Cybersecurity Failures and the Cost of Negligence – The Case of Marks & Spencer
Cybersecurity Failures and the Cost of Negligence – The Case of Marks & Spencer My Perspective In the current cyber threat landscape, complacency can be devastating. Marks & Spencer (M&S), one of the UK’s most prominent retail giants, recently fell victim to a devastating cyberattack, exposing glaring weaknesses in their cybersecurity framework. The attack, which began as early as February, exploited human error through social engineering. Hackers convinced M&S’s IT helpdesk to reset a password, giving them access to the network. This initial lapse spiraled into a full-blown crisis when attackers moved laterally through the system, ultimately deploying ransomware to encrypt virtual machines in April. The consequences for M&S are staggering: more than half a billion pounds wiped off its market value, suppliers left in limbo, customers locked out of the online store, and significant financial penalties looming due to GDPR violations. Personal data including names, email addresses, and online order history were exposed—proof that inadequate security measures can have far-reaching consequences. As an IT security expert, I must point out that such a breach could have been mitigated with the right cybersecurity tools. BlackFog’s Anti Data Exfiltration (ADX) technology would have detected the unusual data flow patterns, stopping the attack in its tracks. Bluedog’s Managed Detection and Response (MDR) services, with 24/7 monitoring, could have identified abnormal login behaviors and taken immediate action. Additionally, the dynamic access control features of archTIS’s NC Protect would have restricted the attackers’ lateral movement, protecting sensitive data from exposure. Critical Analysis from an Expert From an analytical viewpoint, the M&S cyber incident is a classic example of how human error can lead to catastrophic outcomes when paired with inadequate security protocols. The lack of multi-factor authentication (MFA) and weak endpoint protection provided attackers with a clear path to move within the network, undetected for months. Implementing real-time endpoint protection, such as BlackFog’s ADX, would have established robust monitoring of outbound data traffic, flagging suspicious movements. Furthermore, archTIS’s NC Protect, designed to dynamically adjust access permissions, could have minimized the risk of unauthorized data access. Continuous monitoring through Bluedog’s MDR would have immediately flagged the anomalous activities related to the password reset, drastically shortening the response time. The failure to implement comprehensive cybersecurity measures at M&S was not just an oversight; it was a critical flaw in risk management. Companies of all sizes, especially in the retail sector, must prioritize layered defense strategies to prevent similar incidents. Conclusion This attack on M&S serves as a sobering reminder: neglecting cybersecurity is a gamble that no organization can afford. The lessons are clear: enforce multi-factor authentication, invest in endpoint protection, and maintain continuous monitoring. Leveraging solutions from BlackFog, Bluedog, and archTIS is essential for businesses to not only protect their data but to secure their reputation and financial stability in an increasingly hostile digital environment. Fill out my online form Fill out my online form #Cybersecurity #DataProtection #EndpointSecurity #AntiDataExfiltration #RansomwareProtection #MarksAndSpencer #Cyberattack #RealTimeMonitoring #ManagedDetectionAndResponse #ZeroTrustArchitecture #RetailSecurity #SMBSecurity
The Sentinel Advantage: Customized Cybersecurity for KMUs in the DACH Region
Navigating the Cybersecurity Landscape with Bluedog’s Sentinel for Small Businesses Introduction: The digital era has brought unprecedented cybersecurity challenges, especially for small and medium-sized enterprises (KMU) in the DACH region. With limited resources but facing the same threats as large corporations, these businesses need effective yet budget-friendly cybersecurity solutions. Bluedog’s Sentinel hardware emerges as a beacon of hope, offering KMUs an effective way to protect their internal networks from both external and internal threats. Understanding the Cyber Threat Landscape for KMUs Recent incidents in the DACH region, like the cyber-attack on Austria’s Palfinger and the ransomware attack on Swiss firm Comparis, demonstrate the vulnerabilities KMUs face. These examples highlight the need for robust cybersecurity measures that can safeguard businesses against complex cyber threats. The Sentinel Solution: Tailor-Made for KMUs Bluedog’s Sentinel hardware is designed specifically for KMUs, providing a simple yet comprehensive solution to monitor internal networks. It addresses the unique challenges KMUs face, offering high-level security without the complexity or cost typically associated with such systems. Real-World Impact of Cybersecurity Breaches on KMUs Incidents like the ransomware attack on a district council in eastern Germany and the cyberattack on Brenntag’s North American division illustrate the devastating impact of cybersecurity breaches on businesses of all sizes. These examples underscore the necessity for KMUs to adopt robust cybersecurity solutions like Bluedog’s Sentinel. Bluedog’s Sentinel: A Comprehensive, Cost-Effective Solution Bluedog’s Sentinel provides a 360-degree view of network security, offering real-time monitoring and protection against a wide range of cyber threats. Its affordability makes it an ideal solution for KMUs in the DACH region, ensuring they do not have to compromise on security due to budget constraints. Conclusion: In a world where cyber threats are becoming increasingly sophisticated, KMUs can no longer afford to overlook their cybersecurity needs. Bluedog’s Sentinel offers a practical, effective solution tailored to the unique requirements and budget constraints of KMUs in the DACH region. It’s an investment in security that promises peace of mind and business continuity. Fill out my online form
Softlanding.ie Joins Forces with Bluedog Security: A Strategic Partnership for Enhanced Cybersecurity Solutions
Innovative Collaboration Between Softlanding.ie and Bluedog Security: Revolutionizing the Cybersecurity Landscape The digital world is evolving at an unprecedented pace, and with it, the complexity and frequency of cyber threats are escalating. In a strategic move to address this challenge head-on, Softlanding.ie is thrilled to announce its official partnership with Bluedog Security, a leading provider of cutting-edge cybersecurity solutions. This collaboration signifies a monumental step forward in our commitment to delivering robust and comprehensive security services, ensuring that our clients stay several steps ahead of cyber threats. A Harmonious Blend of Expertise and Innovation At Softlanding.ie, we have always prided ourselves on our ability to provide top-tier IT solutions tailored to the unique needs of our clients. Joining forces with Bluedog Security enhances our service portfolio, integrating their state-of-the-art security monitoring and threat detection capabilities with our deep industry knowledge and technical expertise. This partnership is not just a merging of services, but a fusion of vision, dedication, and a relentless pursuit of excellence. Elevating Cybersecurity to New Heights The cyber world is a battleground, and complacency can lead to catastrophic consequences. Recognizing this, Softlanding.ie and Bluedog Security are committed to not just responding to threats but anticipating and neutralizing them before they can cause harm. Through this partnership, our clients will benefit from an advanced, layered security approach, combining proactive threat hunting, real-time monitoring, and swift incident response. A Commitment to Excellence and Trust Trust is the cornerstone of any successful partnership, and it is a principle that both Softlanding.ie and Bluedog Security hold in the highest regard. Our collaboration is built on a foundation of mutual respect, shared values, and a unified goal to empower businesses by safeguarding their digital assets. We understand that in the realm of cybersecurity, the stakes are incredibly high, and our partnership reflects our unwavering commitment to upholding the highest standards of security and integrity. Tailored Solutions for a Diverse Clientele Every business is unique, with its own set of challenges, objectives, and risk profiles. Recognizing this diversity, Softlanding.ie, in partnership with Bluedog Security, is dedicated to offering bespoke cybersecurity solutions. Whether you are a small startup or a large corporation, our collaborative approach ensures that your specific needs are met with precision, efficiency, and a personal touch. Staying Ahead of the Curve In the dynamic landscape of cyber threats, staying ahead of the curve is not just an advantage but a necessity. Through this partnership, Softlanding.ie and Bluedog Security are committed to continuous innovation and learning. We invest heavily in research, development, and upskilling, ensuring that our team is equipped with the knowledge and tools to tackle the cybersecurity challenges of today and tomorrow. An Invitation to Secure Your Digital Future As we embark on this exciting journey together, we extend an invitation to businesses and individuals alike to join us. With Softlanding.ie and Bluedog Security at your side, you can navigate the digital world with confidence, assured that your cybersecurity needs are in the hands of experts who are as passionate about protecting your digital assets as you are about growing your business. In conclusion, the partnership between Softlanding.ie and Bluedog Security marks the beginning of a new era in cybersecurity solutions. With a shared vision, a commitment to excellence, and a relentless pursuit of innovation, we are poised to redefine the standards of digital protection. We look forward to embarking on this journey with you, forging a path toward a secure, prosperous digital future.
Enhancing EU Data Sovereignty with BYOK in Cloud Computing
In an increasingly data-driven world, organizations operating within the European Union (EU) are grappling with the challenges of data security and compliance, particularly under the stringent guidelines of the General Data Protection Regulation (GDPR). A pivotal solution emerging in this complex landscape is the Bring Your Own Key (BYOK) model, especially crucial in cloud environments like Microsoft Azure and Microsoft 365 (M365), where Cloud Service Providers (CSPs) often retain copies of encryption keys. This prevalent practice raises significant data sovereignty concerns for EU businesses. BYOK: A Strategic Solution for Data Security in the Cloud BYOK empowers organizations to create, control, and manage their encryption keys, effectively addressing the substantial risks associated with CSPs managing these keys. This approach is especially pertinent for EU companies navigating the complexities of GDPR compliance and the broader spectrum of data sovereignty issues. Understanding the Risks of CSP-Managed Keys Potential Data Exposure: When CSPs hold encryption keys, there is an inherent risk of unauthorized data exposure. This risk is magnified in the context of sensitive or confidential data, which, if exposed, can have far-reaching consequences for businesses and individuals alike. Legal and Governmental Conflicts: CSPs, subject to various international laws and regulations, may encounter situations where their legal obligations conflict with the stringent requirements of GDPR. This dichotomy can lead to complex legal challenges and potential breaches of EU data protection laws. Loss of Data Control: Reliance on third-party key management significantly undermines an organization’s data sovereignty. This loss of control over data encryption keys can lead to a diminished ability to safeguard sensitive information effectively. Compliance Challenges: Non-compliance with GDPR and other data protection regulations due to CSP key management practices can result in substantial penalties, financial losses, and reputational damage. Implementing BYOK in the EU Context For EU organizations considering BYOK, the focus should be on: Developing robust key management strategies. Ensuring seamless integration of BYOK with existing cloud services. Aligning BYOK practices with GDPR and other relevant EU data protection laws. The Indispensable Role of BYOK for EU Data Security In the current digital era, BYOK is not just a security measure but an indispensable tool for EU organizations to ensure data sovereignty and adhere to GDPR regulations. The risks associated with CSPs like Microsoft holding copies of encryption keys necessitate a shift towards BYOK to safeguard sensitive data effectively. Empower Your Organization with Our Comprehensive eBook To gain a deeper understanding of BYOK and its critical role in enhancing data sovereignty in the EU, we invite you to download our comprehensive eBook. This valuable resource delves into the nuances of the BYOK model, its implementation strategies, and how it can address and mitigate data security concerns in cloud computing environments. Download the eBook here: Fill out my online form
Softlanding announces a Partnership with Appgate an industry leader in secure access solutions
Softlanding announces a Partnership with Appgate an industry leader in secure access solutions . The partnership allows Softlanding , to resell and provide services for App Gate. Helmut Hubmann, CEO at Softlanding , said, “Our customers are looking for solutions to help them with data discovery, secure collaboration, Sharepoint and TEAMS security. Our partnership with AppGate allows us to expand our security solutions portfolio to include Software Defined Perimeter,Digital Threat Protection,Risk based Authentication and offensive Services. About AppGate An industry leader in secure access solutions changing cybersecurity for the better by making it simpler for users and operators and harder for adversaries. Secure Access to Your Network and for Your Consumers We work hard to master the offense, understanding how cybercriminals operate, so that we can build the best defense. Our solution
Cybersecurity Tips For 2021
2020 has proved to us all that a new year does not necessarily have to be better than the last. It could go worse, and for most of us, COVID-19 proved to be a lethal obstruction in our lives. While this a fact known to everyone, we would like to highlight some alarming piece(s) of news. Coronavirus, alone, is to be blamed for a 238% rise in cyberattacks on banks. Ransom attacks crossed 148% in the first quarter of 2020. In the first six months of 2020 alone, more than 81 international firms from 81 countries complained of data breaches. A whopping 600% increase in phishing attacks was witnessed before the arrival of March. You are highly mistaken if you feel cyberattacks like phishing attacks or data breaches are only limited to big companies and firms. You could personally fall prey to cyberattacks if you do not secure your personal information and gadgets. Take a look at the following cybersecurity tips that you must take note of and implement in the coming times. Secure passwords The era of using Password or 12345 as your password is long gone and not so hysterical anymore. Today, you have your personal and sensitive information stored in your system and your emails. Tomorrow it could be all wiped off or leaked. Firstly, make sure you do not let anyone use your computer while you are gone. Do not use predictable passwords like your name or your birthdate to make it easy for you to remember. It is also easy for hackers to crack it. Use two-factor authentication options 2FA codes are the best way to secure your online account (along with a strong password). It could be a four- or six-digit code sent on your registered phone number or email address. Whether it is your social media count or email id; make sure you enable 2FA. Antivirus software Cybersecurity breaches can happen unknowingly by clicking on “interesting” links or unknown website portals. Installing antivirus software and firewall on your system is definitely a safe and sane decision in this time and age. Make sure to purchase such software from reputed companies. Install updates Outdated software can pose a big security threat to your device. Software updates are meant to provide better security and ward off any kind of bugs that act as access to steal information. Enable automatic updates on your device to reduce cybersecurity risks. Along with staying updated on the tips mentioned above, make sure you keep your devices secure by only installing applications from trusted developers. Avoid public WiFi at all costs unless it’s an emergency and most importantly, always backup your data. These tips are simple and easy to follow. Also, they significantly reduce the risks of cybersecurity attacks.
Why vpns fail to protect industrial controls
Building management maintenance is important for data center operators. This can be done using VPN access but it has inherent limitations that make the use of VPNs risky for the safety and security of corporate networks. Covid-19 has forced businesses to rethink the working ways and has caused the propagation of a work-from-home or remote-working culture on a massive scale. Cloud-based SaaS videoconferencing and other supporting applications have made this transition a smooth one and allowed the corporate workforce to remain productive. The real problem is now being faced by the exceptionally skilled technical workers who require system access which is possible only on highly-secure corporate networks like industrial building management systems. Managers also have to ensure that only authorized personnel are granted access to these systems. Till 2019, access to the systems was only possible if the employee was present on-site. The travel restrictions and social distancing measures that were put in place in 2020 have strained these employees and created potential risks that are critical to operations. For building management system maintenance, earlier the data center operators allowed access through traditional VPN software. But this software has limitations such as vulnerability to common attack vectors and the complexity and difficulty in managing these VPNs. Also, in most cases, dynamic access is not allowed based on user context and conditions. Owing to these problems, many data center operators are now looking for suitable alternatives to the more traditional VPNs. One of the best answers for such data center operators who manage sensitive industrial systems is the Software-Defined Perimeter (SDP). One of the biggest advantages offered by SDP is the ability to enforce least privilege access to third party organizations. In contrast to a VPN, SDP based access allows employees to work on specific systems which are a part of the support contractor’s agreement, without giving them access to the entire network. For example, if a contractor is responsible for the maintenance of wireless humidity and temperature sensors of a data center, that contractor can be given limited access to the relevant servers without allowing access to the other building management systems. SDP also has a feature that allows the data center operators to determine whether or not a system is sufficiently updated and secured to access the network. These additional security and audit controls provide much better safety access control than traditional VPNs. All in all, The traditional VPNs are no longer suitable for dynamic and multi-dimensional access control for industrial building management systems.
Why Get Serious About Zero Trust Security
Zero Trust is one of the latest buzzwords in cybersecurity. However, it is one of the efficient tools to deal with today’s sophisticated threats. Zero trust is a security model that requires all users to be authorized, authenticated, and continuously validating security posture and configuration, before being given access to data or apps. Simply put, the users and devices, both inside and outside the network, are considered untrustworthy (even they have passwords to access). The trust is vulnerability in a zero trust model. That’s why this concept is known as zero trust. Even a trusted and familiar user needs to get verified to get access. Zero trust can be incorporated through multifactor authentication identity and access management, and endpoint security technology to validate the user’s identity. For example, an OTP is sent to the registered number of a user once he logs in using their password. However, Zero Trust can only be successful if organizations can continuously monitor and validate that a user and his device has the right attributes and privileges. Single validation simply won’t be sufficient, because threats and user attributes are likely to change. Therefore, organizations should ensure that all access requests are continuously screened before allowing connection to any of your organization or virtual accounts. The implement of Zero Trust policies mainly relies on real-time visibility into user attributes such as user identity, endpoint hardware system, path levels, OS versions, and user logins. Why Get Serious about Zero Trust Security Zero Trust is one of the essential measures to control access to applications, data, and networks. It integrates a wide range of preventative techniques such as endpoint security, least privilege controls, identity verification, and micro-segmentation to prevent potential attackers and restrict their access in the event of a data incident. This security layer is important as organizations often increase their number of endpoints within their network and increase their infrastructure to cover cloud-based applications and servers. Zero trust networks let access rights only when it is more than important, verifying all request to link to its systems before approving access. Minimizing security perimeters into tiny zones to create distinct access to various parts of the network minimizes lateral access across the network. Finally, by strengthening the network and limiting user access, Zero Trust security aids the organization prevents breaches and reduce potential damages. This is an important preventive measure as the attack might be launched by the users inside.
What is Pass-The-Hash Attack? How to Prevent It?
In a Pass-the-Hash or PtH attack, a threat actor steals a password and without decoding it, reuses it to manipulate an authentication system into creating a new authenticated session on the same network. To carry out a pass the hash attack, the threat actor first captures the hashes from the targeted networking using certain hash dumping tools. Then they use a pass the hash tool to lace the captured hashes on a Local Security. This often tricks a Window’s authentication system into considering that the malicious actor’s endpoint is that of the genuine user. This way, it will pass the required credentials when the attacker attempts to access the target network. And they don’t need the real password to do that. PTH attacks leverage the authentication protocol, as the passwords have remained static for all session until it is rotated. Threat actors commonly capture hashes by scraping the active memory of a system and other tools. While PTH attacks commonly occur in Windows-based systems, Linux, UNIX, and other platforms are not immune to this attack. In Windows, PTH leverages SSO or Single Sign-On through NT Lan Manager NTLM, Kerberos, and other authentication processes. Whenever a password is created on a Windows system, it is often hashed and stored in the SAM (Security Accounts Manager), LSASS (Local Security Authority Subsystem) process memory, the Credential Manager store, and an ntds. dit database in Active Directory, or elsewhere. Therefore, when you log into a Windows workstation or server, you leave behind your passwords. How to Deal with Pass the Hash Attack? To make a PtH attack successful, an attacker has to gain local administrative access on a system (PC) to capture the hash. Once the perpetrator gets into the system, they can meet their purpose easily, stealing more passwords. Incorporating the following security practices can help eliminate, or at least reduce the impact of a Pass the Hash attack: Having the least Privilege Security System: It can reduce the possibility, and minimize the effect of a PTH attack, by minimizing a threat actor’s capability to get privileged access and permissions. Removing needless admin rights will be a long term solution to minimize the risk of PTH and many other security threats. Implying Password Management Solutions: Make sure to rotate your passwords frequently. You can automate password rotation after each privileged session. It will help you block PTH attacks. Separating Privileged and Non-Privileged Accounts: In this practice, different types of non-privileged accounts and privileged accounts are separated. It can minimize the attacker’s reach to the administrator accounts and thereby, minimize the risk for compromise, as well as the risk for lateral activity.
What is a Global Catalog Server?
A feature of Active Directory (AD) domain controllers, the global catalog allows a domain controller to provide detailed information on all the objects in the forest, independent of whether the object in consideration is a member of the domain controller’s domain. If the global catalog feature is enabled with a domain controller, that domain controller can be termed a global catalog server. A global catalog server performs several functions that are required in a multi-domain forest environment. Two of the most important functions of a global catalog server are described below: Authentication – A domain controller processes the authentication request and provides information related to the authorization for all the groups for which the user account is a member. This authentication information is included in the user access token generated by the system. Object Search – The directory structure of a forest is made transparent by the global catalog for users who are performing a search operation. Active directory partitions Understanding how the Active Directory (AD) database is structured will help us in understanding how a global catalog works. The AD database is stored in a single file named NTDS.dit by the domain controllers. The database itself is separated into partitions which facilitate efficient replication and simplify the administration of the database. Each domain controller has at least three partitions: Domain Partition which stores information on the domain’s objects and their attributes Configuration Partition which stores information on the forest topology, domain controllers, and site links Schema Partition which stores definitions of every object class of the forest and the rules which determine the creation and use of those objects Additionally, Application Partitions may also be maintained in the domain controllers which store information pertaining to AD-integrated apps and any object type except for the security principles. Deployment of global catalog servers Upon successful creation of a new domain, the first domain controller becomes a global catalog server. Enabling the Global Catalog checkbox in the NTDS Settings of the server allows the configuration of additional domain controllers as global catalogs. There are two ways to do this: Access the Active Directory Sites and Services management console Set-ADObject PowerShell cmdlet by inserting the following code: Set-ADObject -Identity (Get-ADDomainController -Server ).NTDSSettingsObjectDN -Replace @{options=’1′} Every domain which is a part of the forest should contain at least one global catalog server. This will remove the need to have an authenticating domain controller that communicates along the length and breadth of the network in order to retrieve global catalog information. Where it is not possible or feasible to deploy a global catalog server for a domain, Universal Group Membership caching can be enabled to reduce network traffic related to authentication. It will also allow logon authentication when communication with a global catalog server is not possible from within the remote site.