As a Cube insider, you'll get access to interesting new trends, what we think about them and how you can benefit.
New Trend: The New Era of Cyber Attacks
The speed in which companies had to adjust and transition to a digital business environment in the last few years has given rise in managing new challenges to protect sensitive business information. With more remote workers, businesses have seen increased threats such as phishing attempts and opportunities for cyber-attacks.
The surge in digital services and experiences has created a drive for cloud services. “By 2025, Gartner predicts more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021.” The need to properly secure an increasingly distributed workforce that is leveraging cloud applications has demanded more attention from IT and cybersecurity business executives on the possibility of cyber threats.
Charles Carmakal, Senior Vice President and Chief Technology Officer at Mandiant, a cybersecurity firm, recently said on the From Florida podcast, “Ransomware and multifaceted extortion, it is the No. 1 cybersecurity threat out there. It's something that impacts all organizations, irrespective of their size, irrespective of their sector. The reason for that is because within a very short operation, criminals can make a lot of money. Gone are the days where criminals break into companies, and they just steal credit card data. Nowadays, most criminals choose to monetize their intrusions by disrupting business operations, by threatening to publish sensitive data that was stolen and extort the organizations that these operations are conducted against.”
New Insight: Cyber Security Acquisitions by Cloud Providers
In the last year, Amazon Web Services (AWS), Microsoft Azure and Google Cloud have all made cyber security acquisitions. Here is a look at several notable acquisitions:
Mandiant, who announced in early March that it had entered into a definitive agreement to be acquired by Google in a transaction valued at about $5.4 billion. Mandiant provides threat intelligence services, and its more than 600 consultants respond to thousands of security breaches each year. It leverages research from more than 300 intelligence analysts to help organizations defend against threats.
CloudKnox Security, provider of cloud infrastructure entitlement management (CIEM) technology and RiskIQ, provider of global threat intelligence and attack surface management, were both acquired by Microsoft in 2021 to strengthen the security of its cloud service.
AWS acquired Wickr, provides secure, end-to-end encrypted, communication technology.
With the ongoing growth of the cloud and continued threat of cyber-attacks we will certainly continue to see more acquisitions to ensure companies' environments are increasingly secure.
New Action: Protect your Organization from Cyber-Attacks
More and more organizations are taking steps to protect themselves from cyber-attacks. Research from McAfee discovered that 81% of global organizations experienced increased cyber threats and 79% experienced downtime in the wake of previous cyberattacks. Even small and medium sized organizations are realizing they need to protect their businesses from attacks. They often have fewer resources committed to cybersecurity, making them more vulnerable and therefore even more appealing to those initiating cyber-attacks. In a recent Fast Company article, they detail four steps to help small to medium sized businesses improve their cybersecurity position:
“Obtain 24/7 Cybersecurity Monitoring: There are a growing number of managed detection and response (MDR) service providers that can help organizations watch for any incoming threats and then take action. MDR’s have teams of security analysts and researchers who will monitor networks, devices and respond as necessary.
Enable Multi-Factor Authentication (MFA): This is one of the most important security features that can be used to protect a company. MFA provides an extra layer of security and makes stolen passwords useless by requiring a second factor, such as a security token to provide access to email or business applications.
Put an Incident Response Retainer in Place: It’s important to have a plan in place that will guide the organization through response and mitigate any damage. The plan should outline the procedures the company will follow in case of a successful attack, as well as the roles and responsibilities of the employees who will complete the tasks.
Put a Vulnerability Management Program in Place: Many security incidents occur when hackers take advantage of software flaws, known as vulnerabilities. Vulnerability management is the process of prioritizing and applying updates to patch these issues. Putting in place a vulnerability management program can help discover and prioritize vulnerabilities for organizations.”
When asked what companies should to do protect their operations from a cyberattack, Charles Carmakal said on the From Florida podcast, “Number one, it's always good to get the good folks out there to do ethical hacking and what's known as red teaming, which is basically you pay the good folks to do an authorized test to try to hack into the company. The idea is to try to figure out, are there vulnerabilities that exist that could be exploited that allow the testers to get in? Because if it allows the testers to get in, it's probably going to allow the bad actors to get in. So, let's try to do that, so that you're doing it in a controlled way. You can identify things that need to be fixed and you can fix them in a short period of time. That's incredibly important.”
With the recent activities happening around the world – there is an urgency for organizations to prepare security plans and respond to threats. Companies must take preventative approaches and apply security measures for employees, networks, applications, and devices to increase protection and minimize potential attacks. If you’re looking for how to protect your organization, N³ Innovation can help you! Contact us today!
Want to get the Cube sent directly to your inbox? Sign up HERE
N³ Innovation does not endorse the organizations or products mentioned in this newsletter. If you are interested to learn more, contact us today for a full landscape and targeted solutions.