Weekly CyberTip: Hack Yourself
Concerned that your cybersecurity defences aren’t up to snuff? Then consider looking at hacking yourself – before the bad guys do it. There are online services that can provide an “outside in” attempt to penetrate your systems (without doing damage!) to expose vulnerabilities on your websites or Internet-facing services. For a deeper dive, “white hat” or ethical hackers can be hired to safely find security holes from inside your network, giving you time to fix problems before a threat actor can take advantage of any soft spots in your defensive posture.
Report: SIEM investments expected to increase over 45% by 2027
In a new report, UK-based market research firm Juniper Research forecasts a 45% increase in global security information and event management (SIEM) deployments by organizations looking to bolster their cybersecurity posture. The report suggests that the total business spend will increase from an estimated $4.4B (all figures USD) in 2022, to over $6.4B by 2027.
The report attributes the growth of SIEMs (which provide “real-time automated analysis of security alerts generated by applications and network hardware,”) to two key drivers. First, SIEMs now experience lower adoption barriers than in the past: SIEM solutions are becoming increasingly accessible to small- and medium-sized firms due to the emergence of cloud SIEMs and Software-as-a-Service (SaaS) models, which reduce upfront costs such as space, maintenance, hardware, and 24×7 personnel staffing. Further, the transition from “term licence (where businesses can use SIEM for specific licence lengths)” arrangements to more flexible subscription models is expected to allow “small business to access previously unaffordable services.”
In all, the report indicated that “SaaS business models within SIEM are gaining traction; accounting for almost 73% of global business spend on SIEM in 2027, from only 37% in 2022,” a projected increase of nearly 100% over the next five years.
The second driver, according to the report, is the ongoing digital transformation experienced by many companies, accelerated by the global pandemic. Today, organizations are “expected to manage an increased digital footprint while continuing to enhance their security capabilities,” to protect their valuable corporate data and IP, which “can be considered a very valuable target for both external hackers, and internal leakers”.
The report revealed that Juniper Research data shows that the average cost of a data breach in 2022 is around $4.3M; this figure mirrors data collected by IBM in their 2022 Cost of a Data Breach Report, which pegged the global average cost of a data breach at an all-time high of $4.35M.
To learn more about choosing the best SIEM for your business click here.
Spooky October for the healthcare sector in the United States
October’s Cybersecurity Awareness Month has been a difficult one for several healthcare organizations in the United States, according to a summary in Becker’s Hospital Review. The report provided a summary of eight ongoing cyber incidents affecting major American hospitals and healthcare networks, from three separate attacks in Washington State to inadvertent data leakage incidents in North Carolina and New Jersey.
International cooperation on improving IoT security
On October 19, the Biden Administration led a strategic discussion on IoT Security Labeling and the future of connected device security. According to the press release, “[g]overnment and industry leaders discussed the importance of a trusted program to increase security across consumer devices that connect to the Internet by equipping devices with easily recognized labels to help consumers make more informed cybersecurity choices,” imagining an environment in which the equivalent of an “’EnergyStar’ for cyber” program could be developed to help protect the public. The discussions helped maintain the momentum on the U.S. president’s 2021 executive order with executive order calling for improvements to national cybersecurity.
“Smart” device security has been a high-profile subject in various parts of the globe in recent weeks. IoT security is a key part of the European Union’s proposed Cyber Resilience Act proposed in September. On October 5, the Connectivity Standards Alliance published a Matter 1.0, an open wireless connectivity protocol designed to create interoperability between smart home IoT devices, leveraging distributed ledger technology and PKI to bolster device security. Meanwhile, the nation-state of Singapore, whose government is emerging as one of the world leaders in developing a global cybersecurity standards, announced that Germany has joined Finland in mutually recognizing IoT security labelling standards set by Singapore’s Cybersecurity Labelling Scheme (CLS). Singapore is also working to establish a global ISO standard (proposed as ISO/IEC 27404) for consumer IoT labeling.