeline and the deployment process.

This pipeline is the set of tools and processes in place to build and release software and applications. Once this analysis and understanding is complete, DevOps teams can begin carrying out tests in the build pipelines, checking code validity within development environments, and much more.

One solution that is helping DevOps teams map and understand their pipelines and embrace the shift left is observability. With observability, teams can help teams get a single-pane-of-glass view across applications, databases, and infrastructures that can be key to understanding application performance, user experience, and the overall environment required for modern application architecture. Some observability solutions even offer live code profiling that automatically sees potential user issues or performance bottlenecks before code is shipped.

**Step 3: Include Security Automation**

In enterprise technology, software teams have turned to automation to streamline testing for multiple reasons. First, manually testing software can introduce human error. Second, the shift left requires companies to test software as early and often as possible. And while these principles are meant to create more secure, better-performing products, this high volume of testing can also result in overloaded teams, requiring DevOps to manually evaluate every new feature the development team introduces.

To avoid this scenario, DevOps teams should use tools that automate running tests. Doing so will help reduce the stress placed on DevOps teams while also providing faster feedback related to any vulnerabilities that may be found in software code. Generally, automating tests in the development cycle allows organizations to increase the speed with which a product is completed while ensuring that fewer bugs or vulnerabilities are found later.

**Step 4: Build a Culture of Transparency**

While automation and modern technology can contribute significantly to an organization's success, a more human process and trait plays an equally important role — communication and transparency.

One of the key principles behind DevOps is narrowing the divide between development and production. Increasing communication and transparency across the product and software development life cycle can help narrow this divide. As it relates to the shift left, involving the appropriate team members as early as possible and during every step in the process is key to increasing transparency.

By prioritizing communication and adding transparency to the process wherever possible, team members will better understand how to test, what vulnerabilities to look for, and how to make software and applications more secure, better performing, and more resilient.

4 Steps for Shifting Left & Winning the Cybersecurity Battle

Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.

**MOUNTAIN VIEW, Calif.--(****BUSINESS WIRE****)--** Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch, today announced expanded capabilities for Elastic Security including Cloud Security Posture Management (CSPM) for AWS, container workload security, and cloud vulnerability management. Building on the previously released Kubernetes security posture management (KSPM) and Cloud Workload Protection Platform (CWPP) capabilities, Elastic now delivers a comprehensive security analytics solution that includes complete Cloud Native Application Protection for AWS.

According to Gartner, more than 85% of organizations are moving to a cloud-first model and 95% of new digital workloads are being deployed on cloud-native platforms. However, 99% of cloud failures will be the customer’s fault due to mistakes like cloud misconfigurations. Research from Elastic Security Labs found that nearly 1 in 3 (33%) attacks in the cloud leverage credential access, indicating that users often overestimate the security of their cloud environments and fail to configure and protect them adequately.

“Many companies have a fragmented approach to cloud security, as security and devops teams pivot between multiple dashboards,” said **Ken Buckler, Research Analyst - Security and Risk Management, Enterprise Management Associates.** “Unified visibility across all cloud resources, as well as on-premises systems, is critical to quickly identify and stop security threats at scale, especially when attackers repeatedly cross boundaries between cloud and on-premise in attempts to evade detection. With Elastic Security, organizations can streamline their cloud security operations by establishing real-time, unified visibility across their environments in a single interface.”

Elastic’s comprehensive suite of cloud security capabilities includes:

*   **Cloud Workload Protection** (generally available) — Expands on existing runtime security for traditional endpoints, enabling cloud security teams to gain deep visibility into the entire runtime workload including standalone Linux workloads, virtual machines, and infrastructure hosted in AWS, Google Cloud, and Microsoft Azure.
*   **Container Workload Protection** (beta) — Provides cloud security teams deep visibility into container workloads in managed Kubernetes environments with pre-execution runtime analysis for workloads running in Amazon EKS, GKE, and AKS environments.
*   **Cloud Security Posture Management** (beta) — Enables cloud security teams to continuously detect and remediate misconfigurations across workloads in AWS and Amazon EKS in real-time with Center for Information Security (CIS) benchmark controls, out-of-the-box integrations, and posture management dashboards and reports.
*   **Cloud Vulnerability Management** (beta) — Uncovers cloud-native vulnerabilities in AWS EC2 workloads with minimal resource utilization on workloads and enumerating vulnerabilities with risk context to help cloud security teams identify and respond to potential risk.

“Elastic Security is a unified security solution offering SIEM, endpoint, and cloud security capabilities—rooted in data management and analytics—that enables customers to protect, investigate and respond to threats across their entire infrastructure,” said **Santosh Krishnan, General Manager of Elastic Security, Elastic**. “The expansion of Elastic Security’s comprehensive cloud security capabilities provides organizations with the power they need to modernize their cloud security operations, improve attack surface visibility, reduce vendor complexity, and accelerate remediation.”

For more information, read the blog.

Gartner Press Release, "Gartner Says Cloud Will Be the Centerpiece of New Digital Experiences," November 10, 2021.

**About Elastic:**

Elastic (NYSE: ESTC) is a leading platform for search-powered solutions. We help organizations, their employees, and their customers accelerate the results that matter. With solutions in Enterprise Search, Observability, and Security, we enhance customer and employee search experiences, keep mission-critical applications running smoothly, and protect against cyber threats. Delivered wherever data lives, in one cloud, across multiple clouds, or on-premise, Elastic enables 19,900+ customers and more than half of the Fortune 500, to achieve new levels of success at scale and on a single platform. Learn more at elastic.co.

The release and timing of any features or functionality described in this document remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

_Elastic_ and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.

Elastic Expands Cloud Security Capabilities for AWS

The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.

The Food and Drug Administration (FDA) this week put into effect fresh guidance concerning the cybersecurity of medical devices — long a concerning area of risk for healthcare organizations and patients alike. The policy is one in a long line of attempts by the FDA to put some guardrails around the susceptibility of things like insulin pumps and heart monitors to hacking, and experts say that this time, the FDA's move might actually make a difference.

Effective immediately, medical device manufacturers are advised to submit "a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities, and exploits."

Manufacturers are also asked to "design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure." This includes making patches available "on a reasonably justified regular cycle," and for newfound critical vulnerabilities, "as soon as possible out of cycle."

And finally, the FDA is asking that new devices come prepared with a software bill of materials (SBOM).

For some, FDA guidance may evoke memories of prior actions that failed to improve cybersecurity in this critical area in any real way. But experts say this long road has finally reached a real, genuine inflection point. Starting now, new medical devices that don't meet these standards will be blocked from the market.

"It's actually been a process that's taken place over approximately the last 10 years," says Cybellum CMO David Leichner. "And it came to fruition two days ago."

**Medical Devices in Cyber-Crisis**

Medical device security has been an alarmingly lagging area for cybersecurity for a very long time, and there's a laundry list of reasons why. Healthcare facilities often use legacy IT and have flat networks that aren't segmented, for instance — even as medical devices for patients are increasingly connected. And security by design isn't common.

"A medical device manufacturer may be very experienced in designing highly reliable and innovative devices, but they may not necessarily be security experts," explains Axel Wirth, chief security strategist at MedCrypt.

In fact, the most cutting-edge medical equipment sometimes introduces new security problems that the old stuff never had. Internet connectivity brings a slew of benefits to providers, but also opportunities for hackers. In the State of Healthcare IoT Device Security 2022 report, healthcare IoT firm Cynerio found that more than half of all connected medical devices are vulnerable, including, for example, nearly three out of every four IV pumps.

Thus, cybercriminals can easily break in and run rampant across a hospital network, reaching whatever endpoints they choose, including these life-saving devices. This could have potential physical consequences for patients if a device is vulnerable to takeover by an unauthorized user. The risk isn't theoretical: A September 2022 report by Proofpoint's Ponemon Institute linked a 20% increase in mortality rates to cyberattacks targeting healthcare organizations.

This is all exacerbated by the fact that when bugs are discovered, device manufacturers have a terrible track record of issuing patches in a timely manner (as is the case for most IoT gear), and healthcare settings have an even more terrible track record of implementing them.

"One reason \[for the insecurity\] is that these devices live longer," Wirth points out. Because they're designed to last a while — which is otherwise a positive thing — "they may be outdated or running outdated software, and any operational technology (OT) that is not necessarily up to date is more difficult to maintain. It's more difficult to deploy patches; it's more difficult to find time during hospital operations to update the device."

Considering the ubiquity of security failures in the industry, coupled with the massive consequences at stake in the event of a breach, many have urged the government to do more than offer "suggestions" for addressing the problems.

**The FDA's New Teeth**

On Dec. 29, President Biden signed into law the Consolidated Appropriations Act, also known as the Omnibus bill, which included Section 3305 — "Ensuring cybersecurity of medical devices" — an amendment to the Federal Food, Drug, and Cosmetic Act. It took effect on Thursday, 90 days after the Omnibus' passing.

So what happens now? It takes time for manufacturers to change their processes and for new products to integrate new rules and regulations (to say nothing of how healthcare, in general, moves more slowly than other industries, by necessity). The FDA has arranged for a six-month window — until Oct. 1 — for manufacturers to get used to the new rules of the road.

From now until then, the FDA will "work collaboratively" with manufacturers to ensure compliance, the agency clarified in an accompanying notice. Once Oct. 1 hits, "FDA expects that sponsors of such cyber devices will have had sufficient time to prepare." At that point, they will begin issuing "refuse to accept" (RTA) decisions to prevent any devices that don't meet the stated standards from reaching the market.

"Manufacturers are asking: 'When does this hit us?,'" Naomi Schwartz, MedCrypt's senior director of cybersecurity quality and safety, explains. "And the FDA is clarifying: 'We're not going to start refusing to accept until October, so that you have time to update all of your documentation and relieve a little bit of pressure and fear. But no kidding, you guys better get your stuff ready in the next six months, because it's coming.'"

What remains to be seen is how the FDA will enforce its rules after a device is released to the public. Preventing a machine from reaching hospitals is one thing, but ensuring that vendors meet so many of the other requirements outlined in these guidelines — like regular monitoring, consistent patching, and responsible vulnerability disclosure — requires never-ending oversight.

"This is definitely going to increase the overhead of the FDA," Cybellum's Leichner figures. "It'll be interesting to see how they go about this."

**The Timeline for Real, Visible Change**

Even once manufacturers start turning out gear that's in compliance with the policy, an overhaul of healthcare device cybersecurity will take a while.

"Medical devices can be very pricey," Wirth points out, "and replacing medical devices in hospitals requires budget, requires training. Sometimes it requires even changes in building and infrastructure. So it'll take a number of years." Section 3305 assigns no deadline for healthcare providers to replace their existing legacy equipment.

Still, he says, "I think we are already seeing better secure devices arrive in the market," especially since the US isn't the only place to start demanding security hardening of the devices.

Even though the FDA's policy might take a while to bear real fruit (and it's too soon to know for certain), we may look back on 2023 as a watershed for the industry.

"This is going to help FDA staff, it's going to help the industry, it's going to motivate people to stop kicking the can down the road and start buckling down now," MedCrypt’s Schwartz concludes. "It's pretty cool."

The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

The State of Email Security Report reveals cyber risk commands the C-suite's focus.

**DUBAI****, UAE****,** **March 31, 2023** **/PRNewswire/ --** Mimecast, an advanced email and collaboration security company, today announced the publication of its annual "The State of Email Security 2023" (SOES) report. The global survey is based on responses from 1,700 IT and security decision-makers, providing readers with key takeaways on the current threat landscape and offering recommendations to help organizations improve their cybersecurity posture.

Download the full report – Mimecast's "The State of Email Security 2023"

The global report sheds light on the threats affecting companies across the globe, including the United Arab Emiratesand Saudi Arabia. Ninety four of respondents from the UAE and 100% from Saudi Arabia  reported to have been targeted by emailed-based phishing attacks in the last year, but they all said that they either have a system to monitor and protect against email-borne threats or are actively planning to roll one out.

**Highlights From This Year's Report** 

**Cyber awareness in the C-suite –** As cyberattacks continue to become more sophisticated, business leaders in the region have shown greater willingness to confront the risks involved and invest in proper measures to keep cyberattacks at bay. On average, 95% of companies in the UAE and Saudi Arabia reported needing stronger protection for their Microsoft 365 and Google Workspace applications, while 61% said their company needs to spend more on cybersecurity. However, all companies reported some form of cyber awareness training at their workplace, thus indicating a greater alertness to future attacks. With the increased focus on cyber preparedness by the C-suite, CISOs feel more empowered to articulate their requirements and implement strategies and tactics that will make their organization more secure.  

**Collaboration tools, essential but risky –** With workforces still divided between the office and remote locations, collaboration tools remain an essential yet risky part of communicating with team members. Eighty four percent of SOES participants in UAE and as many as 94% in Saudi Arabia agree that collaboration tools like Microsoft Teams or Slack are essential to their working function, but 82% from both countries expect to be harmed in 2023 by a collaboration-tool-based attack. The sharp increase in the use of these tools puts it directly in the minds of CISOs to ensure that adequate security measures are put in place for them to continue working protected while using them.

**Improved cyber preparedness –** There is a growing realization that cyber risk isn't just an IT problem — it's a critical vulnerability that directly equates to overall business risk. As such, organizations are taking the necessary measures to prepare for impending attacks.   Half are using artificial intelligence and machine learning to help under-resourced teams stay ahead of the curve, while the other half have plans to implement such measures. The use of AI tools will undoubtedly help under-resourced cybersecurity teams stay ahead of attacks and manage threats accordingly. Sixty four percent of Saudi Arabian respondents cited threat prevention as the top benefit of implementing AI, while 54% of organisations in UAE said reduced human error across the company was the biggest advantage. Overall, most companies believe that AI systems will help revolutionize the ways in which cybersecurity is practiced.

"Supply chain vulnerabilities, the rise of online collaboration and the growth of digital networking are among the chief reasons the cyber landscape is becoming more treacherous. The intersection of communications, people, and data carries a tremendous amount of risk, as malicious actors exploit the interconnectedness of the modern work surface," says Werno Gevers, regional leader of Mimecast Middle East. "Our research shows that corporate boards have finally woken up to the realisation that cyber risk is business risk, so it's time for CISOs to make the case for increased budgets and greater cyber resiliency."

Download the full report and view the UAE and Saudi Arabia infographics to learn more, and stay tuned to the Mimecast blog Cyber Resilience Insights_._

**Mimecast: Work Protected™**  

Since 2003, Mimecast has stopped bad things from happening to good organizations by enabling them to work protected. We empower more than 40,000 customers to help mitigate risk and manage complexities across a threat landscape driven by malicious cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today. Mimecast solutions are designed to transform email and collaboration security into the eyes and ears of organizations worldwide.  

_Mimecast, the Mimecast logo, and Work Protected are either registered trademarks or trademarks of Mimecast Services Limited in_ the United States _and/or other countries.  All rights reserved.  All other third-party trademarks and logos contained in this press release are the property of their respective owners._

SOURCE Mimecast

Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending

"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.

An apparently pro-Islamic group that has hit numerous targets in Europe with distributed denial of service (DDoS) attacks over the past few months may actually be a subgroup of the Russian hacktivist collective known as Killnet.

The group, which calls itself "Anonymous Sudan," has claimed responsibility for recent DDoS attacks against targets in France, Germany, the Netherlands, and Sweden. All the attacks were apparently in retaliation for perceived anti-Islamic activity in each of these countries. The attacks on Swedish government and business entities, for instance, followed an incident of Quran-burning in Stockholm. The same, or similar, reason was the trigger for DDoS attacks against Dutch government agencies and an attack on Air France, where the group — in a break from character — stole data from the airline's website rather than DDoSing it.

**Anonymous Sudan's Killnet Links**

Researchers from Trustwave, who have been tracking Anonymous Sudan for the past several months, this week said there is some evidence to suggest the group is a front for Killnet. In a report, Trustwave said its researchers have not been able to confirm if Anonymous Sudan is, in fact, based in Sudan or if any of its members are from that country. The group's Telegram posts are in Russian and English, and other telemetry instead point to at least some of its members being Eastern European.

Just as with Killnet, all of Anonymous Sudan's targets have been in countries that have opposed Russia's invasion of Ukraine and/or have assisted the latter in some way. It's most recent threat — on March 24 — to attack targets in Australia fits into the same patterns, as does a DDoS attack against Israeli cybersecurity vendor Radware.

Also just like Killnet, Anonymous Sudan has mostly employed DDoS attacks to send its message to intended targets. And both Killnet and Anonymous Sudan have made claims on their respective Telegram channels that officially connect to each other. In January for instance, Anonymous Sudan claimed to have assisted Killnet in a DDoS attack against Germany's Federal Intelligence Service, Trustwave said.

Just why Anonymous Sudan would brand itself as a pro-Islamic group rather than a pro-Russian group allied with — or possibly a part of — Killnet remains unclear, according to Trustwave researchers. "Anonymous Sudan has been extremely active taking credit for attacks via its Telegram channel, but details concerning the true reasoning behind its efforts remain murky."

**A Noisy Hacktivist Collective**

Killnet itself is a noisy hacktivist group, that, in the months since Russia's invasion of Ukraine, has hit, or claimed to hit, numerous organizations worldwide in DDoS attacks. The group has described the attacks as retaliation against the US-led support for Ukraine in the war — and indeed, all of its victims have been in countries that have rallied behind Ukraine. Most of its attacks so far have been on organizations in Europe. But in February, Killnet launched DDoS attacks against more than one dozen major US hospitals, including Stanford Health, Michigan Medicine, Duke Health, and Cedar-Sinai. Last October, the group launched DDoS attacks against multiple US airports, including Los Angeles International Airport (LAX), Chicago O'Hare, and the Hartsfield-Jackson Atlanta International Airport.

Killnet has touted these attacks as major incidents. But security experts, and victim organizations themselves, have characterized the group as a medium severity threat at worst, but one that however cannot be ignored. Following Killnet's attacks on US hospitals, for instance, the American Health Association (AHA) described Killnet's attacks as typically not causing much damage but on occasion having the potential to disrupt services for several days.

Trustwave SpiderLabs security researcher Jeannette Dickens-Hale characterizes the threat that Anonymous Sudan presents the same way. 

"Based on Anonymous Sudan's recent DDoS attacks, its connection to, and similarity in tactics techniques, and procedures (TTPs) to Killnet, it appears that the group has a low to medium sophistication level," she says. "Killnet, conveniently just like Anonymous Sudan, mainly launches DDoS attacks and threatens extortion with data they may or may not have." 

Trustwave SpiderLabs assesses that Killnet has the same threat level. Anonymous Sudan's recent attack against Air France and the threat to sell its data — that it may or may not actually have — could indicate an escalation in motivation and attack type, Dickens-Hale says.

**Killnet's "Black Skills" Launch**

Killnet's incessant attempts to drum up support for its efforts — mostly through exaggerated claims of its successes — are another thing that researchers are keeping an eye on. Flashpoint this week, for instance, reported observing Killnet's leader "Killmilk" announcing the creation of a private military hacking outfit called "Black Skills".

The security vendor assessed that Killmilk's description of Black Skills was an attempt to position Killnet as the cyber equivalent of Russian mercenary operation the Wagner Group. Earlier in March, Killnet also announced a DDoS-as-a-service offering called "Black Listing" that Flashpoint perceived as another attempt by the collective to carve a more formal identity for itself. 

"Black Skills/Black Listing appear to be an attempt from Killnet to establish itself as a corporate identity," Flashpoint researchers concluded. "According to our intelligence, the new group will be organized and structured, with subgroups taking care of payroll, public relations and technical support, pen testing, as well as data collection, analysis, information operations, and hits against priority targets."

Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation

With companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context.

In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that it had jumped into the market for providing adaptive access that can keep applications secure and allow access while minimizing blind spots and the overprovisioning of privileges. The company's executives maintained that easing deployment of granular and adaptive authentication will convince business customers to more rapidly adopt the technologies.

Companies already know that they need the context-aware security that adaptive access provides, says Jagadeesh Kunda, co-founder and chief product officer of Oleria.

"Modern IT has become a continuous, complex system, adapting dynamically to business needs, \[but\] the gap we hear from CISOs and CIOs is the ability to effectively manage access," he says. "With the typical organization running hundreds of applications to support an ever-changing environment, assigning roles and access on a static basis is no longer sufficient or sustainable."

While most companies strive for more granular access controls, adaptive technologies have foundered due to the complexity of the solutions. In its 2022 "MarketScape" report for advanced authentication, analyst firm International Data Corp. estimated that fewer than three in 10 companies use multifactor authentication (MFA), which is only an initial step toward the more advanced access controls represented by adaptive access and authentication. Overall, only 9% of companies have added context-based access policies, which in many ways are the foundation of adaptive access controls, according to Okta's 2022 "State of Zero Trust" report.

**Cloud Native Security Means Adapting**

Yet companies are convinced of the necessity of adaptive access because the ability to grant users access to the appropriate data in the proper way has become significantly more important. While only 9% of companies currently have access controls based on context, a significant 42% of businesses intend to implement those policies in the next 12 to 18 months, Okta stated in its report.

    

Only 9% of companies use context-based access policies, but 42% plan to adopt them. Source: Okta

The technology allows companies — and their security teams — to be more agile, says Chris Niggel, chief security officer for the Americas at Okta.

"It helps protect data by allowing the organization to be confident that sensitive data is only being accessed by approved individuals using approved systems," he says. "It allows IT and security teams to enable the business by more quickly granting and revoking access to this sensitive data."

While seemingly similar, adaptive access and adaptive authentication are slightly different concepts, Oleria's Kunda says. Adaptive access gives a user permissions to specific resources based on the user's behavior, the context of the request, the state of their device, and the overall organizational risk level, while adaptive authentication allows for changing privileges based on those criteria.

With the two technologies, companies can determine the level of access that is appropriate in a particular context and deliver that access, he says.

"As organizations increasingly recognize the importance of dynamically granting or denying access based on contextual factors, such as user behavior and risk level, adoption of adaptive access approaches will continue to increase," Kunda says.

**Pursuing Zero Trust**

With so much of companies' infrastructure relying on the cloud, executives have increasingly focused on zero-trust frameworks as a way to harden security while still accommodating hybrid workers.

In addition to a secondary code or token offered by two-factor authentication, a variety of other factors can be taken into account, such as the access device, user's location, time of day, and current level of risk for the organization. Depending on those criteria, the user may have an easier authentication experience if they are logging into a network or service from a common location, at a regular time of day, and using a known device.

"An access management tool might collect signals about what kind of endpoint you are working on, where you are in the world, and what your previous access patterns are to determine level of risk," says Michael Kelley, senior director analyst at Gartner. "That determination of level of risk is used to decide how you are authenticated and, potentially, what you have access to, and what kind of access you have once you have been authenticated."

While most modern applications continue to use static authentication, adaptive authentication is expanding. Over the past four years, nearly every provider of access management tools has added some form of adaptive access to their products, he says.

Adaptive access (AA) is a step along the path of zero trust, says Andras Cser, a vice president and principal analyst for security and risk at Forrester Research.

"Adaptive access means lower customer friction as AA solutions only raise friction for those users that indicate \[they pose\] higher risk levels, \[such as\] using new devices, using a hitherto unknown IP address geolocation, displaying 'superman' travel — logins in 10 minutes from places that are 1000s of miles apart," Cser says.

Adaptive Access Technologies Gaining Traction for Security, Agility

Decentralized identity products are increasingly projected to be introduced to the market in the next couple of years.

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million.

    

Through decentralization and blockchain technology, there are an increasing number of people taking back control of their data. Although the digital identity space is still in its initial stages, it is possible that decentralized identity with blockchain could make identity management decentralized, simplified, and seamless, completely transforming the market landscape. Startups and DID initiatives continue to develop proofs of concept (PoC) for decentralized identity in government, finance, healthcare, and other fields, and the opportunities for decentralized identity continue to grow and evolve.

**eIDAS 2.0 Driving Growth**

Omdia believes that the eIDAS 2.0 regulation will be a significant driver for growth in decentralized identity during the forecast period. The updated eIDAS 2.0 initiative is built on the existing, cross-border, legal framework for trusted digital identities, the European electronic identification, and trust services initiative (eIDAS Regulation), which was adopted in 2014. By September 2023, all EU member states must ensure that a digital identity wallet is available to all EU citizens, residents, and businesses in the EU and usable not only for identity documents but for all attestations, including those with sensitive personal data such as health-related data and documents.

**Advantages of Decentralized Identity**

The advantages that decentralized identity gives users over traditional identity and access management solutions include control, security, privacy, and ease of use:

*   Control – Control gives identity owners and digital devices power over their digital identifiers. Because users have complete control and ownership of their identities and credentials, they can decide which information they want to reveal and can prove their claims without depending on any other party.
*   Security – Security reduces attack surfaces by storing personal identifiable information (PII). Blockchain is an encrypted decentralized storage system that is safe, flexible, and reduces the risk of an attacker gaining unauthorized access to steal or monetize user data.
*   Privacy – Privacy enables entities to use the principle of least privilege (PoLP) to designate minimal or selective access for identity credentials. PoLP is a term correlated with information security. It states that any person, gadget, or process should only have the minimal rights necessary to execute the considered task.
*   Ease of use – Decentralized identity technology gives users the advantage of easily creating and managing their identities with user-friendly neoteric decentralized identity apps and platforms.

**Disadvantages of Decentralized Identity**

In contrast, the disadvantages of decentralized identity include no large-scale adoption, legacy systems, and regulation and identity data fragility:

*   No large-scale adoption – Governments and organizations are still attempting to figure out how to deploy decentralized identity technology at scale while most non-tech users have not even heard of this phenomenon.
*   Legacy systems and regulation – Replacing existing legacy systems and creating interoperable global standards and governance are also important issues.
*   Identity data fragility – While a secondary issue, identity data fragility, which refers to duplication, confusion, and inaccuracy in identity management, remains.

**More Decentralized Identity Products Coming**

The popularity of decentralized identity is gathering pace with vendors such as IBM, Microsoft, and Ping Identity entering the fray. Even governments are looking at the technology. Omdia believes that over the next couple of years, more decentralized identity products will be launched onto the market, and this will help the technology become more mainstream. The decentralized identity market is expected to have significant growth during the forecast period, increasing to $6.5 billion in 2027.

Is Decentralized Identity About to Reach an Inflection Point?

Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities.

The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies' grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet.

The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies to plan and execute global hacking operations. They include project plans, software descriptions, instructions, internal emails, and transfer documents from the company.

The takeover of railroad networks and power plants are also part of a training seminar held by Vulkan to train hackers.

The leak also exposes the company's close links to the FSB, Russia's domestic spy agency, the GOU and GRU, the respective operational and intelligence divisions of the armed forces, and the SVR, Russia's foreign intelligence organization.

The documents, which were leaked by an unnamed source to a German reporter working for the Süddeutsche Zeitung at the start of Russia's invasion of Ukraine, have since been analyzed by global media outlets including The Washington Post and German media outlets Paper Trail Media and Der Spiegel.

According to the Spiegel report (in German), Vulkan has developed tools that allow state hackers to efficiently prepare cyberattacks, filter Internet traffic, and spread propaganda and disinformation on a massive scale.

The Spiegel report notes that analysts from Google reportedly discovered a connection between Vulkan and the hacker group Cozy Bear years ago; the group has successfully penetrated systems of the US Department of Defense in the past.

**Amezit, Skan-V Programs Revealed**

One offensive cyber program described in the documents is internally codenamed "Amezit."

The wide-ranging platform is designed to enable attacks on critical infrastructure facilities in addition to total information control over specific areas.

The program's goals include using special software to derail trains or paralyze airport computers, but it was not clear from the materials whether the program is currently being used against Ukraine.

Another project, called "Skan-V," is supposed to automate cyberattacks and make them much easier to plan.

Whether and where the programs were used cannot be traced, but the documents prove that the programs were ordered, tested, and paid for.

"People should know the dangers this poses," shared the anonymous source who leaked the docs to the media. The Russian invasion of Ukraine had motivated the source to make the documents public.

**As the Sandworm Turns**

A trail also leads to the state hacker group Sandworm, one of the most dangerous advanced persistent threats (APTs) in the world, responsible for some of the most serious cyberattacks of recent years. For instance, the threat actor has been targeting the Ukrainian capital since as far back as December 2016 when it used the malware tool Industroyer to cause a temporary power outage in Kyiv.

Until now, it was not known that the group used tools from private companies.

Sandworm has previously been linked to GRU.

Since the start of the war, at least five Russian, state-sponsored or cybercriminal groups — including Gamaredon, Sandworm, and Fancy Bear — have targeted Ukrainian government agencies and private companies in dozens of operations that aimed to disrupt services or steal sensitive information.

Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar

Russia's invasion of Ukraine spurs Space Force to seek astronomical investments in cybersecurity.

US Space Force top brass have requested a $700 million investment in cybersecurity as part of the military branch's overall $30 billion 2024 budget.

The Russian invasion of Ukraine and ongoing war has laid bare the national interest in defending critical networks, explained Gen. B. Chance Saltzman, chief of space operations, at a recent House Appropriations Committee hearing on Capitol Hill.

The $30 million investment in Space Force cybersecurity will "enhance the cyber defense of our critical networks associated with space operations," Saltzman said, according to reports on the hearing. "There's no question that space is going to be central to effective operations in the future."

In May 2022, Space Force added four squadrons to shore up cybersecurity throughout the branch and oversee an overhaul of the outdated Satellite Control Network.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading