Watch the video to see how leveraging SentinelOne Singularity XDR, and the Okta identity platform improves the contextual awareness of the solutions, ensuring that every identity is verified and malicious actors cannot advance laterally in pursuit of high-value targets.

Security in 2021 can best be described as a continued explosion of threats: cloud security, phishing attacks, remote work, insider threats, social media and mobile malware all dominated security teams’ time. In addition to well-publicized cyberattacks like Colonial Pipeline, JBS and Kaseya, the year ended with a bang in December with the critical Log4j vulnerability, serving as a reminder of the fragility of the world’s digital infrastructure.

Given the ongoing threat landscape, what can we expect in 2022?

The need for cyber insurance will be a bigger priority. Given the continued surge of ransomware attacks, which soared 288% in the first half of 2021 alone, the need for cyber insurance, especially in the SMB market, has never been greater. Though many industry experts argue against payouts, making cyber coverage a controversial topic, the evolving threat landscape means cyber insurance should be a top consideration as part of organizations’ cyber strategy. As such, we anticipate a booming cyber insurance industry as many organizations heed these warnings and seek to guard against ransomware attacks. Yet, in addition to cyber insurance, companies will need a designated DR or RR (Rolling Recovery) plan.

Zero trust will take on greater prominence with the continued role of the remote and hybrid workplace. Remote work will continue, with hybrid work gradually becoming the new normal – driving the need for zero trust. With the federal government mandating agencies to adopt zero-trust network policies and design, we expect this to become more common in the private sector to follow suit as 2022 becomes the year of verify everything.

Log4j will continue to be a top threat. As one of the top vulnerabilities to hit in over 20 years, log4j is not going away any time soon. Look for this vulnerability to push a new surge in hardware purchases and software replacements and upgrades as tech teams look to stay ahead of bad actors looking to continue to exploit this vulnerability.

Data security will take on even greater importance. As malicious actors seek new ways to exploit data and vulnerabilities, organizations must shore up their data protection practices. Alongside this, governments and consumers are looking to protect their data with many new laws and regulations regarding data collection and storage moving forward. Everyone will adopt privacy practices and will need to educate employees to help safeguard data while increasing their data security posture.

Cyber teams are going to be in the spotlight now more than ever. Understanding your security posture is crucial; knowing what current tools are available and what gaps currently exist in your infrastructure will help you to protect your enterprise. The need for a budget and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.

Stay up to date on all White Rock Cybersecurity initiatives through LinkedIn or Twitter. 

Join speaker, Selby Philipose, Senior Solutions Architect with Barracuda.

In this webinar, you will learn:

• How to protect your organization against ransomware attacks

• 13 types of email cyberthreats

• Top 3 phishing attacks and how to defend against them
  

Contact us today, to learn more.

By Ron Brown, VP of Technology, White Rock Cybersecurity

Digital transformation has been the biggest disruptor for retailers over the past few years, holding the promise to truly transform retail business models. Yet with the holiday season fast approaching, that same digital transformation is also a double-edged sword. In a survey by BDO, 34% of retailers cite cyber attacks or privacy breaches as the top digital threat facing their businesses, with long-term objectives by 40% of retailers surveyed being to shore up their cybersecurity.

 With cyber attacks and breaches on the rise, the holidays have become a lucrative time for cybercriminals. Consider:

• Retailers are often targeted by a wide range of tactics, techniques, and procedures (TTPs) including Card Not Present (CNP), gift card fraud, skimming, malware, account takeovers, and denial of service.

• Third-party vendor security has become a greater concern. When Target was breached back in 2014, the compromise happened via stolen vendor credentials of Target’s heating and air conditioning contractor. For most retailers, their Point of Sale (PoS) software and devices will be the Achilles Heel that constitutes a third-party risk.

Today, every organization is a target for cyberattacks, with industries that possess the most valuable data being the biggest targets. Retail is at the top of that list. However, following these steps, retailers can protect their businesses, their supply chain, and their customers from falling victim to cybercrime.

1. Ensure Continuous Monitoring, Detection, & Response (MDR)
   Invest in an appropriate level of MDR services based upon the cyber threats your organization anticipates. The key is to rapidly detect intrusions to quickly contain and eradicate the malware to reduce negative impacts upon the information system and data assets.

2. Perform Network and Endpoint Threat Assessments
   The growing list of information systems, software applications, bring your own devices, and Internet of Things (IoT), testing networks and endpoints with Intrusion Detection Systems (IDS) will reduce potential vulnerabilities to cyber-attacks.

3. Conduct Email Threat Assessments
   Email is a top gateway into an organization’s infrastructure. Conduct periodic email threat assessments targeting malware that may have made it through their anti-virus and firewalls. 

4. Implement an Effective and Timely Patch Management Program
   Some of the most significant data breaches were the result of organizations failure to implement effective and timely software patch management program of Microsoft and Cisco software.

5. Establish a Cybersecurity Awareness and Education Program
   The most cost-effective means to improve cybersecurity posture is to create a human firewall by providing quality cybersecurity educational programs to all employees and partners.

Cyberattacks are increasing in sophistication and magnitude of impact across all industries globally. However, taking proactive precautions and fine-tuning cybersecurity programs can help protect your business, supply chain and your customers against cyberattacks this holiday season.

The International Data Corporation or IDC advises that the new best practice for effectively protecting customers against ransomware is a "3-2-1-1" strategy. The last “1” in the best practices is the critical piece of the puzzle. A copy of the data backed up is stored immutable. The growing risk of compromising your customers' data – specifically via ransomware – DEMANDS the most up-to-date and complete solutions arsenal.

 In this webinar, you'll learn: 

·         Define a modern backup strategy (teaser: it's the 3-2-1-1)

·         Protect records and maintain data with immutable storage

·         Gain greater coverage with StorageCraft's OneXafe 4400

In case you missed it!  Here is the recording of the webinar on Incident Response best practices.