Why AI-Driven Tools Will Fail Cyber Defenders

Posted on
AI cybersecurity, AI-driven cybersecurity, AI-powered tools, SOAR, UEBA, XDR, ChatGPT, ChatGPT and cybersecurity
AI cybersecurity, AI-driven cybersecurity, AI-powered tools, SOAR, UEBA, XDR, ChatGPT, ChatGPT and cybersecurity

Every few decades, the world goes through an “AI spring,” and we are in the middle of one right now. With accelerating progress in AI research and the arrival of emerging capabilities exemplified by tools like ChatGPT, hopes are surging that AI applications will soon help organizations to detect threats in their IT environment, prevent data breaches, and block incoming attacks with a much higher success rate.

But nothing is ever that simple. First, AI tools are part of the future for cyber defenders and malicious actors alike. As long as that is true, human expertise will always be the deciding factor in who wins and loses. Second, with IT environments increasing in complexity, expertise is needed to determine where AI can make a real difference, and where it is more of a liability than an asset.

In a previous article, we explained how VPNs can give organizations a false sense of security – not because they are not useful, but because their role in a larger perimeter security strategy is misunderstood. In this article, we will explain why the same is true for nearly any tool or set of tools, however “smart” they may be. But first let us set the scene.

Why AI-Driven Security is Desirable

In today’s cyber landscape, the allure of AI-powered tools is not hard to understand. In Q1 of 2023, cyberattacks rose by 7% over Q1 2022, with organizations facing an average of 2,057 attacks per week. At the same time, organizations are struggling to find help: today, the global cybersecurity workforce gap stands at 3.4 million, with nearly 700,000 unfilled cyber positions in the U.S. alone.

Worst of all, global cyber actors – who are always opportunistic in their pursuit of new vulnerabilities and attack vectors – are already leveraging AI for social engineering and targeted attacks. According to a study by the Cloud Security Alliance, free tools like ChatGPT can be used to find attack points, gain unauthorized access to target networks, conduct reconnaissance and develop malicious code. That does not even count specialized AI-powered toolkits passing around on the Dark Web.

AI-Driven Cybersecurity is Already Here

Clearly, organizations need all the help they can get. But none of these issues are entirely new, and AI-powered solutions are already being employed across many organizations to address them. These include:

  • Security Orchestration, Automation and Response (SOAR) –  SOAR platforms bring together data about security threats from multiple systems, offering automation for repetitive security operations center (SOC) processes, including vulnerability scanning, auditing and log analysis. SOAR platforms increasingly offer AI features to analyze information, prioritize threats, and suggest – or even execute – remedial actions.
  • User and Entity Behavior Analytics (UEBA) – UEBA tools focus on user and entity behavior, using algorithms to establish a baseline for normal activities and identify anomalous ones. Like SOAR, UEBA is often augmented with AI to generate better risk scores and flag potential threats more reliably.
  • Extended Detection and Response (XDR) – as an evolution of endpoint detection and response (EDR) systems, XDR brings threat detection and response functions to systems throughout your organization, providing a clearer picture of your IT environment and developing attacks. Like SOAR and UEBA, XDR tools are increasingly integrating AI-driven functionality.

But despite widespread deployment of SOAR, UEBA, XDR and other emerging cybersecurity products, cyber incidents have not decreased, and the need for human talent has not diminished. This picture is unlikely to change any time soon for many reasons. Here are just a few:

1. Much Assembly Required 

It is often taken for granted that AI will reduce the need for reliance on human talent – but the contrary is just as likely. The more tools organizations introduce, the more talent is needed to configure them safely, monitor their performance, and delineate their role in the midst of changing trends and priorities.

Cyber defenders already rely on a plethora of tools – but just as often as they solve problems, they cause more when they are deployed improperly. This is true in the context of cloud, endpoint detection, VPNs, IoT, and more. There is every reason to believe the same will be true for AI-driven tools, however smart they may be. At a minimum, the wrong rules will lead to overfitting (too many false flags) or underfitting (too many threats ignored).

2. AI Has Limitations 

Recent progress in AI has given many the impression that there’s no upper limit on what AI applications can achieve. But until the arrival of artificial general intelligence (AGI) (at which point organizations will have bigger problems on their hand than cyber actors) AI solutions are necessarily narrow in scope, which limits their effectiveness against human targets.

For now, any AI-driven solution can only integrate with software if the proper APIs are in place. It can only detect and respond to threats it has been trained to anticipate. It can only navigate within a realm of generally defined problems and responses.

With cyber actors innovating new attack strategies around the clock and adopting AI as rapidly as cyber defenders, the measure of a cybersecurity program will never be technology alone: it will be creativity, expertise, and an understanding of factors ranging from organization-specific issues to the way hackers think.

3. Cybersecurity is a Human Issue 

While cyber actors often aim at system intrusion and penetration of network defenses, digital exploits are nearly always downstream from human exploits. According to Deloitte, more than 90% of attacks begin with a phishing email. This is just one of many ways that malicious actors manipulate and deceive your employees into providing them with a foothold – whether that takes the form of credentials, malicious downloads, or sensitive data.

Even now, AI’s role as a hacking tool is primarily confined to the creation of personalized phishing campaigns and social media messages. While AI can potentially help organizations to identify and flag malicious messages, it will not replace cyber training and awareness to help your employees avoid the mistakes that imperil your sensitive data and assets.

Beware of False Promises

As with every new trend, vendors have been quick to jump on the AI bandwagon, offering AI features and promising the moon with it. Often, they exploit the ambiguity of the term “AI”, with products that do not leverage ML models, or any other breakthrough technologies associated with the current AI spring.

But even when they do, organizations must be wary of believing these tools provide a level of unsupervised protection beyond what their existing toolsets provide. They must resist complacency and situate any new acquisitions within a larger strategy guided by human expertise, and an awareness of their unique needs.

Securicon provides tailored cybersecurity assessments with planning and implementation for secure AI-driven capabilities. We are comprised of veterans from the U.S. security community, including DoD, DHS and the U.S. Cyber Command. In addition to providing gap analysis, compliance consulting, assessment support and more, we have the expertise to evaluate emerging cybersecurity solutions and apply them within your IT environment. To learn how we can help you, contact us today.

 

A False Sense of Security: Why VPNs Are Not a Silver Bullet

Posted on
virtual private network security, VPN safety, VPN risks, cybersecurity strategies, VPN breaches, VPN security measures
virtual private network security, VPN safety, VPN risks, cybersecurity strategies, VPN breaches, VPN security measures

In a world of hybrid organizations and a rising number of remote employees, virtual private networks (VPNs) are rapidly growing as a solution for secure access between enterprise networks and external endpoints. In 2022, the global VPN market was valued at $44.6 billion, with experts projecting a $93.1 billion increase by 2030.

But while VPNs play an important role in today’s enterprise security stack, the growth in adoption may represent overconfidence in a technology with distinct risks and limitations. Misconceptions surrounding VPNs abound and with VPN-directed attacks on the rise, those who depend on them as a silver bullet for cybersecurity are in for a rude awakening.

VPN Breaches

In June, cybersecurity researchers reported that 360 million user data records were leaked in a breach affecting SuperVPN, a free VPN service operating in China.

While users of the application had expected it to protect their personal data and identities, instead it exposed both of them – including email addresses, location and online activities – to the open Web.

This story would be less concerning if security flaws were limited to free and consumer-facing VPN services. Unfortunately, they are not – they affect VPN products used by major companies, including federal agencies, local governments, and critical infrastructure operators.

To protect themselves from these risks, organizations must understand the limited role that VPNs play in a comprehensive cybersecurity strategy, the risks they can introduce to an IT ecosystem, and best practices for utilizing them effectively.

What VPNs Really Do

According to a study from the University of Maryland, VPN ads directed at consumers through social media include “overpromises and exaggerations that could negatively influence viewers’ mental models of internet safety”. But overpromising and exaggerations only work because viewers don’t know what a VPN really does.

In an enterprise configuration, a VPN creates an encrypted connection between a VPN client installed on a device outside your organization, and a VPN server hosted on-site or at an off-site data center. Once there, traffic is directed either to the open Web, to cloud services, or to internal resources.

When a VPN works properly, the encrypted connection between client and server forms a secure “tunnel” that provides protection against snooping from attackers: it masks the identity of remote endpoints connecting to your organization, their external destinations, and any data sent between them.

What VPNs Don’t Do

Unfortunately, VPNs do not always work properly. And even when they do, there are many risks they don’t protect against. For instance:

  • VPNs do not protect software as a service (SaaS) apps which reside outside your organization. While employees can use your VPN to connect with them, they will often choose not to since VPNs can be slow and cumbersome. This compounds the growing risk of Shadow IT that organizations already suffer from, with data scattered across unmanaged and poorly protected external services.
  • While a VPN can prevent attackers from intercepting or decrypting traffic as it travels through the VPN tunnel, it does not protect data at ingress or egress. If attackers have already compromised devices inside or outside your network – which they can do through malware, phishing or social engineering attacks – they can still spy on data sent both ways.
  • VPNs do not always prevent devices from broadcasting their real IP addresses or the destination of their traffic. Weaknesses in the VPN client – or non-VPN software – can tip watchful adversaries off to the identity of protected endpoints.

VPN-Associated Risks

Aside from the fact that VPNs do not protect against all cyber risks, they often introduce new ones, including:

  • Keys to the Kingdom – enterprise VPNs are typically deployed without layered controls, network segmentation or principles of least access to ensure that users are limited to certain resources. In this case, all a cyber actor needs is one set of VPN credentials or one trusted device to access everything on your network, making VPN-connected devices a valuable target.
  • Expanded Attack Surface – according to a report by Cybersecurity Insiders and Zscaler, 61% of organizations have three or more VPN gateways – with public IP addresses – and many have more than five. Together with the countless devices connected to your company via those gateways, this represents a significant increase in the attack surface for cyber actors.
  • Vulnerabilities – vulnerabilities affecting VPN servers or clients are often discovered, requiring patches to prevent exploitation. In 2020, one vulnerability affecting the SonicWall VPN rendered nearly 800,000 devices vulnerable to denial of service attacks and remote code execution exploits.
  • Weak Encryption – while decrypting traffic between a VPN client and server is usually an unrealistic attack vector, servers will sometimes default to weaker encryption standards in an effort to communicate with obsolete clients. In this case, interception and decryption of traffic is a genuine risk.

Best Practices for Enterprise VPNs

As with enterprise cloud solutions, some of the risks associated with business VPNs are attributable to misconfiguration or poor maintenance by the customer. There are key practices to help organizations enhance VPN security and protect against attacks. In 2020, the National Security Agency (NSA) published a few:

  1. Reduce VPN gateway attack surfaces – this means minimizing the number of VPN gateways, and also implementing traffic rules to “limit the ports, protocols and IP addresses of network traffic to VPN devices.” In general, arbitrary devices should not be able to connect with a VPN gateway.
  2. Verify that cryptographic algorithms are CNSSP 15-compliant – the Committee on National Security Systems Policy (CNSSP) 15 specifies safe encryption standards. At a minimum, the NSA recommends VPN configurations that include the Internet Security Association and Key Management Internet Key Exchange (IKE) policy and the IPsec policy.
  3. Avoid using default VPN settings – sticking with default VPN settings may enable weaker cryptographic standards. As a best practice, the NSA recommends that all settings for VPNs are manually configured.
  4. Apply vendor-provided updates/patches – as with any business-critical software, organizations should apply patches to their server-side software and devices as soon as they are issued, and enforce patches to VPN clients.

But while these recommendations will make your enterprise VPN configurations safer, they will not protect against complacency in other domains, such as a lack of multifactor authentication (MFA) or regular password updates – an absence of network segmentation or zero trust policies for internal resources – or a lack of cyber training to prevent phishing/social engineering attacks or improper handling of trusted devices.

Secure VPNs Are Downstream from Secure Organizations

While many businesses are planning to move away from VPNs to alternative solutions for remote access (such as SASE and ZTN), realistically they will still have a place in hybrid work environments for many years to come. This won’t be a problem for organizations who understand that VPNs play a small part in a larger cybersecurity strategy, and work with the right partners to eliminate security gaps that affect VPN safety.

With a team comprised of veterans from the U.S security community – including DoD, DHS and the U.S Cyber Command – Securicon is equipped protect remote access solutions (including VPNs) and harden your security position with gap analysis, compliance consulting, assessment support, audit preparation and more. To learn how we can help you, contact us today.

Why Hackers Aren’t the Biggest Threat to Your Cloud Configuration

Posted on
cloud breaches, cloud security incidents, misconfigurations in cloud, cloud risk assessment, cyber training in cloud environments, risk assessment for cloud security
cloud breaches, cloud security incidents, misconfigurations in cloud, cloud risk assessment, cyber training in cloud environments, risk assessment for cloud security

Private businesses and government contractors alike are increasingly relying on public cloud services to drive their core business functions – according to Gartner, global cloud spending will increase by over 20% to almost $500 billion. But the speed of cloud adoption often leaves cybersecurity by the wayside, leaving companies open to major risks.

In 2020, cloud represented the third most targeted cyber environment. That trend has continued, with 45% of organizations reporting a cloud-based data breach within the last 12 months according to Thales Group. But cloud infrastructure is increasingly secure, and vanishingly few cloud security incidents can be laid at the feet of cloud service providers (CSPs) – so why do these breaches occur?

In this article, we will answer that question, explaining the risk factors for cloud breaches, and how organizations can prevent them with better risk assessment, cyber training and security planning.

The Rise of Cloud Security Incidents

The number of companies experiencing cloud-based data breaches is climbing – the 45% of businesses who reported a cloud-based breach in the past 12 months is up 5% from 2021. But while cloud breaches can take many forms, they also share many commonalities.

In 2019, Facebook (now Meta) was involved in a data breach that affected hundreds of millions of users – while the issue was quickly resolved, it was a PR disaster for one of the largest social platforms on Earth. Two years later – in 2021 – software company Cognyte had more than 5 billion sensitive records exposed on the Internet, including names, passwords and email addresses. 

The same year Cognyte was attacked, professional services company Accenture was targeted in a cyberattack by the LockBit group – over 6 TB of data was stolen, with ransomware actors demanding a $50 million payment. Because the company did not pay in time, it lost proprietary information.

What do all these incident share in common? They are all cloud breaches that occurred within the past year, and all of them were caused by misconfigurations: Cognyte left a database unsecured – meanwhile, both Facebook and Accenture left an AWS bucket open to the public. These are all typical examples of the way cloud incidents occur today.

Understanding the Shared Responsibility Model

When an organization stores data and applications on the cloud, it is leasing computing power, storage and networking infrastructure from a CSP, and working within a virtualized environment. While the CSP is generally responsible for the security of its infrastructure, the customer is generally responsible for the security of their assets residing in their virtual environment – this is called the “shared responsibility” model.

Today, most CSPs are heavily protected with multiple, redundant layers of security, including encryption at rest and in transit, firewalls, DDoS protection and more. Accordingly – while breaches on the infrastructure side do happen – they are rare. According to IBM, two-thirds of cloud breaches are caused by exposed Application Programming Interfaces (APIs), and – by 2025 – Gartner predicts that 99% of cloud breaches will be the customer’s fault.

For this reason, organizations can mostly trust the security of CSPs: what they need to be wary of is security vulnerabilities in their virtual environment, arising from user error and poor design.

Cloud Breaches: Top Five Causes

There is more than one way that an organization can leave their cloud platform compromised or exposed. Here are five of the most common:

1. Misconfigured APIs

APIs are provided by CSPs for the purpose of automation and easy access. Unfortunately, organizations often leave their APIs unprotected or poorly protected by mistake, allowing them to be freely accessed by malicious actors. 

2. Poorly Protected Credentials

Unless an organization is using multi-factor authentication (MFA), nothing can stop a malicious actor from gaining access to a cloud environment if they have the right credentials. Data leaks, phishing attacks and exposed devices can compromise the credentials of privileged users, allowing attackers full access to administrative features.

3. Multi-Cloud Complexity

With the growth of multi-cloud environments that combine multiple cloud platforms together in one solution, organizations are facing increased complexity that can make it hard to stay secure. According to Check Point, 57% of organizations struggle to secure data in multi-cloud environments due to inconsistency between different vendors.

4. Vulnerable Third-Party Services

An organization that secures its cloud configuration perfectly can still be compromised if it is hosting vulnerable third-party services within its cloud environment. Like many other IT environments, cloud suffers from a software supply chain problem: organizations don’t know what dependencies exist in their products, or how they might be vulnerable.

5. Bad Virtual Machine Images

Infrastructure-as-a-Service (IaaS) companies typically provide their customers with the option of creating custom virtual machine images (VMI) to interface with their cloud environment, or use a default. Unfortunately, many default VMIs available from cloud providers come with unpatched vulnerabilities, malware or insecure firewall settings.

Impact of Poor Cloud Security

Given how much organizations depend on cloud-based services to run their business, a successful cyberattack on cloud environments can have wide-reaching impacts. These include:

    • Data Exfiltration – malicious actors can steal sensitive data including user credentials, personally identifiable information (PII) about employees or customers, intellectual property and more. Data exfiltration is also a major blow to brand equity and public trust.
    • System Takeover – when attackers infiltrate a cloud environment through compromised credentials, they can do more than steal – they can delete data and applications, change settings, and deface Web surfaces. Ultimately, an arbitrary degree of control is possible.
    • Lateral movement – once in the cloud, attackers can potentially transition to your organization’s internal network and IT systems, giving them access to local files and devices.
    • Ransomware – cloud is one of many channels ransomware actors can use to encrypt data, lock users out of a system and demand ransom payment. While ordinary ransomware attacks are bad enough, ransomware attacks that spread through the cloud have the potential to be more far reaching.

Protecting Your Cloud Environment

While cloud surfaces have become a popular target for hackers, hackers themselves are not the biggest risk to your cloud environment – the biggest risk is failing to properly secure it in easily avoidable ways. Here are a few steps to prevent that from happening:

1. Invest in Cyber Training – cyber training can help employees to set better passwords, avoid phishing scams, and understand the importance of safety in a cloud environment.

2. Choose FedRAMP Certified CSPs – CSPs authorized under the Federal Risk and Authorization Management Program (FedRAMP) are required to follow NIST 800-53 security controls to protect their customers. They are more also more likely than other CSPs to provide security features that make security breaches less likely from the customer side, such as multi-factor authentication (MFA) and warnings in the event of an exposed API.

3. Get a Risk Assessment – a comprehensive risk assessment will reveal potential vulnerabilities throughout your organization’s IT systems and may reveal organizational problems that make cloud misconfigurations more likely.

4. Implement a System Security Plan – under NIST SP 800-171, all government contractors are required to have a System Security Plan (SSP) for all systems that may handle CUI during the course of a contract – this includes cloud surfaces. Implementing an SSP will help your organization to recognize security gaps, and develop procedures around cloud development to reduce the likelihood of dangerous mistakes.

Cyber Expertise You Can Trust

Securicon helps your business to comply with Federal and regulatory requirements through program and risk assessments. With a team comprised of veterans from the U.S security community – including DoD, DHS, and the U.S Cyber Commands – we are equipped to provide organizations with gap analysis, compliance consulting, assessment support, and audit preparation. To learn more, contact us today.

In 2021, Remote Employment is Driving Cybersecurity Trends

Posted on
cybersecurity trends
cybersecurity trends

Every year, Dan Lohrmann from the Government Technology blog chooses a pithy title for the previous year in cybersecurity. For 2020, he chose ‘The Year the COVID-19 Crisis Brought a Cyber Pandemic,’ and for a summary of the past 12 months, we can’t improve on that. It is no exaggeration to say that last year was a grueling time for cyber professionals, and we expect to be dealing with the consequences into 2021 and beyond.

COVID’s Impact on Cybersecurity

In past blog posts, we have emphasized the “opportunistic” nature of malicious cyber actors who are always looking for chaos to exploit in pursuit of their goals. In many ways, 2020 is a perfect example of this mentality, ushering in an unprecedented rise of cybersecurity incidents that even the most cynical researchers could not anticipate.

Here are just a few cybersecurity statistics from last year:

In a single day, COVID-related cyberattacks grew from a few hundred cases per day to over 5,000 in March 2020 alone. But what made a biological virus such an easy disaster to exploit for digital terrorists? There are many answers, but the most important one is this: following COVID-related lockdowns, the global workforce has gone mobile, and there seems to be no going back.

According to one study, 1 in 4 Americans are expected to work remotely through 2021, and this trend will be mirrored in the federal space: after reports found no negative impact on productivity from remote employment, federal agencies are planning to expand opportunities for telework. While this may be beneficial to the workforce, there are ramifications that affect cybersecurity trends in 2021. In this article, we will outline a few of the most significant.

1. Remote Endpoint Vulnerabilities

In a recent blog post, we wrote that:

When targeting an organization, attackers seek any endpoint that may be attached to it. Those endpoints have expanded to include devices, systems and equipment across a large geographic region. Notoriously vulnerable IoT and mobile devices in employee homes provide the perfect bridge to their work computer and enforcing security measures is tough.

This problem will remain a top priority for cybersecurity professionals in 2021, and now we can be even more specific: in some cases, even technologies dedicated to protecting remote devices can be targeted in highly successful attacks.

The Trouble with VPNs

More than 400 million businesses depend on virtual private networks (VPNs) to provide an encrypted connection between remote devices and secure networks. However – as the NSA warned this past Summer – popular VPN protocols suffer from major vulnerabilities. During July, actors using stolen VPN credentials managed to take over the Twitter accounts of high-profile figures including Bill Gates, Elon Musk and many others.

In response to these security problems, some businesses are switching to Zero Trust Network Access (ZTNA) schemes which not only protect against VPN-directed attacks, but also attacks on remote desktop (RDP), email clients and other forms of endpoint communications. Nevertheless, there’s a long way to go before these legacy technologies are phased out, and organizations have their work cut out for them along the way.

Increased Risk From Mobile Devices

Smartphones, tablets and other mobile devices are likely the most common examples of remote endpoints; consequently, they are also highly popular targets for attackers. Last year, we witnessed a rise in spyware targeting encrypted messaging apps, major security flaws in popular Android apps and more.

In response to these highly publicized vulnerabilities, Google has promised to double down on security – fortunately, businesses aren’t waiting for them to follow through. According to Forbes, mobile device security will be the fastest-growing category of cybersecurity between now and 2025, showing that organizations finally recognize the risks inherent to mobile devices.

2. More Phishing Attacks

Phishing has long been one of the most popular methods for targeting an organization, and the incidence of phishing attacks has only increased with the rise of remote employment. According to one report, companies experienced an average of 1,185 phishing attempts per month throughout 2020. At the same time, “spear phishing” – a highly targeted form of the phishing attack – became more prevalent with the help of automation and remains a significant risk to businesses in the public and private sector.

There are promising trends on the horizon which may diminish the impact of phishing attacks. For instance, Gartner predicts that Passwordless Authentication will be among the most influential technologies for cybersecurity over the next three years; without passwords to steal, the effectiveness of phishing attacks will decrease.

In the end, investment in cybersecurity training remains by far the most effective way to protect an organization from phishing attacks and other forms of social engineering. It is no wonder, then, that businesses are spending more on cybersecurity training than ever before, and we hope this trend continues.

3. Advanced Insider Threats

In the ever-shifting cybersecurity landscape, insider threats are one of the few never-changing constants. Whether they are involved in deliberate sabotage or innocent user error, insiders are directly or indirectly responsible for the majority of security breaches and cyber incidents occurring in the organizations they work for.

Unfortunately, the risk of insider threats has only increased as a consequence of remote employment: outside of tightly controlled facilities, it is much harder to monitor employee activity and protected assets. Accordingly, Forrester warned that “perfect conditions” for insider threats were created by COVID lockdowns.

Insider Threats as a Service

To exacerbate the issue even further, researchers warn that an increasing number of insider threats are contracted from outside: so-called “Insider-Threats-as-a-Service” may hire themselves out as corporate spies, advertising their services as a “trusted insider” on the Dark Web, or they may be planted through organized recruitment campaigns.

To protect against advanced insider threats, businesses must remain vigilant in screening candidates. Government contractors are already required to maintain an insider threat program (ITP) as defined by NIST SP 800-171, and commercial organizations may wish to follow their example.

4. Increased Dependence on Cloud

Over the past year, cloud adoption has accelerated as more businesses depend on Software-as-a-Service (SaaS) models and cloud storage to link their connected workforce while maintaining productivity levels. But while cloud technologies are more secure than they’ve ever been, cyber actors are also more talented than they have ever been, and the risk of cloud adoption is obviously not zero.

As a result, businesses are also spending more on Cloud Workload Protection Platforms (CWPPs) and Cloud Security Posture Management (CSPM), which Gartner has also named in its list of influential cybersecurity technologies. In 2021, organizations should familiarize themselves with cloud risks and best practices, alongside important regulations that affect cloud services like FedRAMP and HIPAA.

Conclusion

Thanks to the trends listed above, there is every reason to believe that 2021 will be a challenging year for cybersecurity and compliance. For businesses who want to avoid cyber incidents, data breaches and expensive fines, here are three major takeaways:

  1. Increase security for remote endpoints – in a past blog post, we shared how organizations can improve the security of remote endpoints and prevent attacks through a mobile workforce.
  2. Provide better cybersecurity training – insiders can endanger an organization, but they can also protect it. In 2021, make cybersecurity a collaborative effort by training your workforce to recognize social engineering attacks and protect your most sensitive assets.
  3. Partner with experts – remaining secure in the face of a constantly-developing threat landscape is a difficult task without outside assistance. In 2021, partner with cyber experts who can test your organization for vulnerabilities, assess compliance and assemble a cybersecurity plan tailored to your individual needs.

Securicon provides information security solutions to public and private sector organizations. Our expert cybersecurity teams help our clients manage and secure their Information Technology (IT) and Operational Technology (OT) environments by providing vulnerability and penetration testing/assessments; governance, risk and compliance services (GRC) and security architecture review and design services. To learn more, visit our contact page.