Blog

Everyone loves a good heist movie, which is why Hollywood keeps bringing out new ones. The Ocean’s Eleven series, the Italian Job, Die Hard, the Fast and the Furious series – the list goes on and on. Yet the story is largely the same – a group decides to steal the diamonds, the gold, the money, or what’s in the safe deposit boxes. They face adversity along the way yet eventually pull off the job.

In the modern era, such physically intensive heists are becoming less common. That’s because criminals can now target organizations via cyber-attacks without having to show their faces and easily cover their digital tracks to escape the consequences. While it may seem like cybercrime is only being perpetrated by the technically savvy, this is no longer true. In a study conducted in late 2022, Cybersecurity Ventures found that cybercrime is set to cost the world $8 trillion USD in 2023. For reference, if it were its own country, it’d be the third largest economy after the U.S. and China.

Another recent report from Contrast Security, Cyber Bank Heists, dove deeper into the cybersecurity threats facing the financial services sector. Some of the statistics worth noting included:

• 60% of financial institutions have been victimized by malware attacks
• 48% report an increase in wire transfer fraud
• 50% have detected campaigns to steal non-public market information

With cyber fraud, phishing, ransomware attacks, account takeovers, and business email compromises (BEC) growing steadily in recent years, these numbers are likely to continue to rise.

Furthermore, cybercriminals are taking advantage of the fact that the business systems across the banking and financial services are complex. They span on-premise, legacy systems, such as mainframes, to modern, cloud-native applications. Transactions often traverse a complex route from transactional systems to customer portals delivered from the cloud, other online systems, and back again. The range of devices and applications is vast, and this complexity increases the attack surface for financial organizations. Effective management and implementation of robust security controls to protect against damaging attacks can seem like a difficult, never-ending task.

Defending Against Cyber Heists

Identifying, managing, and securing an enterprise doesn’t have to be difficult, though. Financial services enterprises are already under watchful regulatory and compliance eyes, and most are spending significant funds on meeting these requirements. Which is why being able to leverage the same tools for compliance, management, and security should be something IT and security teams look into.

Today, many IT and security teams tend to struggle to manage and integrate a hodge-podge of disparate tools as they seek to defend infiltration attempts. With a unified security and endpoint management (USEM) solution, financial services enterprises can have real-time alerting, immediate device quarantining, patch management, vulnerability scanning and automated remediation, along with real-time reporting to prove compliance.

With USEM, everything can be managed from one console: IT managers can set automated processes that ensure critical patches are deployed in a timely manner, without having to rely on end users, that attempted breaches are caught before they can do damage, that endpoints stay secure, and much more.

Find out how Syxsense helps financial institutions identify, manage, and secure their endpoints. Schedule a demo today.

The profile of Common Vulnerabilities & Exposures (CVEs) has risen in recent years. Organizations now pay far more attention to them than they used to. Of course, there are still plenty of cases on record of companies getting hacked due to failing to patch a CVE from a year or more ago. There are endless examples of companies taking weeks and sometimes months to act once a high-priority CVE after it is issued.

Nevertheless, in the vast majority of cases, CVEs are given almost gospel-like status in organizations. Some build their security response programs largely around issued CVEs. For example, if a CVE has a rating of 7 or above in severity, companies tend to put it to the head of the queue, leaving lower priority patches to be deployed at a later date – or in many cases not at all.

There are numerous flaws in this mode of operation. Cybercriminals have grown wise to this tactic. Yes, hackers search carefully for endpoints and systems that have failed to deploy high priority patches to address CVEs – and they rub their hands in glee when they find yet another inattentive victim. But they also now mount multi-faceted attacks that take advantage of lower-priority flaws that they know are often ignored. Thus, they will launch a campaign simultaneously probing for higher priority and lower-priority CVEs that are unpatched. If only the lower ones are available, they can be used to gain a foothold into the enterprise from which they can exact further damage.

New Research Asserts Open-Source Threats Overrated

JFrog just announced another shortcoming in CVE-oriented security defense programs. Their researchers analyzed the top 10 most prevalent open-source software vulnerabilities in 2022. Their findings? The severity ratings of most CVEs for open-source systems were overrated.

Severity ratings within the National Vulnerability Database (NVD) follow this scoring rubric: Critical severity levels are graded between 9 and 10. High severity is 7 to 8.9. A Medium rating is between 4 and 6.9, and a Low rating goes up to 3.9. However, when JFrog researchers assessed the real-world impact of these vulnerabilities and applied contextual analysis to their evaluations, they found that many of the scores attributed to open-source bugs were overinflated. Since it takes roughly 246 days to remediate a security issue completely, they recommended that security teams only deploy resources on the vulnerabilities that actually matter.

According to the report, most of the open-source vulnerabilities evaluated were much harder to exploit than reported, and therefore were undeserving of a high NVD severity rating. The consequence of following the NVD system, therefore, can sometimes cause organizations to “waste valuable time and resources to mitigate a vulnerability that is extremely unlikely to have any real-world impact on their systems,” said the report.

Prioritizing Vulnerability Remediation Requires Context

At Syxsense, we found a very similar issue across our customer base. Many organizations focus on remediating and patching the most severe vulnerabilities, but often do not have the time to tackle the medium or low severity vulnerabilities. They were simply inundated with the most severe or highest profile CVE for the day. However, that did not mean that those vulnerabilities weren’t relevant. In recent years, we have seen many medium or low severity vulnerabilities being exploited to gain an initial foothold into an enterprise.

This is why we developed a risk and prioritization rating based on an organization’s attack surface with vulnerabilities and endpoint posture. The Syxscore leverages NIST and vendor severity assessments in relation to the health status of the endpoints in your environment. It’s a personalized evaluation of what devices are vulnerable and the criticality of updates to the overall protection of your network, giving you the ability to target endpoints that pose the most serious levels of risk.

While vulnerability severity scores can be helpful, it is simply another data point. What organizations really need is customized context, including the security posture of their endpoints and existing security controls that can reduce the risk of a vulnerability.

Patching is the Key to CVE Remediation Success

Beyond context, patching is a critical component to managing vulnerabilities. Oftentimes, critical vulnerabilities will have patches released quickly – sometimes the same day that the vulnerability is made public. In these cases, keeping up is the most difficult part.

That’s why automation, inventorying, and patch deployment can eliminate long delays in patching programs. If you can constantly prioritize vulnerabilities with context based on your environment, patch the most important ones quickly, and validate that those patches have been applied appropriately, you will reduce your organizational risk and attack surface.

If you want to learn more about automating your patching program, schedule a demo today.

Windows users are notorious for holding onto aging operating systems and PCs many years after their sell-by date. A couple of years back, for example, an entire publishing and events office was discovered to still be running on Windows XP. No doubt there are XP machines sitting about in unsuspected places. Yet Microsoft ended support for that OS a decade ago. Since then, no security updates have been issued for it.

The same thing now applies to Windows 7 and 8. According to StatCounter, Windows 7 accounts for 11% of global Windows users as of September of 2022. Windows 8 has almost 4% market share and XP still manages half a percent. But even though the bulk of users have transitioned to Windows 10 (68% and are being heavily encouraged to make the switch to Windows 11 (currently only accounting for 17% of Windows users), that still leaves a large number running on obsolete, unsupported, and highly insecure OSes.

Windows, after all, rules the desktop and laptop space with three quarters of all installations. Microsoft estimates that 1.5 billion devices worldwide are running on Windows 10 or above. That means several hundred million users continue to run XP, Windows 7, and Windows 8 – and some of them could be lurking within your network or somewhere along your supply chain.

It becomes an urgent priority for organizations to find these users and upgrade them fast. Otherwise, they will no longer qualify for technical assistance and will get no more software updates. Crucial security updates for Windows 7 and 8 have officially ended. Any new exploits that can attack these systems will receive no patches from Microsoft.

Microsoft is asking Windows 7 users to skip 10 and move directly to Windows 11.

“PCs have changed substantially since Windows 7 was first released 10 years ago. Today’s computers are faster, more powerful, and sleeker – plus they come with Windows 11 already installed,” said an official announcement from Microsoft.

In most cases, a PC or laptop upgrade will be required – the new OS has much higher requirements for memory and processing power.

Anyone considering hedging their bets and moving to Windows 10 should know that its support will end in the fall of 2025. Why upgrade yet again in a couple of years and open yourself to yet another round of insecure devices to fix?

Those determined to stick with Windows 7 face an uphill task. Not only is Microsoft abandoning them, so, too, is the rest of the software ecosystem. Google, for example, is about to release a new version of Chrome, which will no longer me operable on Windows 7 or 8. That means no more updates for Chrome users on Windows 7 and 8 i.e., yet another gaping security hole impacting those users.

When Windows 7 supported began to disappear a in 2020, it attracted a great many cybercriminals. They began to look for the OS, knowing that they could penetrate it due to well-known and no longer patched security holes. The FBI issued a warning to private industry to get rid of it as quickly as possible. Many have yet to heed that advice.

Steps to Take Immediately

In light of these announcements, organizations are urged to take the following steps.

1. Conduct a detailed inventory of all operating systems running throughout the enterprise using Syxsense Enterprise.

2. Note all versions of XP, Windows 7 and 8 running, as well as older no longer supported Windows 10 instances (such as versions 1803, 1809, and 1909).

3. Work out a plan on how these machines are to be a) protected right now b) moved to Windows 11, and c) replaced with more modern PCs and laptops that qualify to run Windows 11.

4. Until the migration occurs, place all Windows 7 and 8 systems behind a dedicated firewall and protect them with intrusion prevention and anti-malware tools. Also, disable remote access to those systems unless sit is behind a VPN.

5. Survey your supply chain partners and even customers that have trusted access to your network. Verify that they have no users still on obsolete Windows OSes. Demand that only those on Windows 10 and 11 will be allowed access.

6. Use Syxsense Enterprise to conduct regular vulnerability scans throughout the network, and initiate remediation steps for vulnerabilities found.

7. Set up Syxsense Enterprise to automatically prioritize, deploy patches throughout the enterprise.

Syxsense centrally manages, and fully automates all inventorying, scanning, patching, and remediation. It reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices. It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

For more information, visit: www.Syxsense.com

A recent survey by Foundry Research highlighted the fact that little has changed in the cybersecurity world of late. Organizations remain deeply worried about their inability to spot threats, respond to them in a timely manner, and train staff to avoid being tricked by scammers.

Across public and private sector organizations, the biggest issues were found to be threat response/remediation (55% among public sector and 53% among private sector respondents), improving detection of emerging threats (49% and 47%, respectively), and improving user security awareness (46% and 50%). Further issues cited included securing the supply chain (37% in the private sector compared to 28% among public sector respondents) and enabling secure Work-From-Home (WFH) or remote work (31% compared to 22%).

These findings demonstrate that the basics of security remain areas of difficulty in many government and private organizations. A big part of the issue is that these organizations are overwhelmed by the volume of data they must deal with to maintain a tight security posture. They are inundated with alerts and must trawl through massive logs across multiple applications to try to spot what is going on. Accordingly, the survey revealed that public sector organizations, in particular, struggle to leverage data to detect and prevent threats (63% compared to 49% of private sector respondents) and mitigate cybersecurity events (66% versus 56%). More than half of all agencies and organizations believe that it is challenging to harness data to inform cybersecurity decisions, detect and prevent threats, and mitigate events.

What underlies these challenges? Skills gaps (40% among both public and private sector respondents), lack of resources (31% public sector, 35% private), data integration (28% and 33%), and lack of visibility into the threat landscape (32% and 29%) were cited in the report. These issues inhibit their ability to act on data and resolve security events.

Budget, too, is a major obstacle when it comes to addressing cybersecurity priorities, according to three quarters of organizations surveyed. 48% of public sector respondents reported budgeting as an obstacle to a great extent and another 31% to some extent. In the private sector, 35% say budget impacts them to a great extent (35%) or to some extent (40%). More than one-third said their cybersecurity budgets were too low to address priorities and mandates (44% of public sector, 35% of private sector).

Getting Help with Cybersecurity

These results indicate that organizations need all the help they can get when it comes to cybersecurity. They are having trouble managing the many in-house security tools they have at their disposal, don’t have enough trained personnel to understand their risk posture and respond effectively to threats, and lack adequate budgets to resolve their ongoing security problems. The solution to these woes is to import as much help as possible via SaaS applications for cybersecurity. These can either be delivered directly from the vendor or via an MSP.

Syxsense Enterprise is a SaaS platform that automates the entire process of managing, monitoring, patching, scanning and remediating endpoints anywhere. It provides the necessary level of automation to make it feasible for IT to manage a vast number of endpoints, and soon, an even larger number of IoT devices and sensors. It automates all aspects of endpoint management and security. It is the only way to stay on top of patches, vulnerabilities, and endpoint security.

Alternatively, Syxsense Enterprise can be white labelled and offered to MSPs as a new service for their clientele. The Syxsense Managed Service provider program is designed for MSPs and MSSPs looking to provide a higher level of management services to their customers. It consolidates multiple solutions together into a single offering that includes IT Management, Patch Management, Security Vulnerability Remediation, and a robust policy based Zero Trust product.

Syxsense combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices. Its unified security and endpoint management platform centralizes the three key elements of endpoint security management (vulnerabilities, patch, and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex™ through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

For more information, visit: www.Syxsense.com

A new study examined Security Service Edge (SSE) adoption, and the role it plays in establishing a zero-trust architecture. According to the report, SSE’s popularity is reflected in the fact that 71% of cybersecurity professionals are familiar with it, despite it only being around for about two years. In fact, SSE ranks above single sign on (SSO), multifactor authentication (MFA), endpoint security, and Security Information and Event Management (SIEM) in the minds of IT executives as a key technology in the achievement of zero trust. That’s why 65% of organizations plan to adopt SSE in the next 24 months, with 43% planning on implementing before the end of 2023.

Zero trust is all about securing endpoints, applications, IT infrastructure, and data based on the assumption that any network or endpoint is always at risk of either internal or internal attack. Accordingly, zero trust means individuals are not automatically trusted just because they are on the network. They must prove who they are and are given limited access to only the systems they need. The same applies to devices. Zero trust verifies machine identities and picks up changes such as the browser being used for access. In essence, all devices and identities are not trusted and are denied access to corporate assets until they can meet a defined set of criteria.

SSE has quickly become a top strategic initiative for organizations due to the role it plays in Secure Access Service Edge (SASE) adoption and successful zero trust implementations. The study found that 67% plan to start their SASE strategy with an SSE platform, compared to 33% with SD-WAN. Why? SSE is seen as more secure while also bringing gains in terms of cost reduction and productivity.

Access Complexity

An area of confusion emerged in the study – access complexity. Researchers found that 63% of enterprises have at least three access security solutions in play. Nearly a quarter leverage six or more access solutions. As well as raising costs, management complexity, and taking up IT time, this mess of access applications inevitably leads to security holes. Cybercriminals are eager to exploit any areas where access controls are weak or missing. Users of legacy access solutions, in particular, believed their top challenge was that their current platforms granted too much inherent trust to users. This goes against the grain of the zero-trust mindset.

The survey showed that SSE services are seen as providing a means of reducing costs. The top two legacy solutions that enterprise security teams will look to replace with SSE in the coming year will be VPN Concentrators (63%) for VPN, SSL inspection services (50%), Distributed Denial of Service (DDoS) (44%), and data loss prevention (DLP) services (42%).

Implementing Zero Trust in the Enterprise

Security vendors are coming to market with all manner of tools aimed at achieving zero trust goals. The latest version of Syxsense Enterprise forwards these goals via an integrated Zero Trust module. By using Syxsense for vulnerability detection management and remediation, organizations have no need to add additional products or tools to achieve zero trust protection. Further, Syxsense Enterprise consolidates different tools for patching, vulnerability scanning, remediation, mobile device management (MDM), and zero trust in one unified platform. It blocks users on untrusted devices, automatically triggers actions to prevent breaches, and enables endpoint compliance using Zero Trust Network Access policies (ZTNA).

The Syxsense Zero Trust module, then, serves as a trust evaluation engine for endpoints. Security teams can use it to build sophisticated access policies, apply

apply fixes and remediate issues in real time to enable (or block) access. In addition, remediation of non-compliant endpoints includes automation to take care of tasks such as deploying an urgently needed security patch, updating the anti-virus signature database, and alerting IT about unauthorized access attempts.

For more information, visit: www.Syxsense.com

Software-as-a-Service (SaaS) is very much in demand, according to a new survey. This is good news for vendors offering SaaS services as well as MSPs who are grabbing a steadily larger slice of the expanding as-a-Service pie. The report reveals that many companies are struggling to manage their many SaaS applications. They often don’t know which apps are running, who authorized them, who needs them, and how much they cost. Only about 40% of businesses, it turns out, comprehensively track SaaS information. The rest are seriously lacking in relevant data about their SaaS portfolio.

One of the key findings was that 30% of organizations already spend 50% of more of their software budget on SaaS. Another 40% estimate that SaaS accounts for anywhere from 25% to 50% of their software expenditure. Thus, in the modern world, only 30% of organizations have less than 25% of their annual software budget being spent on SaaS. Clearly, SaaS is here to stay. That is good news for the vendors offering it as well as MSPs who add value by taking the management, tracking, and billing burden away from user organizations. These MSPs provide the service, charge a monthly fee, and take care of everything for their clients. This frees up IT to work on strategic priorities.

The major areas where MSPs can gain ground, according to the survey, are security, compliance, and cost. Two-thirds of respondents expressed concern around security risks, data breaches, and noncompliance. No wonder MSSPs are picking up business from enterprise users to ensure their SaaS-rich environments are safeguarded. As well as taking over the running of SaaS applications for functions such as CRM, ERP, and backup, MSPs are gaining business by upselling a host of security tools such as patch management, vulnerability management, endpoint management, and more.

The survey also noted that 57% of respondents expressed concerns around wasted spending and hidden or untracked SaaS costs. Part of the problem is that 89% of companies said at least three departments were involved in SaaS management. While the IT/software asset management teams often took the lead, they typically deal with at least two other parts of the organization that want to be involved in selecting, deploying, and managing various parts of the SaaS estate. Again, this is an area where MSPs are stepping in as a means of centralizing SaaS management.

In some cases, MSPs help organizations optimize their SaaS application portfolios. 80% of companies covered in the report said they were actively optimizing their applications or were planning to. Similarly, 75% said application rationalization and consolidation was a stronger focus than before. In this arena, MSPs must compete with vendors offering application management and rationalization platforms.

Finding the Right Security Vendors

Those MSPs wanting to add security services to their current offerings are advised to choose their partners carefully. The Syxsense Managed Service provider program is designed for MSPs and MSSPs looking to provide a higher level of management services to their customers. It consolidates multiple solutions together into a single offering that includes IT Management, Patch Management, Security Vulnerability Remediation, and a robust policy-based Zero Trust product.

Syxsense provides innovative, intuitive SaaS-based endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Our unified security and endpoint management platform centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

For more information, visit: www.Syxsense.com

Historically, successful attack strategies continue until adequate defenses are assembled. For example, the Mongol hordes ravaged Asia and Eastern Europe for centuries. A simple invention – the walled town – ended their ability to ride in from the wilderness and devastate a settlement. Since then, innovation has ended the dominance of the long bow and other forms of weaponry.

Maybe there will come a time when ransomware, too, will finally go away. But it is so lucrative that the bad guys are using it for all its worth. It is up to enterprises to up their game to be able to thwart it.

Ransomware Rising

Research from NCC Group reveals that ransomware activity is rising again. December of 2022 saw 269 ransomware attacks in the US, approaching the peak levels for the year seen that was experienced back in March and April of 2022. The leading antagonist in December was Lockbit, which accounted for 19% of attacks, followed by BianLain (12%) and BlackCat (11%). BianLain saw a 113% increase in ransomware activity for the month using the rare ‘Golang’ programming language. This group can encrypt victim devices rapidly and has a playbook that is causing concern. They release victim names in stages to prompt organizations into payment. If payment is not received, they release all the names.

Researchers at Comparitech came up with similar findings. They found 335 publicly reported ransomware attacks in 2022 in the US. But they drew attention to the previous year when double the number of ransomware attacks occurred.

Why the decline in 2022? One reason could be more targeted attacks. Hackers want to catch the biggest fish. They are going after them with more tailored tactics aimed at securing the biggest paydays. Further, in the event of non-payment, they prefer big names and well-known companies where there is a major embarrassment factor when they post the data for sale on the dark web or publish it online. Thus, we have seen ransom demands drop from an average of $5.5 million in 2021 to $4.74 million 2022 – yet the business sector experienced a surge in ransom demands, from $8.4 million average in 2021 to $13.2 million in 2022. Additionally, the average number of records breached in ransomware attacks in the business sector increased from 100,000 in 2021 to almost 900,000 in 2022.

The worldwide pattern largely follows that of the US. 1,365 ransomware attacks in 2021 dropping to 769 in 2022. However, the effectiveness of attacks has risen – again showing the likelihood of more precise targeting. In 2021, 49.8 million records were impacted by ransomware attacks and that number more than doubled to 115 million in 2022. Major victims include: TransUnion South Africa (54 million records), Russia’s Digital Network Systems (16 million records), Australia-based Optus (9.8 million), Medibank (9.7 million), and AirAsia Group (5 million).

Governmental and educational organizations remained heavily targeted by cybercriminals. Government-based ransomware attacks saw average ransom demands surge from $1.7 million in 2021 to a $10.2 million in 2022. Further, the volume of records breached per attack rose from 15,327 to 39,383.

Safeguarding the Enterprise

In the modern world, there is no time to bury one’s head in the sand and hope for the best when it comes to ransomware. Organizations should expect incursion attempts to be made steadily. Therefore, they must be well prepared in advance to prevent, detect, mitigate, and cleanse all systems before major damage occurs. They must ensure that no single unspotted vulnerability or unpatched system exists across their network.

Syxsense Enterprise offers a way to stop breaches with one endpoint security solution. It encompasses:

• Scanning for vulnerabilities: prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status.
• Device quarantining: Block communication from an infected device to the internet, isolate the endpoint, and kill malicious processes before they spread.
• Patch Management: With support for all major operating systems, automatically deploy OS and third-party patches as well as Windows 10 Feature Updates.
• Collaboration: IT and security teams can automatically collaborate in a single console to know and close attack vectors.
• Mobile Device Management: Control over the devices in your organization to keep your business-critical resources secure on every single endpoint in your network.

For more information, visit: www.Syxsense.com