The investment by IBM Ventures enables further collaboration to accelerate the adoption of modernized, identity-based connectivity for today's digital organizations.

**TEL AVIV, ISRAEL, Oct. 12, 2022** — Cyolo, creator of a zero trust identity-based access solution for IT and OT, announced today a new investment from IBM Ventures. Together IBM Ventures and Cyolo plan to collaborate and help modernize authentication for digital businesses.

In today's digital environment, organizations need to evolve their access and connectivity security to protect today's distributed work environments. With 84% of organizations having experienced identity-based cyberattacks, it's no longer safe to grant employees universal access to an entire network. Instead, access and connectivity should be granted on an individual basis and mapped to specific assets and data.

In addition to financial investment, IBM will provide cybersecurity expertise and technical resources in support of Cyolo’s Zero Trust Secure Access platform. Additionally, the teams will collaborate on go-to-market initiatives ranging from partner engagements to panel sessions in support of Cyolo’s mission to connect users to the assets they need to do their job simply, safely, and efficiently.

IBM Ventures' investment in Cyolo is further evidence of the urgent need for cybersecurity solutions that reduce complexity and work seamlessly across distributed workforces and environments. Earlier this year, IBM Ventures participated in Cyolo's Series B, contributing to the company's total raise of $60 Million. The new investment will help Cyolo to further scale its market presence.

"For many enterprises, the acceleration of remote workers has created both opportunities and challenges. The distributed model for people and assets has made connecting and securing them difficult," said Prof. Yaron Wolfsthal, Head of IBM Cyber Security CoE, Israel. "With IBM's investment in Cyolo, we'll continue our focus to make sure clients can break down silos and quickly provide secure access across the distributed environments," said Ben Daniels, IBM Ventures Partner.

"As we see the demand for identity-based access solutions continue to grow, we're excited to partner with such an industry leader like IBM to accelerate our growth and providing even greater cyber resilience to our already extensive market reach," said Cyolo CEO and co-founder Almog Apirion. "We look forward to working with IBM as we enable more companies to have ease of mind knowing that their digital assets have security protections in place from edge to core."

**About** **Cyolo**

Cyolo helps organizations in the IT and OT spaces to stay both secure and productive in an era of distributed workforces and unprecedented cyber threats. Cyolo’s next-generation zero trust network access solution (ZTNA 2.0) enables all users, including employees, third parties, and remote and on-site workers, to seamlessly and securely connect to their working environments via modern identity-based access. With one unified solution that integrates with the existing tech stack and deploys easily in the cloud, on-prem or in a hybrid model, Cyolo empowers the global workforce to securely access applications, files, servers, and workloads from any device on local networks or in the cloud. To learn more, visit https://cyolo.io.

_Statements regarding IBM's future direction and intent are subject to change or withdrawal without notice and represent goals and objectives only_

Cyolo Receives Investment from IBM Ventures for Zero Trust Secure Access Platform

The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.

Android devices are leaking certain traffic when a mobile device is connected to a Wi-Fi network, even when features aimed to protect data being sent over the public Internet by using virtual private networks (VPNs) are enabled.

The issue could poke a hole in a user's ability to remain anonymous when using a VPN to encrypt data being sent from an Android device over a public Wi-Fi network, allowing a would-be attacker to monitor a user's traffic and even pinpoint someone's location, researchers noted.

A security audit conducted by Mullvad VPN identified the issue, which it reported to Google's Android team. It found that the Android mobile OS — which has nearly 3 billion users worldwide — is sending connectivity checks outside the VPN tunnel.

"It does this every time the device connects to a Wi-Fi network, even when the _Block connections without VPN_ setting is enabled," they wrote in the post. "The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic.

This could allow a threat actor to derive information beyond merely the fact that the Android device is connected, such as a user's location if "combined with data such as Wi-Fi access point locations," the Mullvad researchers noted.

Android, for its part, says the function is working as intended, and that no fix is necessary.

**Defending Default Behavior**

It makes sense for Android to send connectivity data traffic by default, the Mullvad researchers acknowledged, such as when there is a captive portal on the network, they said.

In this case, the connection will be unusable until the user has logged in to it, "so most users will want the captive portal check to happen and allow them to display and use the portal," the researchers wrote.

Still, as there seems to be no way to prevent Android from leaking traffic, the issue remains unresolved and potentially a risk for some users, the researchers said. Moreover, Android's current documentation about how the OS blocks connections without a VPN is misleading, they wrote, even if a user is "fine with some traffic going outside the VPN tunnel."

As it would require a "sophisticated actor" to use connectivity checks against someone using an Android phone, "most of our users are probably unlikely consider it a significant risk," the researchers acknowledged.

But the feature as currently documented by Android gives a user the impression "that no traffic will leave the phone except through the VPN" when the feature is turned on, which is not the case, the Mullvad researchers said.

Previously, on Sept. 29, Mullvad had posted on Android IssueTracker suggesting a change to the documentation regarding the "Block connections without VPN" feature to alert users to potential data leakage.

To remedy this issue, researchers suggested adding "except connectivity checks" to documentation references that claim the feature allows people using a device or an IT admin to force all traffic to use the VPN, or blocks any network traffic that doesn't use the VPN for clarification. The issue remains pending.

Dark Reading has reached out to Android for comment.

**Connection Checks Working as Intended**

The researchers reported the mobile system's actual leaking of connectivity data to Android on its IssueTracker message board site. Android responded quickly that it was looking into it.

A Google engineer later defended the current state of the "Block connections without VPN" feature, responding that the status of the issue is "Won't Fix" as "this is working as intended" in a comment posted Oct. 6.

The engineer stated four reasons for declining to add an option in Android to disable connectivity checks. One is that the VPN might be actually relying on the result of these connectivity checks, while another is that the VPN may be a split tunnel, letting part of the traffic over the underlying network, or only affect a given set of apps.

Further, the connectivity checks are far from the only thing exempted from the VPN, as privileged apps can also bypass the VPN, and this is necessary for their operation in many cases, the engineered stated.

Finally, Google's position is that it's unclear as to what specific impact on privacy the issue has, as "connectivity checks reveal there is an Android device at this address, which is plenty clear from the L2 connection and from the traffic going over the VPN anyway," according to the engineer.

**High-Profile Risk**

Mullvad's point that the leak could pose a threat to some users certainly has validity, especially given the increased interest by state-sponsored threat actors to use spyware and other ways to monitor and even persecute high-profile Android users such as journalists, activists, academics, and politicians.

VPNs are meant to ensure that network connections using them encrypt Internet traffic over public networks, meaning that they use the IP address of a designated VPN service rather than someone's public IP address. This allows high-risk users who know they need extra security when their devices are connected to public Wi-Fi networks to hide their activity from prying eyes.

Mullvad acknowledged that there is nothing that the company or anyone else can do to fix the Android leaks if Google doesn't take action to change the OS.

However, there is one Android-based distribution, GrapheneOS, that gives users the option to disable connectivity checks within the mobile OS, the researchers said. With this feature enabled in devices using the distribution, Mullvad researchers said they could not observe the connections.

In light of this, the researchers reiterated their position that Google consider adopting this same ability to disable connectivity checks into stock Android, they concluded in their post.

Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On

Study estimates a 16% growth in e-commerce fraud losses in just 12 months.

**Hampshire, UK, Oct. 12, 2022** **—** A new study from Juniper Research has found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, from just over $41 billion in 2022. It predicted that this growth will be accelerated by the increasing use of alternative payment methods, such as digital wallets and BNPL (Buy-Now-Pay-Later), which are creating new fraud risks.

The report recommended that fraud-prevention vendors focus on building platforms providing AI-powered risk-based scoring, which can be payment method agnostic, to best suit changing market conditions.

Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing. Fraudster attacks can include phishing, business email compromises, and socially engineered fraud.

*   To find out more, see the new report: Online Payment Fraud: Market Forecasts, Emerging Threats & Segment Analysis 2022-2027
*   Download the free whitepaper: Fighting Online Payment Fraud in 2022 & Beyond

**North America Tops League Table for Fraud**

The research identified North America as having the largest fraudulent transaction value of any regional market, accounting for over 42% of global fraud by value in 2023, despite representing less than 7% of banked individuals globally. The research cited the vast volume of data breaches and the broad availability of stolen credit card information as the key risk factors in this market.

Research author Nick Maynard explained: _"To combat this fraud, eCommerce merchants must implement simple steps such as address verification, combined with risk-based scoring on transactions, which will allow merchants to best mitigate the massive fraud threats present."_

**BNPL Fraud – A Major Risk**

Additionally, the research found that the potential of fraud with BNPL is a major risk going forward. Given the delayed nature of BNPL payments, fraudsters can make several illegitimate payments using stolen card details before the fraudulent activity is identified, creating significant risk. In turn, the research recommended that BNPL vendors conduct robust identity verification at the point of onboarding to mitigate these risks.

E-Commerce Losses to Online Payment Fraud to Exceed $48B Globally in 2023, as Fraud Incursions Evolve

Automation means more attacks. It also means smarter, easier-to-implement prevention techniques. Here are five signs it is time to put your own data loss prevention strategy into place.

Whether due to cyberattacks or employee negligence, data transfers to unauthorized parties (known as data leaks) can be catastrophic for organizations of any size. The rise of behavior-based data loss prevention (DLP) software has made it possible to proactively head off such threats without requiring months to implement, teams to manage, or a doctorate in privacy law to understand.

But does your organization and the data you protect require a higher level of protection?

Whether you're an managed services provider (MSP) weighing whether to launch DLP services or an enterprise trying to decide if it's finally time to adopt a DLP solution, here are five indications that the answer is a resounding "yes":

**1\. Your employees (or end users) have access to particularly sensitive data on their endpoints.**

More than 80% of data breaches are perpetuated with a financial motive, according to Verizon's "2022 Data Breach Investigations Report." Cybercriminals target high-value data that includes trade secrets, intellectual property, and any highly regulated information that can be leveraged for personal gain.

Whether stored on local workstations or in the cloud, if it's accessible on end users' endpoints, sensitive data is at risk of leakage through network channels and peripheral devices. DLP solutions dramatically reduce the likelihood of this happening — intentionally or accidentally. For organizations with high-value data accessible on corporate endpoints, failure to proactively protect against data leaks can easily result in severe financial and reputational harm.

**2\. You protect data in highly regulated industries.**

Do you (or your client organizations) work with personally identifiable information (PII), patient health information (PHI), cardholder data, or any other form of especially sensitive and regulated data? If so, you have a critical need for higher levels of data protection than simple backup can provide.

Most of these regulations — such as the GDPR, HIPAA, and PCI-DSS — stipulate severe fines for compromising events that lead to leakage of sensitive data. They also require the timely reporting of such events. DLP solutions help on both fronts: preventing leaks from occurring in the first place while also enabling a holistic view of data flows within the organization and supporting forensic investigations in case of an incident.

**3\. You (or your clients) are particularly prone to attacks and data leak risks.**

Historically, industries that store particularly valuable data and those known to rely on vulnerable tool sets are prime targets for focused cyberattacks — especially for industries that must make some of their data sets publicly accessible to some extent. Education, healthcare, and government agencies are just a few such examples, and cyberattacks against all of these have generated plenty of headlines in the past year, showcasing the higher risks these organizations face.

Behavior-based DLP technologies can help you to secure sensitive data in an intelligent way, ensuring that it remains protected and any attempt to transfer it to unauthorized parties is blocked. Cybercriminals are constantly evolving their tactics, so make sure that you meet them head-on with cutting-edge technologies.

**4\. You need to support remote work or BYOD policies.**

Whether hybrid or fully remote, a decentralized approach to the office has become commonplace. In many industries, it's even expected.

But while employees may be happier to work from home, this model is not without security risks. Working outside of a traditional office environment opens up the risk of man-in-the-middle (MitM) attacks, where threat actors intercept communications between the device and corporate network. Without the right software in place, keeping track of data flows across a distributed environment is particularly difficult.

Remote work and a BYOD approach to corporate data access has also increased the threat posed by phishing campaigns. Attackers continue to target unsuspecting employees with password-stealing websites and malware, taking advantage of unsecured devices and the tool sets that end users must navigate to perform their job from home. While training employees to recognize suspicious communications remains important, human error is inevitable — and adopting DLP solutions will dramatically limit the damage from such incidents.

**5\. You've invested in cyber insurance (or are considering it).**

Cyber insurance is a smart investment for nearly any modern organization, one intended to cover your damages in the event of a cybersecurity failure. The cost is variable and depends on factors including your revenue, industry, data sensitivity — and yes, the security measures you've put in place to reduce the likelihood of a breach.

Just as a safe driving record or the installation of anti-theft devices can help to reduce auto insurance premiums, so, too, can a proactive approach to data loss prevention be used to lower cyber-insurance payments. Depending on your specific situation and insurer, it may even be necessary to meet basic data safety requirements and keep your DLP policies aligned with business specifics.

**Smarter Data Protection Through DLP**

Whether lost accidentally or due to nefarious activity, data exfiltration can lead to irreparable financial harm through severe regulatory fines, the loss of trade secrets and a general undermining of customer confidence.

For larger businesses with an existing security team — especially one that has relevant experience in this space — adopting on-premises enterprise DLP software will bring powerful benefits. Those companies that currently lack this expertise may find it more economical to work with an MSP, as establishing your own DLP initiative from the ground up (including training and configuration) can be complex and costly otherwise.

For MSPs themselves, behavior-based DLP solutions empower you to prevent data leakage from client workloads via both network communications and peripheral devices — with unmatched simplicity of provisioning, configuration, and management. Continuous monitoring of data flows and automated policy creation and extension ensure holistic protection of sensitive information with minimal manual involvement and make it significantly easier to maintain regulatory compliance, and can even support lowered cyber-insurance premiums.

**About the Author**

    

Iliyan Gerov is a Senior Product Marketing Specialist at Acronis.

5 Signs That It's Time to Invest in Data Loss Prevention

Included at no added cost, BeachheadSecure now provides accountwide management of Microsoft Defender AV, Firewall, and Controlled Folders for the most complete PC and device security available.

**SAN JOSE, Calif., Oct. 12, 2022 —** Beachhead Solutions, provider of cloud-managed PC & mobile device encryption, security, and data access control, today announced that the BeachheadSecure® platform now includes account-wide Windows Security management at no additional cost. With this launch, BeachheadSecure directly manages and leverages Microsoft Defender Antivirus, Microsoft Defender Firewall, and Microsoft Controlled Folder Access — in tandem with BeachheadSecure’s own RiskResponder capabilities — to automate access controls and secure devices and data before threats can strike.

“Businesses with Windows devices require vigilant and comprehensive security capabilities that they can flexibly command and customize,” said Cam Roberson, VP Sales & Channel Development, Beachhead Solutions. “BeachheadSecure is built to match the layered and holistic security strategy that today’s organizations must have to stay ahead of ever-evolving security threats and ensure ongoing compliance. Adding account-wide Windows Security management to BeachheadSecure offers organizations a powerfully straightforward solution for optimizing layered Windows Security tooling, and orchestrating effective threat mitigation responses all from a single console.”

The BeachheadSecure platform enables businesses to manage and enforce a layered approach to encryption, with absolute control over data access across all company PCs, smartphones, tablets, servers, and USB storage devices. With BeachheadSecure, organizations have the ability to remotely remove access to data on compromised devices, or to remotely destroy that data whenever necessary. BeachheadSecure’s unique RiskResponder tools empower companies to flexibly prepare automated responses to given risks, from invalid login attempts to devices traveling outside of authorized geolocations. RiskResponder works seamlessly with Microsoft security tools, measures threats 24/7/365, and takes automatic action when risks exceed company acceptable thresholds.

By now adding account-wide Windows Security management, organizations can easily, quickly, and remotely manage Windows Security across all of their devices from BeachheadSecure’s single-pane-of-glass console. IT admin and security teams can automate and schedule Microsoft Defender scans, harnessing one of the best antivirus software solutions for detecting, blocking, and neutralizing malware while minimizing ransomware risk. Microsoft Defender Firewall similarly enables critical security policy enforcement and account-wide consistency. Controlled Folder Access allows organizations to protect valuable data from threats, delivering additional safeguards against malware, ransomware, and other nefarious attacks.

Coupling these Windows Security capabilities with RiskResponder offers unprecedented reporting and customizable security response options beyond those offered by Microsoft alone. BeachheadSecure additionally protects against nefarious insider risk, compliance violations, credential compromise, and poor user security hygiene. In response to any detected risks to an organization’s data, BeachheadSecure generates informative logs, alerts, and audit-quality reports to track all Windows Security threat-mitigation efforts.

“Keeping IT security operations straightforward goes a long way toward ensuring that protective measures are properly deployed, always-on, and effective,” said David Weisong, the CIO of Energy Solutions, an energy efficiency and carbon mitigation consulting firm that uses the BeachheadSecure platform. “We're looking forward to deploying BeachheadSecure's new Windows Security management capabilities as part of our always-evolving security posture.”

“Businesses are increasingly realizing that while encryption is an absolute necessity, it alone isn’t enough to protect their Windows environments,” said Roberson. “Many are also seeking out powerful tooling that can enable them to meet compliance with NIST and other increasingly-strict regulatory frameworks. With this particularly adventurous addition to the platform, BeachheadSecure now checks even more of the boxes that so many businesses are looking at right now.”

**About Beachhead Solutions**

Beachhead Solutions provides complete encryption, enforceable security policy management, and remote data access control across customers’ fleet of PCs, Macs, USB storage devices, smartphones, tablets, and servers. From a unified cloud-based console, BeachheadSecure ensures organizations have the device visibility and control required to keep data secure and continually achieve compliance mandates. Beachhead’s innovative all-in-one tools, like RiskResponder, offer automatic, customizable, and predetermined actions to environmental and behavioral risks.

Beachhead Solutions Adds Windows Security Management to the BeachheadSecure® Platform

Research from Netacea reveals that as of September 2022, there are over 1,600 professional refund service adverts on hacker forums.

Cybercrime’s continued shift to a service-driven economy has enabled several new professionalized hacking services with Refund Fraud-as-a-Service being one of the latest to rise in popularity over the last few years. This is according to Netacea’s latest threat report, which researched rising trends across a multitude of hacking forums.

Refund fraud is the abuse of refund policies for financial gain and costs e-commerce businesses more than $25 billion every year. Those interested in committing refund fraud can outsource the process to professional social engineers offering Refund-as-a-Service. This poses a significant challenge to retailers, as previously legitimate customers can enlist highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity. As online shopping continues its upward trend, professional fraudsters will look to cash in on the opportunity.

Netacea’s research also found:

*   Over 540 new refund fraud service adverts were identified in the first three quarters of 2022
*   Refund fraud services increased by almost 150% from 2019 – 2021

Netacea’s report explores the current structure of the underground Refund-as-a-Service market, the changing tactics and methods used by adversarial groups to perform refund fraud, and how threat intelligence and fraud teams can work collaboratively to effectively combat it.

“As shown in the rise of ransomware-as-a-service attacks, cybercriminals have shifted to a service-based economy — and refund fraud is no exception” said Cyril Noel-Tagoe, Principal Security Researcher, Netacea. “As we approach Black Friday and the holiday season, e-commerce stores should take the necessary steps to reduce their risk of refund fraud, including educating employees on the methods and tactics fraudsters take.”

Additional steps include:

1.  Delivery carriers should replace or complement signatures with one-time passwords to prevent refund fraudsters from claiming that packages did not arrive.
2.  E-commerce stores and delivery carriers should work together to look for patterns in their data sets that may indicate fraudulent activity.
3.  Reputation is power in the underground market. In the instance that an e-commerce store identifies the claim to be fraudulent after a refund payment has been made, the store should rebill the customer’s account. An influx of rebill complaints from customers may cause the refund fraud service to drop the retailer from their store list, to avoid negative reviews.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Refund Fraud-as-a-Service Ads on Hacker Forums Increase by 60%

Security AI-driven Attack Signal Intelligence automates cyber threat detection, triage, and prioritization across public cloud, SaaS, identity and networks.

**SAN JOSE, Calif., Oct. 12, 2022 /PRNewswire/** — Vectra AI, the leader in Security AI-driven hybrid cloud threat detection and response, today announced Attack Signal Intelligence — groundbreaking technology that automates threat detection, triage and prioritization for SOC teams.

As organizations face ever-growing unknown cyber threats targeting on-premises and cloud infrastructure, SaaS applications, and data and identity systems, SOC teams are challenged to keep pace. More attack surface to cover combined with more modern, evasive and sophisticated attackers has resulted in more manual time spent maintaining detection rules, triaging alerts and figuring out what alerts to prioritize — resulting in analyst fatigue and burnout. Vectra's Security AI-driven Attack Signal Intelligence frees security analysts of these everyday manual and mundane tasks and arms them to do what they do best — investigate and respond to real attacks. Core to the Vectra platform, Vectra MDR services and the expanding Vectra ecosystem, Attack Signal Intelligence empowers security analysts to:

*   **Think like an attacker** with AI-driven Detections that go beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the cyber kill chain.
*   **Know what is malicious** by analyzing detection patterns unique to an organization's environment to surface relevant events and reduce noise.
*   **Focus on the urgent** with AI-driven Prioritization that provides a view of threats by severity and impact, enabling analysts to focus on responding to critical threats and lowering business risk.

Today's security teams are challenged with defending an ever-expanding attack surface and more evasive attacker methods while contending with overwhelming alert noise. These challenges all contribute to a threat actors' increasing ability to beat prevention tools, circumvent signatures and detection rules and bypass multifactor authentication to infiltrate and progress laterally inside an organization while going unnoticed. According to Vectra's Global Research Study, 72% of security practitioners believe that they have been breached but don't know it.

"The unknown compromise is the single biggest security risk organizations face today. Far more complex environments with greater attack surface exposure, more evasive attacker methods and overwhelming noise are all leading to unknowns for security teams," said Kevin Kennedy, SVP of Product at Vectra. "To erase these unknowns, security teams need more reliable, accurate and timely intelligence across all attack entry points and attack surfaces. Vectra's Attack Signal Intelligence is the first technology of its kind to automate threat detection, triage and prioritization so defenders can get ahead and stay ahead of modern attacks. Threat intelligence gives security the confidence to mitigate what is known. Vectra Attack Signal intelligence gives security the confidence to mitigate what was previously unknown."

By harnessing Attack Signal Intelligence with the Vectra platform, Vectra MDR services and the Vectra ecosystem, security teams detect real attacks and their progression throughout the cyber kill chain so they can rapidly investigate and stop an attack from becoming a breach. Contrast to approaches that leverage AI for anomaly detection and require human tuning and maintenance, Vectra Attack Signal Intelligence continuously and automatically monitors for attacker methods with a set of Security AI models programmed with an understanding of attacker TTPs. The results run through another layer of AI which combines an understanding of the organization's environment with threat models and human threat intelligence, to automatically surface and prioritize threats based on severity and impact. The result is that security teams are 85% more efficient in identifying actual threats and achieve >2x higher security operations productivity.

Vectra Attack Signal Intelligence is built into all Vectra Cloud, Identity and Network Threat Detection and Response products and services:

*   Vectra CDR for AWS
*   Vectra CDR for Microsoft 365
*   Vectra IDR for Microsoft Azure AD
*   Vectra NDR for on-premises and cloud networks
*   Vectra MDR for cloud, identity and network threat detection and response

**For more information on Vectra's Attack Signal Intelligence, please visit:**

Vectra Attack Signal Intelligence web page: https://www.vectra.ai/products/attack-signal-intelligence

Blog: Attack Signal Intelligence Commits to Erasing Unknown Threats in Your Organization: www.vectra.ai/blog/vectra-attack-signal-intelligence

Attack Signal Intelligence Solution Brief: www.vectra.ai/resources/attack-signal-intelligence

**About Vectra**

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. Only Vectra optimizes AI to detect attacker methods — the TTPs at the heart of all attacks — rather than simplistically alerting on "different." The resulting high-fidelity threat signal and clear context enables cybersecurity teams to rapidly respond to threats and stop attacks from becoming breaches. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure — both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization. For more information, visit vectra.ai.

**SOURCE:** Vectra

Vectra Advances Security AI to Deliver Attack Signal Intelligence™, Empowering Security Teams to Investigate and Respond to Attacks in Real Time

Protecting against data breaches requires detailed analysis of recent attacks for remediation and prevention.

Data continues to drive enterprise business needs and processes, spurring the need for a rapidly growing number of data stores in which to house it all. Data's inherent value and impact on business operations have made it a prime target for cybercriminals. This has led to a sharp rise in data breaches that have disrupted business continuity and compromised the security and compliance posture of enterprises globally. In these breaches, attackers are commonly exploiting blind spots and misconfigurations.

Protecting against data breaches requires detailed and close analysis of recent attacks for remediation steps and preventative measures. Issues common to recent cloud data breaches include:

**1\. Data Leakage Through Compliance Boundaries**

A hard lesson from the past decade is that there's no going back once data goes outside of the organizational control plane and often to public repositories. For this reason, security owners are responsible for keeping tabs on any possibility of exposure, assessing fallout when exposure occurs, and acting accordingly.

Data leakage is more common than one would think and is not limited to enterprises with smaller security budgets. For example, Nestle's sensitive data was briefly exposed to the world from its internal network before surfacing a few months later in an alleged cyberattack by Anonymous.

**2\. Publicly Exposed Buckets**

Data is an asset and should be protected as such, whether it be a backup, audit record, or arbitrary file. Access should be based on the principle of least privilege, and any deviation should be identified, monitored, and alerted upon.

This was not the case for some organizations using public cloud data stores such as Amazon S3 buckets and Microsoft Azure Blobs. Four airports in Colombia and Peru, for example, had an S3 bucket — containing 3TB of data on employees — that was publicly accessible and did not require authentication.  

Meanwhile, Turkish airline company Pegasus had an S3 Bucket without password protection, exposing roughly 6.5TB of data that included personally identifiable crew information, flight charts, and secrets from the airline's EFB (Electronic Flight Bag) system.

Doctors Me, an online Japanese medical consultation site, experienced something similar. The service stored patient images, uploaded by customers, in an S3 bucket without proper access authorization and authentication controls, exposing the sensitive data of nearly 12,000 people.

**3\. Database Misconfigurations**

In their most basic function, databases are protected internal components that hold various records or documents. They are typically encapsulated behind an application or a service that facilitates access to data according to predetermined business logic. As such, databases have the potential to enforce strict access controls and to limit network access, ensuring that only service accounts or authorized personnel can directly reach them.

Databases exposed to the Internet, especially with weak authentication, are low-hanging fruit for bad actors who are constantly scanning for exposed services. This was the case for a popular Iranian chat application called Raychat, where a simple bot detected a misconfigured instance of the service's MongoDB database. All the attackers had to do was clone the database's content, wipe the database, and leave behind a note asking for a hefty ransom.

**4\. Missing Encryption**

Encryption is one of the top three industry best practices for data protection, but it cannot be considered a full security suite, as data protection is built in layers. When one layer is breached, it's up to the next to hold the line. We see this reflected in risk assessments and audit submissions, where each component, especially missing fundamental layer like encryption, changes the risk score of many other components that make up the entire environment. With common issues like false reporting and missing encryption, how can security owners reliably qualify and test the entirety of their known and unknown environment with assumptions and semi-reliable information?

The Department of Education in New York City struggled with this question when an online grading and attendance system was breached. Roughly 820,000 biographic records of current and former public-school students were stored without proper encryption, allowing the adversary to easily compromise and extract those.

**How Can Organizations Avoid These Mistakes?**

1\. Take ownership of your data: 

*   Identify sensitive and "need to be protected" assets with periodic scans of your environment to discover any unknowns and surprises, such as new data stores and network policies. 
*   Classify and evaluate any solution within your stack that you own or consume. 

2\. Improve your data security posture: 

*   Assess data stores against industry best practice and compliance standards. 
*   Incorporate data security into your organizational DNA by creating dedicated owners, allocating resources for long-term projects, and establishing incident handling procedures. 

3\. Control your data: 

*   Scope and periodically approve the target audience ensuring that only they can access it via both network policies and RBAC. 
*   Implement a "second set of eyes" methodology when it comes to data replication, export, creation, or deletion. 

4\. Observe and triage anomalous activities: 

*   Monitor activities against sensitive data and configuration changes around classified data stores. 
*   Create an alerting and triage mechanism for abnormal business scenarios.

Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics?

Report also shows that cloud-based solutions minimize complexity to enable easy adoption by small to midsize businesses.

**PRAGUE, Oct. 12, 2022 /PRNewswire/** — GoodAccess, the company reinventing secure cloud access for small and midsize businesses, today announced a white paper presenting research from Enterprise Management Associates (EMA) that shows "68% of companies believe that zero trust network access (ZTNA) is an ideal solution for addressing work-from-anywhere risk."

The paper also outlines how cloud-delivered solutions mitigate complexity and enable easy adoption by any type or size of company or organization. Cloud-based Zero Trust Network Access solutions eliminate the need for hardware and cumbersome software suites to simplify set-up and ongoing maintenance, so that even small and medium businesses can readily adopt its use. According to the white paper, "Cloud-delivered ZTNA can address many of the adoption barriers that smaller companies perceive with zero trust technologies in general."

"Complexity has always been the enemy of security and the thing that keeps it from being implemented in the first place or used as directed in the second place," said Michal Čížek, chief executive officer and co-founder, GoodAccess. "GoodAccess has re-invented VPNs to be the means of providing Zero Trust Network Access to small and medium businesses by greatly reducing complexity, expense and necessary expertise. The research and white paper from EMA corroborate our strategy and underscore its necessity."

While ZTNA provides a strong solution for "network-less" organizations where all or most employees are remote and applications and resources are cloud-based, many believe the technology is still out of reach of small and medium businesses. Results from a recent EMA survey show that:

*   Thirty-two percent (32%) of IT organizations consider budget as a barrier to zero trust adoption. The subsequent white paper points out that, "A cloud-delivered ZTNA solution is typically priced for modest budgets since they require no capital outlay."
*   Thirty-one percent (31%) of IT organizations believe zero trust is too complex to implement. The white paper counters the concern, noting, "A cloud-based solution can mitigate the complexity because they require no on-premises hardware or software, aside from client agents. Also, cloud-delivered ZTNA technology is typically configured via a web-based or SaaS GUI console."
*   Thirty-one percent (31%) of the organizations believe that they lack personnel with zero trust skills. Again, the white paper answers those concerns, stating, "Cloud-delivered ZTNA offloads much of the engineering and administrative requirements to the provider."

The paper shows how new solutions solve these traditional concerns by addressing cost, complexity and having necessary technological expertise. With cloud-based solutions, capital costs shift to affordable operational costs. Even more importantly, the complexity of installing and maintaining ZTNA becomes greatly simplified, with far less need for support time and expertise.

Commented Shamus McGillicuddy, vice president of Research, EMA, "The nature of work has permanently changed over the last few years. Hybrid and full remote work has become the standard for many companies. When businesses need to protect remote access to important business assets, cloud-delivered zero trust networking and security solutions are some of the main enablers of modern data security nowadays."

GoodAccess is a cloud-based SaaS application that enables organizations to create a resilient, Zero Trust network with identity- policy- and device-assessment-based access control and safe, deterministic connections to a company's cloud-based applications and resources. GoodAccess provides physical and virtual network segmentation to reduce attack surface and resource access with protection from phishing and unwanted employee behavior. The solution enables compliance enforcement with user activity monitoring and storing logs for all the network communication and systems. A company's risk and compliance administrator gain full visibility into who accesses your systems and when. Virtual access cards assign every user a private account and network identity.

Read a copy of the EMA white paper  
See the key principles of Zero Trust Network Access  
Start a free trial of GoodAccess  
Request a free consultation

**About EMA**

Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help EMA's clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at www.enterprisemanagement.com. You can also follow EMA on Twitter or LinkedIn.

**About GoodAccess**

GoodAccess is the global company dedicated to simplifying "anytime, anywhere" secure connectivity and access for small and medium businesses around the world, beginning with its free GoodAccess Starter product for unlimited usage for up to 100 employees. For companies with more than 100 employees and with the need for static IP addresses, Zero Trust access and other requirements, GoodAccess provides a competitively priced platform that maintains simplicity and ease of use. GoodAccess products are designed for set-up within 10 minutes and the flexibility to meet varying conditions.

For more information: www.goodaccess.com

**SOURCE:** GoodAccess

2 Out of 3 Companies See Zero Trust Network Access as Key to Mitigate Work-From-Anywhere Risks, According to New EMA Report

InterVision releases a new website focused on the customer experience, making B2B cybersecurity purchasing decisions easier.

**SAN JOSE, Calif. and ST. LOUIS, Oct. 12, 2022 /PRNewswire/** — InterVision, a leading information technology (IT) strategic service provider, announced today a corporate rebrand along with key findings from its Pulse study. Study results revealed that nearly half of all business leaders identify ransomware as the top threat to business operations. These announcements highlight the importance of doubling down on strategic cybersecurity measures.

The study ("Solving for Ransomware Threats: Insights Into Current Leadership Actions") shares insights from 100 IT leaders on ransomware's impact on business security. Surveyed IT leaders reported ransomware as one of the biggest threats to tech-related business in North America, with 45% citing ransomware as their top concern overall. The study also found that most organizations focus on ransomware attack recovery (46%) as opposed to prevention (21%). As a result, many IT systems cannot detect threats before they become critical to the organization. But when presented with the idea of Ransomware Protection as a Service (RPaaS), 90% of respondents were interested in the comprehensive strategy.

"With so many high-profile ransomware attacks over the past couple of years, organizations are starting to understand the urgency of implementing a ransomware protection strategy," said Allen Jenkins, CISO and VP of Cybersecurity Consulting at InterVision. "Respondents overwhelmingly identified the need to improve IT processes and technology. Creating the right bundle with Ransomware Protection as a Service (RPaaS) ensures multiple layers of protection and is a powerful step in the process of ransomware prevention."

InterVision's rebrand puts customer experience at the center of its website, making B2B cybersecurity purchasing decisions easier.

"Commitment to the customer experience has always set InterVision apart. Our suite of business continuity and disaster recovery services is best-in-class, and we prioritize customer service through 24/7 response offerings. Now, with an updated website, the customer experience is front and center from the beginning to the end of their engagement with InterVision," said Kathleen Amro, Vice President of Marketing at InterVision.

InterVision's refreshed website and brand also reflects the quality of the company's offerings — including RPaaS, which 90% of Pulse survey respondents reported interest in.

"With organizations facing the challenge of an ever-evolving threat landscape and global security talent shortage, InterVision's RPaaS will not only provide their customers with world-class protection but also the peace of mind that comes along with it," said Will Briggs, senior vice president of global channels, Arctic Wolf. "InterVision and Arctic Wolf both share a commitment to delivering positive security outcomes, and we are proud of how our security operations solutions play a key role in protecting and delighting our shared customers."

To view the full study, visit https://intervision.com/blog-solving-for-ransomware-threats/. For more information about InterVision offerings or to navigate the refreshed website, visit https://intervision.com/.

**About InterVision Systems  
**InterVision is the leading strategic services provider, delivering and supporting complex IT solutions for mid-to-enterprise and public sector organizations throughout the US. With more than 25 years of experience, coupled with one of the most comprehensive product portfolios of managed IT service offerings available, the company is uniquely positioned to guide clients through any stage of their technology journeys. InterVision drives business outcomes with an unparalleled focus on the customer experience to help organizations be more competitive, compliant, and secure. The company has headquarters in San Jose, CA, St. Louis, MO, and Richmond, Va. To learn more, visit www.intervision.com.

**SOURCE:** InterVision

Source

DARKReading