**NEW YORK****,** **Jan. 25, 2023** **/PRNewswire/ --** At least 344 organizations in the healthcare industry suffered data breaches in 2022, according to a just-released report from the Identity Theft Research Center® (ITRC). This is the third year in a row that healthcare organizations led all industries in the number of data compromises.

Healthcare organizations represented 19 percent of the 1,802 breaches reported in the 2022 ITRC report, with Financial Services (268), Manufacturing and Utilities (249), and Professional Services (224) following behind. In 2021, 15 percent of the breaches tracked by ITRC affected healthcare companies.

Cyberattacks continued to be criminals' weapons of choice, with 1,595 breaches in 2022, a slight decrease from 1,613 in 2021 with drops year-over-year in the number of breaches attributed to phishing, ransomware, and malware.

Supply chain attacks outstripped malware attacks in 2022, with 115 instances affecting 1,743 organizations and at least 10 million people. Healthcare organizations were hit particularly hard by supply chain attacks as eight of the 12 supply chain breaches cited in the report affected business associates of healthcare organizations or health insurance companies.

The breaches listed below reinforce the importance of having well-crafted business associate agreements with vendors to limit liability and maintain HIPAA compliance.

*   Shields Health Care Group, Inc.: 56 Entities; 1,804,069 Victims
*   Eye Care Leaders: 37 Entities; 3,372,880 Victims
*   Practice Resources, LLC: 28 Entities; 942,138 Victims
*   MCG Health, LLC: 10 Entities; 793,283 Victims
*   Comstar, LLC: 2 Entities; 585,621 Victims
*   Adaptive Health Integrations: 1 Entity; 510,574 Victims
*   Connexin Software, Inc.: 1 Entity; 2,216,365 Victims

"Breaches like the ones affecting the business associates listed above illustrate why HIPAA Compliance must be the foundation upon which you build your privacy and security strategy," said Marc Haskelson, the CEO of Compliancy Group, the leading provider of automated HIPAA compliance solutions for healthcare organizations. "It is impossible to prevent every data breach, especially when it happens outside of your organization, but HIPAA compliance can limit your liability and expose potential problems with suppliers through the due diligence that takes place while forging a business associate agreement.

**About Compliancy Group**

Compliancy Group gives healthcare professionals confidence in their compliance plan, increasing client loyalty, and profitability of their business while reducing risk. Their simplified software solution, and Compliance Coach® guidance, help organizations achieve HIPAA compliance with ease. Get compliant today!

SOURCE Compliancy Group

Healthcare Remains Top Target in 2022 ITRC Breach Report

New Cyberseek™ data shows US is short nearly 530,000 skilled cybersecurity staff.

**BOSTON****,** **Jan. 25, 2023** **/PRNewswire/ --** Despite recent high-profile tech industry layoffs, demand for cybersecurity professionals remains high, according to the latest data from CyberSeek™.

According to new data from the cybersecurity workforce analytics site developed in partnership by the National Initiative for Cybersecurity Education at NIST, CompTIA and Lightcast, the total number of employed cybersecurity workers held fairly steady in 2022 at around 1.1 million, while the number of online job postings edged down to 755,743 from 769,736 in the 12-month period ending in December 2022.

"Despite concerns about a slowing economy, demand for cybersecurity workers remains historically high. Companies know cybercrime won't pause for a market downturn, so employers can't afford to pause their cybersecurity hiring," said Lightcast Vice President of Applied Research-Talent Will Markow.

According to Lightcast data, each of the first nine months of 2022 set records for the highest monthly cybersecurity demand since 2012 but cooled in November and December.

A key indicator is the ratio of currently employed cybersecurity workers to new openings, which gives an indication of how big the worker shortfall is. The supply-demand ratio is currently 68 workers per 100 job openings, edging up from the previous period's ratio of 65 workers per 100 openings. Based on these numbers, we need nearly 530,000 more cybersecurity workers in the US in order to close current supply gaps.

Between 2021 and 2022, public sector cybersecurity demand grew 25 percent to 45,708 postings, while private sector demand grew at a rate of 21 percent to 710,035 job listings. Lightcast data shows an even larger disparity between growth rates when comparing the growth since 2019. In the past three years, private sector cybersecurity demand has grown 36 percent, while public sector demand grew 58 percent.

The Washington DC metro area alone accounted for 19 percent (8,686) of all public sector domestic cybersecurity demand in 2022. It's expected that the DC metro area will need 52,634 new cybersecurity workers to close current supply gaps.

"A useful feature of CyberSeek is the differentiation between public sector data for federal and state governments and private sector data that is further segmented by sectors of the economy," said Rodney Petersen, Director of the National Initiative of Cybersecurity Education (NICE). "The methodology for identifying job openings and the employed cybersecurity workforce in the public sector utilizes the NICE Workforce Framework for Cybersecurity and is consistent with the requirements of the Federal Cybersecurity Workforce Assessment Act of 2015 that directs federal agencies to identify positions that require the performance of information technology, cybersecurity, or cyber-related functions."

"Each new disclosure of a data breach amplifies the critical need for more cybersecurity professionals," said Nancy Hammervik, Chief Solutions Officer at CompTIA. "The variety and volume of cybersecurity career opportunities available across the country are illustrated clearly and comprehensively on CyberSeek. Whether you are an experienced cyber pro interested in new challenges, or someone intent on starting a career in cybersecurity, CyberSeek provides detailed information about career pathways, salaries, credentials, and skill sets associated with specific job roles."

Details on the new CyberSeek data were presented and discussed this week at the NIST webinar "Providing Timely and Clear Data to Support Federal Cybersecurity Workforce Needs."

Despite Slowing Economy, Demand for Cybersecurity Workers Remains Strong

**DOWNERS GROVE, Ill.****,** **Jan. 25, 2023** **/PRNewswire/ --** Organizations must adopt a multi-pronged approach involving new strategies and tactics to address the growing global shortage of cybersecurity professionals, according to CompTIA, the nonprofit association for the information technology (IT) industry and workforce.

The world's cyber workforce was among the issues discussed during the recent Cyber Future Dialogue 2023 in Davos, Switzerland. Gordon Pelosse, senior vice president, employer engagement, CompTIA, was among the dozens of executives participating in the conference.

"The cybersecurity workforce problem is real and is being felt globally," Pelosse said. "Every company is scrambling for talent, knowledge and solutions in an ever-evolving environment."

"The discussion on the cyber workforce elicited a wide range of views; from there is nothing that can be done to leave it to technology to solve," Pelosse continued. "This view is wishful thinking, hoping we can one day automate our way out of this talent shortage. Automation holds promise, but requires human reasoning, strategic decision-making, design, support, and intervention to remediate many of the evolving attacks we see today."

Creating a multi-faceted approach to building or expanding a cybersecurity workforce requires organizations to meld current practices with new thinking. The most expedient solution is to look at the tech talent that they already employ.

"If you have skilled and experienced network administrators and engineers, systems administrators or others that understand the fundamentals of IT and networking, upskilling these individuals into cybersecurity roles may be the best immediate solution to fill these positions," Pelosse said.

Employers must also expand the pool of candidates they are willing to recruit from. While college is an excellent choice for many people, it is not for everyone.

"Boot camps, technical training classes, self-paced study, industry certifications and other methods can produce excellent candidates for cybersecurity roles and other technology positions without the need for an advanced academic degree," Pelosse noted.

CompTIA's latest "State of Cybersecurity" report found that the general state of cybersecurity is making relatively slow progress. Especially in more developed regions, few individuals believe that there is dramatic improvement being made. In most cases, nearly the same percentage of people believe that the situation is getting worse. Nearly everyone feels that there is room for improvement."

A high degree of cooperation among employers, industries, education and training organizations and others is needed to address these challenges.

"With its global presence and history of facilitating collaborative solutions to common problems, CompTIA is uniquely positioned to address cybersecurity workforce challenges," Pelosse concluded.

CompTIA offers many resources to support its commitment to building a robust cybersecurity workforce around the world to help organizations strengthen their cyber defenses, including training programs and certifications for cybersecurity professionals, career insights, best practices and guides, research,  and the CompTIA Cybersecurity Trustmark, an organizational credential for the managed service provider (MSP) community.

**About CompTIA** 

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world's economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. https://www.comptia.org/

Davos Debrief: Critical Shortage of Cybersecurity Talent Requires Action on Several Fronts, CompTIA Executive Says

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

Researchers have developed a proof-of-concept (PoC) exploit for a public x.509 certificate-spoofing vulnerability in the Windows CryptoAPI that the NSA and the National Cyber Security Center (NCSC) reported to Microsoft last year.

Microsoft quietly patched the bug, tracked as CVE-2022-34689, in its August 2022 monthly Patch Tuesday security update, but only publicly disclosed it in October. At the time, it assessed the vulnerability as one that attackers were more likely to exploit. But it offered scant details on the bug or how an attacker might exploit it.

"When the patch was released, this bug was missing from \[Microsoft's\] release notes," says Yoni Rozenshein, security researcher at Akamai. "It was announced retroactively two months later, in October, and there seems to be no information available that describes the vulnerability and how it's exploited."

**Proof-of-Concept Attack for CVE-2022-34689**

Researchers at Akamai who have been analyzing the vulnerability for the past several months this week released details of an attack they developed for it, which they said would allow attackers to spoof the target certificate and masquerade as any website, with the ability to take a variety of malicious actions.  
"The vulnerable browser would show the green lock icon indicating a secure connection even though the connection is completely controlled by the attacker," Rozenshein says. He described Akamai's PoC for it as the first for the bug.

CryptoAPI is a Windows application programming interface that developers use to enable support for cryptography for their applications. One of CryptoAPI's roles is to verify the authenticity of digital certificates. And it is in this function where the vulnerability exists, Rozenshein says.

To verify the authenticity of a certificate, CryptoAPI first checks to see if it already exists in the receiving application's certificate cache. If it does, CryptoAPI treats the received certificate as verified. Prior to Microsoft's patch for it, CryptoAPI determined whether a received certificate was already in the certificate cache or not merely by comparing MD5 hash thumbprints. If the received certificate's MD5 thumbprint matched the MD5 thumbprint of a certificate in cache, CryptoAPI treated the received certificate as verified, even if the actual contents of the two certificates did not match exactly.

That opens the door for cyberattackers to introduce an imposter certificate.

**MD5 Thumbprints: An Incorrect Assumption**

Prior to the patch, "Microsoft inherently trusts the validity of cached certificates and doesn’t perform any additional validity checks after an end certificate is found in the cache," Akamai said in its report. While this by itself is a reasonable assumption, CryptoAPI's trust that two end certificates are identical if their MD5 thumbprints match "is an incorrect assumption that can be exploited, and was the genesis of the patch," Akamai noted.

To prove how an attacker could exploit the issue, Akamai researchers first generated two certificates — one legitimately signed and the other malicious — and rigged them so they would both end up having the same MD5 thumbprints. They then devised a way to serve the first, legitimate certificate to an application with a vulnerable version of CryptoAPI (in this case, an old version of Chrome — v48). Once the application had verified the certificate and stored it in its end certificate cache, Akamai showed how an attacker could then use a man-in-the-middle attack to serve the second malicious certificate to the same application and have it be verified as authentic.

Two conditions need to exist for the attack to work, Rozenshein says. One is that the application needs to be missing the Windows patch that Microsoft released last August. The other is that the application must use CryptoAPI for certificate verification and enable a CryptoAPI feature called "end certificate caching." The feature is disabled by default on CryptoAPI, but some applications enable it to boost performance. It is these applications that attackers can target, if an organization has not patched them.

"We are still actively researching and looking to find more vulnerable applications," Rozenshein says.

**Easy to Exploit**

Rozenshein says an attacker with control over a network can exploit the flaw without much difficulty. "They will need to compute an MD5 collision, but this can be done in advance, cheaply and in only a few hours," he says pointing to previous research that has shown how it is possible for an attacker to generate two certificates with the same MD5 thumbprint.

Once the MD5 thumbprint is calculated, the attack can be carried out easily, Rozenshein says. How an attacker carries out the next two phases of the attack (serving the two certificates) depends on the type of application being targeted, he adds: "In the case of Web browsers, we have found that simply resetting the connection after the first phase has been completed causes the browser to immediately try to reconnect. This is when the attack switches to the second phase."

Microsoft did not immediately respond to a request for comment on Akamai's research or PoC attack.

CVE-2022-34689 is the second flaw in CryptoAPI that the NSA has disclosed to Microsoft in recent years. In 2020, they reported a similar issue, tracked as CVE-2020-061, or the Curveball vulnerability. Akamai assessed the more recently disclosed flaw as presenting less of a threat than CurveBall because there are more prerequisites attached to it and therefore has a more limited scope of vulnerable targets.

Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

The GoTo remote work tool software platform has confirmed that encrypted backups for several of its tools, including Central, Pro, join.me, Hamachi, and RemotelyAnywhere, were exfiltrated, along with some encryption keys, in last November's compromise of the LastPass cloud-based password keeper.

The compromised GoTo data could include usernames, salted and hashed passwords, some multifactor authentication (MFA) settings, product settings, and licensing information, according to the company's recent disclosure.

Impacted customers will be contacted by GoTo directly, and all affected users will have their passwords and MFA settings reset, according to a post from GoTo CEO Paddy Srinivasan, which included details on the breach.

"In addition, we are migrating their accounts onto an enhanced identity management platform, which will provide additional security with more robust authentication and login-based security options," Srinivasan added.

Last December, LastPass confirmed the theft of customer data — a follow-on cyberattack from the previous August, when the LastPass source code was stolen.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

GoTo Encrypted Backups Stolen in LastPass Breach

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these threats is that there's a good chance they'll continue to be exploited months or years into the future.

The Department of Homeland Security's Cyber Safety Review board debuted in 2021, and in 2022 released its inaugural safety report (PDF). In it, the board called Log4j an "endemic vulnerability," chiefly because there isn't a comprehensive "customer list" for Log4j, making keeping up with vulnerabilities a near-impossible task. One federal Cabinet department even spent 33,000 hours on its Log4j response.

And many organizations and security solutions on the market fail to identify the difference between exploitability and vulnerability — leaving an opportunity for attackers to carry out malicious activity.

**Exploitability vs. Vulnerability**

One of the key issues with cybersecurity today is understanding the difference between vulnerabilities and their severity. When it comes to measuring exploitability versus a vulnerability, there's a big difference between whether a security threat is exploitable within your business or if it's just "vulnerable" and cannot hinder the business or reach a critical asset. Security teams spend too much time not understanding the difference between the two and fix each vulnerability as it comes, instead of prioritizing those that are exploitable.

Every company has thousands of common vulnerabilities and exposures (CVEs), many of which score high on the Common Vulnerability Scoring System (CVSS), so it's impossible to fix them all. To combat this, the hope is that risk-based vulnerability management (RBVM) tools will make prioritization easier by clarifying what is exploitable.

However, security prioritization approaches that combine CVSS scores with RBVM threat intel don't provide optimal results. Even after filtering and looking just at what is exploitable in the wild, security teams still have too much to handle because the list is long and unmanageable. And just because a CVE doesn't have an exploit today doesn't mean that it won't have one next week.

In response, companies have been adding predictive risk AI, which can help users understand if a CVE might be exploited in the future. This still isn't enough and leads to too many issues to fix. Thousands of vulnerabilities will still show to have an exploit, but many will have other sets of conditions that have to be met to actually exploit the problem.

For example, with Log4j, the following parameters need to be identified:

*   Does the vulnerable Log4j library exist?
*   Is it loaded by a running Java application?
*   Is the JNDI lookup enabled?
*   Is Java listening to remote connections, and is there a connection for other machines?

If the conditions and parameters aren't met, the vulnerability isn't critical and shouldn't be prioritized. And even if a vulnerability could be exploitable on a machine, so what? Is that machine extremely critical, or maybe it isn't connected to any critical or sensitive assets?

It's also possible the machine isn't important yet it can enable an attacker to continue toward critical assets in stealthier ways. In other words, context is key — is this vulnerability on a potential attack path to the critical asset? Is it enough to cut off a vulnerability at a chokepoint (an intersection of multiple attack paths) to stop the attack path from reaching a critical asset?

Security teams hate vulnerability processes and their solutions, because there are more and more vulnerabilities — nobody can ever fully wipe the slate clean. But if they can focus on what can create _damage_ to a critical asset, they can have a better understanding of where to start.

**Combating Log4j Vulnerabilities**

The good news is that proper vulnerability management can help reduce and fix the exposure to Log4j-centric attacks by identifying where the risk of potential exploitation exists.

Vulnerability management is an important aspect of cybersecurity and is necessary for ensuring the security and integrity of systems and data. However, it's not a perfect process and vulnerabilities can still be present in systems despite best efforts to identify and mitigate them. It's important to regularly review and update vulnerability management processes and strategies to ensure that they are effective and that vulnerabilities are being addressed in a timely manner.

The focus of vulnerability management should not only be on the vulnerabilities themselves, but also on the potential risk of exploitation. It is important to identify the points where an attacker may have gained access to the network, as well as the paths they may take to compromise critical assets. The most efficient and cost-effective way to mitigate the risks of a particular vulnerability is to identify the connections between vulnerabilities, misconfigurations, and user behavior that could be exploited by an attacker, and to proactively address these issues before the vulnerability is exploited. This can help to disrupt the attack and prevent damage to the system.

You should also do the following:

*   **Patch:** Identify all your products that are vulnerable to Log4j. This can be done manually or by using open source scanners. If a relevant patch is released for one of your vulnerable products, patch the system ASAP.
*   **Workaround:** On Log4j versions 2.10.0 and above, in the Java CMD line, set the following: log4j2.formatMsgNoLookups=true
*   **Block:** If possible, add a rule to your Web application firewall to block: "jndi:"

Perfect security is an unachievable feat, so there's no sense making perfect the enemy of good. Instead, focus on prioritizing and locking down potential attack paths that continuously improve security posture. Identifying and being realistic about what actually is vulnerable versus what is exploitable can help do this, since it will allow the ability to strategically funnel resources toward critical areas that matter the most.

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The DPRK has turned crypto scams into big business to replenish its depleted state coffers.

The blockchain industry hemorrhaged money last year, with the global market for cryptocurrencies plummeting 63%. But investors didn't only lose money to half-baked coins and overhyped NFTs.

In a report published today, researchers from Proofpoint detailed how North Korean state-backed hackers managed to siphon more than $1 billion dollars in cryptocurrencies and other blockchain assets in the 2022 calendar year (all the more impressive considering how depressed those assets had become).

Proofpoint attributed the success of the TA444 group and related clusters — variously referred to as APT38, Bluenoroff, BlackAlicanto, Stardust Chollima, and Copernicium — to their startup-like approach.

Hallmarks, the researchers said, include "rapid iteration, testing products on the fly, and failing forward." The group regularly experiments with new methods of intrusion, and has cycled through different and better malware in recent years.

"While we do not know if the group has ping-pong tables or kegs of some overrated IPA in its workspace," the authors wrote, "TA444 does mirror the startup culture in its devotion to the dollar and to the grind."

**TA444's Evolving Threat**

There's an element of "move fast and break things" to TA444.

In recent years, the group has iterated on their social engineering tactics many times over. Sometimes it sent private messages from hijacked LinkedIn accounts of representatives from legitimate companies, other times it abused email marketing tools in order to circumvent spam filters. It has engaged with victims in English, but also Japanese, Polish, and Spanish.

In one oddball case, it email-blasted organizations across the US healthcare, education, finance, and government sectors, using barebones, typo-laden phishing lures. At best, their lures made reference to specific brand names in the industry, sometimes promising salary increases or job opportunities, but the efforts here were mainly rudimentary.

Where other cybercrime groups may focus on perfecting social lures and delivery mechanisms, researchers explained that malware creation is where TA444 really distinguishes itself.

Their collection of post-exploitation backdoors has included the msoRAT credential stealer, the SWIFT money laundering framework DYEPACK, and various passive backdoors and virtual "listeners" for receiving and processing data from target machines.

"This suggests that there is an embedded, or at least a devoted, malware development element alongside TA444 operators," according to the report.

**North Korea: The OG Crypto Bro**

To supplement its maladroit command economy, the government of North Korea has long used hackers for fundraising, targeting wherever a financial opportunity happens to lie. That includes everything from retailers in the United States to the SWIFT banking system, and, in one notorious case, the entire world.

Because cryptocurrency companies offer few safeguards against theft, transactions are generally irreversible, and parties to those transactions are difficult to identify, the industry is rife with financially motivated cybercrime. North Korea has been dipping into this well for years, with campaigns against startups, botnets that mine coins, and ransomware campaigns soliciting crypto payments.

Last year, though, the scale of the theft reached a new level. Blockchain research firm Chainalysis assessed that the country stole nearly $400 million dollars in cryptocurrency and blockchain assets in 2021. In 2022, they surpassed that figure with a single attack — against a blockchain gaming company called SkyMavis — estimated to be worth over $600 million at the time. Add in other attacks throughout the calendar year, and their total haul reaches 10 figures.

"While we may poke fun at its broad campaigns and ease of clustering," the researchers warned, "TA444 is an astute and capable adversary."

Proofpoint's report noted that monitoring for MSHTA, VBS, Powershell, and other scripting-language execution from new processes or files can help detect TA444 activity. It also recommended using best practices for a defense-in-depth approach to combat TA444 intrusions: Using network security monitoring tools, using robust logging practices, a good endpoint solution, and an email monitoring appliance, in addition to training the workforce to be aware of heist activity that stems from contact on WhatsApp or LinkedIn. 

"Additionally, given the credential phishing campaign activity we observed, enabling MFA authentication on all externally accessible service would help limit the impact of credentials eventually getting stolen," the researchers said via email.

North Korea's Top APT Swindled $1B From Crypto Investors in 2022

Some predictions about impending security challenges, with a few tips for proactively addressing them.

Cloud transformation has become a strategic advantage for many organizations, providing convenience, cost savings, and near-permanent uptimes compared with on-premises infrastructure. At the same time, the move to cloud has also increased the attack surface, resulting in an uptick in criminal activity targeting cloud environments. As we roll into 2023, fears about a potential recession and a corresponding desire to cut costs are renewing urgency to move to the public cloud.

For organizations to successfully secure cloud environments, they must understand the critical risks that can be exploited by attackers to infiltrate cloud environments. As with legitimate activity in the cloud, attackers continue to evolve their approaches, so the challenges faced in 2023 will be different than those faced in 2022 and prior. Here are my top 2023 predictions.

**Multicloud Environments Will Continue to Compound Security Challenges**

Multicloud offers numerous benefits, from avoiding vendor lock-in to reliability, agility, and cost-efficiency. At the same time, however, it brings additional layers of complexity, particularly regarding security management. According to a recent report, 78% of organizations deploy applications on more than three public clouds.

Moreover, the number of services available from the top three public cloud providers (Amazon Web Services, Azure, and Google) is expected to surpass 1,000, up from 750 today. In an effort to embrace agility and innovation, security practitioners will need to find ways to support these news services as soon as they are available.

With each cloud provider's unique capabilities enhanced and expanded almost daily, organizations will have to invest in automated tools that map new services to security and compliance frameworks, like NIST, CIS, and others.

**Securing Developer Environments Will Become the Most Critical Component**

The continuous growth and diversity of application deployments are creating an extensive attack surface for malicious actors. We have seen cybersecurity incidents like SolarWinds, Kaseya, and Spring4Shell significantly impact organizations.

On the other hand, we also see issues like Log4j, which recently demonstrated how many organizations can be impacted due to software vulnerabilities. Hence, we expect securing developer environments will become one of the most critical components for organizations in 2023.

**DevSecOps Tool Sprawl Will Begin to Consolidate**

According to Gartner, of those organizations that have implemented a DevSecOps pipeline for cloud security, "these organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some old and some new — each with siloed responsibility and view of application risk."

Recognizing the overhead with managing so many tools, and the challenges with achieving consistent policies across cloud providers and services, information security teams will increasingly standardize on broader platforms, such as cloud-native application protection platforms, at the expense of point products, such as cloud security posture management, infrastructure-as-code scanners, and cloud workload protection platforms.

**Focused Approach for Data Protection**

Monitoring data across multicloud environments has been an unsolved problem for a couple of years for most organizations. When production workloads are moved between multiple public cloud environments, it becomes difficult to track data or access permissions. Tools for cloud service providers have limitations to secure data in multicloud environments.

In 2023, organizations need to adopt new tool sets and new mindsets, and make a greater effort to detect, classify, and enforce policies to secure sensitive data. We expect data protection to be at the center of the cloud security strategy to avoid increasingly high-profile, complex cyberattacks and data breaches.

**Do More With Less**

The current economic climate is pointing toward a trend of tighter budgets in 2023. To combat this challenge, leaders will be consolidating tools, processes, and expertise with a more collaborative approach. We'll see wider use of cross-functional teams with even greater ROI focus to boost efficiency and reduce complexity.

**Cybersecurity Hiring Will Remain a Challenge**

According to the (ISC)2 2022 Cybersecurity Workforce Study, there is a shortage of 3.4 million cybersecurity workers worldwide. With limited staff, we expect security leaders to emphasize security automation with risk-based prioritization.

**How to Stay Safe in 2023**

Based on our experience of investigating attacks and related incidents, we believe that security leaders need to focus on the following tactics and techniques:

*   Cloud security approach and strategy: With the prevalence of large-scale cloud-native deployments, adopting a more modern, agile, and integrated cybersecurity approach is mission-critical.

*   Select the right tooling: Shifting to robust security with the right solutions and level of expertise, over security layers and threat intelligence.

*   Prioritizing visibility: Gain insight and control over the complex cloud environment covering threats, risks, and vulnerabilities in the cloud.

*   Data security in focus: Secure data in large, dispersed environments with strategic integrated data protection and DLP approach.

*   Threat intelligence, advanced correlation, and machine-learning techniques: Use a combination of advanced techniques to stay ahead of bad actors and proactively reduce risk.

*   Automate and maintain continuous compliance standards.

*   Team collaboration: Distribute and delegate security responsibilities using automation across the organization.

Multicloud Security Challenges Will Persist in 2023

**ARLINGTON, Va.****,** **Jan. 25, 2023** **/PRNewswire/ --** ThreatConnect announced today the release of ThreatConnect Platform v7.0, the industry's first threat intelligence platform designed specifically for TI Ops.  The new release radically increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. 

"Legacy approaches to threat intelligence are no longer sufficient to protect the enterprise in a world of an expanding attack surface and increasing velocity and sophistication of threats," said Andrew Pendergast, EVP of Product at ThreatConnect. "Security operations must modernize by adopting a new approach that puts threat intelligence at the core of everything – aggregating TI from multiple sources, prioritizing the most dangerous threats, and taking timely action so security programs can be strategic and proactive."

The ThreatConnect Platform enables organizations to achieve alignment between security operations and the critical risks to the business as well as better security efficiencies and greater effectiveness, including faster time to mitigate critical vulnerabilities and faster mean time to detect (MTTD) and respond (MTTR) to threats. In a recent survey of ThreatConnect customers, more than 68% of respondents said that the product helped them improve their MTTR by more than 50%.  In the same survey, 95% of respondents noted that ThreatConnect enabled them to get more value from their existing security tools such as SIEM, XDR, and SOAR.

Customers can now go beyond just managing threat intel to operationalizing it and fusing it across every part of your security program, from threat investigation to incident response to vulnerability management.

**ML-Powered Global Intelligence and Analytics with CAL™ v3.0**

With the introduction of a native natural language processing (NLP) to the  ThreatConnect Platform now automates many analyst activities saving them time and effort. CAL™ now has the ability to understand MITRE ATT&CK techniques. This capability underpins the new CAL™Automated Threat Library (ATL) intelligence. Analysts no longer need to visit dozens of blogs and news sources every day, analyzing the sources for indicators, threat actors, and ATT&CK techniques, and copying and pasting relevant intel. CAL™ ATL  automatically aggregates, enriches, scores,analyzes, and filters more than 60 top threat intel-related news sources into an intel feed ready to be used in the ThreatConnect Platform with more sources being added all the time.

**Native Reporting Engine**

The CISO down to security analysts need timely and relevant information and insights to make strategic, tactical, and operational decisions. With ThreatConnect's native Reporting engine, customers can easily create custom reports to put actionable information in front of the right people at the right time to improve defenses. With this new capability, users can create reports directly in  the Platform using the built-in report editor, saving time and effort by leveraging the intelligence already aggregated and built from your threat library in ThreatConnect with powerful graphs, charts, and free form text..  

**Built-in Enrichment** 

Built-in Enrichment with our top enrichment provider partners automates and streamlines the process of adding context to Indicators of Compromise. Users will have a simple, plug-and-play experience to have the most common enrichment providers set up throughout the ThreatConnect platform, helping them to identify false positives, and to pull out actionable intelligence to improve detection efficacy and speed up threat response.

**Learn More:**

*   Read our blog post to learn more about Threat Intelligence Operations, the Evolved Threat Intel Lifecycle, and latest capabilities in ThreatConnect Platform v7.0.
*   Download the Dawn of TI Ops  paper to learn why TI Ops is critical to security operations.
*   Download the Evolved Threat Intel Lifecycle infographic to learn why the a new threat intel lifecycle is required for TI Ops
*   Register for the webinar The Need for an Evolved Threat Intel Lifecycle on February 17, 2023.

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)

**FRANKLIN LAKES, N.J.****,** **Jan. 25, 2023** **/PRNewswire/ --** BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, today released its third annual cybersecurity report to update stakeholders about the company's ongoing efforts to advance cybersecurity maturity, protect against cyberattacks and empower customers with information about cyber risks and vulnerabilities.

Through the BD 2022 Cybersecurity Annual Report, the company is increasing awareness of health care cybersecurity challenges and the company's commitment to transparency and collaboration.

"In health care, cybersecurity is about protecting patient safety and privacy, while also securing systems and data," said Rob Suárez, chief information security officer of BD. "Patients receive medical care at some of the most critical and vulnerable moments in their lives. They trust the safeguards put in place to protect them. Upholding strong cybersecurity measures and continuing to advance cybersecurity is part of honoring that trust."

In the context of recent cybersecurity trends and developments, the report discusses:

*   **Transparency and communication** – BD strives to help customers manage risk properly through awareness and guidance. The BD 2022 Cybersecurity Annual Report outlines the company's mature coordinated vulnerability disclosure processes and how customers can access product security documentation, including certifications and attestations from Underwriters Laboratories Cybersecurity Assurance Program (UL CAP), System and Organization Controls (SOC2) and the International Standards Organization (ISO/IEC 27001:2022).
*   **Collaborative efforts to advance cybersecurity** – Strengthening cybersecurity across the health care industry requires collaboration. The report highlights the work of multiple cybersecurity working groups and outlines the company's contributions to advancing secure cybersecurity practices, including ethical hacking exercises, cybersecurity scenario trainings and preparing for greater software-bill-of-materials (SBOM) visibility.
*   **The state of health care cybersecurity** – Ransomware, phishing and software supply chain attacks reinforce the need for strong proactive and preventive measures. The report details how the company strives to protect its products, manufacturing operational technology and enterprise IT from emerging risks and threats.

For more information about the company's approach to cybersecurity, download the BD 2022 Cybersecurity Annual Report**.**

**About BD**BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. The company supports the heroes on the frontlines of health care by developing innovative technology, services and solutions that help advance both clinical therapy for patients and clinical process for health care providers. BD and its 77,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. BD has a presence in virtually every country and partners with organizations around the world to address some of the most challenging global health issues. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care. For more information on BD, please visit bd.com or connect with us on LinkedIn at www.linkedin.com/company/bd1/ and Twitter @BDandCo.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading