In today’s increasingly interconnected digital world, even the most secure organizations face ever-growing cybersecurity risks. Sophisticated cyberattacks, data breaches, natural disasters and other unforeseen events can disrupt business operations, or worse — they can compromise sensitive information and damage an organization’s reputation. Businesses must have a well-defined incident response plan to protect consumers and enable a swift recovery. 

Our guide can help you outline the steps you need to prepare for a cybersecurity incident — because it’s better to be safe than sorry.

Table of contents:

• What Is an Incident Response Plan?
• Why It Matters
• How to Build a Cybersecurity Incident Response Plan
• Benefits of an Incident Response Plan

What Is an Incident Response Plan?

An incident response plan — sometimes referred to as a security incident response plan, or SIRP — is a comprehensive set of procedures and guidelines designed to detect, contain, eradicate and recover from security incidents swiftly and effectively. 

Incident response plans help minimize the frequency and severity of cybersecurity incidents, like:

• Data breaches: security incidents where unauthorized individuals gain access to sensitive or confidential data, potentially exposing it to theft, manipulation or unauthorized use
• Cyberattacks: deliberate malicious activities launched against computer systems, networks or digital infrastructure with the intent to disrupt, steal or damage data, or gain unauthorized access
• Distributed denial-of-service (DDoS) attacks: a type of cyberattack where multiple compromised devices are used to overwhelm a target server or network with a flood of internet traffic, significantly slowing down operations and preventing legitimate users from accessing it
• Natural disasters: any incident where physical damage to infrastructure, power outages or disrupted communication networks increase an organization’s vulnerability to cyberattacks
• Corporate account takeovers (CATO): cyberattacks that occur when unauthorized individuals gain control of a company’s financial accounts, typically through phishing, malware or social engineering techniques
• Human error: vulnerabilities created by authorized users through actions such as falling for phishing scams, weak password practices, improper handling of sensitive information or unintentionally installing malicious software

Why does your business need an incident response plan?

According to a recent study, 77% of companies still lack a formal incident response plan, despite a 7% increase in cyberattacks in the first few months of 2023. Not having a SIRP in place can lead to uncoordinated and chaotic responses during cybersecurity crises, resulting in:

• Prolonged downtime
• Increased financial loss
• Compromised data security

An incident response plan allows you to identify and address an incident as soon as possible, making sure damage is minimized and solutions are applied almost immediately.

How to Build a Cybersecurity Incident Response Plan

An incident response plan consists of a series of proactive processes that can be divided into five key phases:

1. Preparation
2. Detection and analysis
3. Containment and eradication
4. Recovery
5. Continuous improvement

1. Preparation

The first phase in constructing a cybersecurity incident response plan is to thoroughly assess potential risks and vulnerabilities within your systems, networks and processes. This means analyzing areas prone to cyberattacks, including:

• IT infrastructure 
• Data storage 
• Access controls
• Existing security measures 

By identifying these risks and vulnerabilities upfront, you can develop appropriate strategies and countermeasures to address them effectively, enhancing the resilience and preparedness of your incident response plan.

2. Detection and Analysis

Once you’re aware of your system’s vulnerabilities, implement detection methods and tools to identify and alert you of potential security incidents. This involves deploying security technologies that can continuously monitor your networks, systems and user activities for any signs of suspicious or malicious behavior, like:

• Intrusion detection systems (IDS): Monitor network traffic and identify potential unauthorized or malicious activities, such as intrusion attempts, malware infections or suspicious network behavior.
• Intrusion prevention systems (IPS): Goes a step further than IDS by actively blocking and preventing identified malicious activities, providing real-time protection against network-based threats.
• Log monitoring tools: Detect and analyze log files generated by various systems, applications and network devices to identify unusual or suspicious activities.
• Security information and event management (SIEM): Aggregate and correlate log data from various sources, allowing for centralized monitoring, real-time alerting and advanced analytics to detect security incidents and anomalies.
• Endpoint detection and response (EDR): Focus on monitoring and protecting individual endpoints, such as desktops, laptops and servers.
• Behavior analytics: Employ machine learning algorithms and user behavior modeling to detect unusual activities and deviations from normal patterns, helping identify potential insider threats or compromised accounts.

These tools allow you to quickly respond to and mitigate potential threats by proactively detecting security incidents. 

Don’t settle for a cybersecurity solution that’s only effective against select viruses and malware. Panda Security’s 100% threat detection rate has been guaranteed by the leading IT security institute AV- Comparatives, so you’ll know you’re getting the best protection available.

3. Containment and Eradication

When responding to a cyberattack, outline immediate actions to isolate and contain the security breach, preventing it from spreading further and causing additional damage. This may include:

• Identifying affected systems
• Quarantining compromised devices
• Disconnecting infected network segments 
• Employing network segmentation to safeguard critical systems and sensitive data
• Temporarily revoking or restricting user access
• Utilizing external cybersecurity experts or incident response services to help contain and remediate the incident 

After containment, the focus shifts to eradicating the root cause of the incident, which involves removing malware, closing vulnerabilities and implementing necessary security patches or updates.

4. Recovery

Once the incident has been contained and eradicated, you can start restoring affected systems, services and operations to their normal state. Your incident response plan should have a thorough recovery process in place that includes:

• Applying data backups to recover lost or corrupted information
• Reconfiguring systems and networks to ensure their security
• Conducting post-incident testing to verify the integrity of restored components
• Ensuring all recovery actions align with legal and regulatory requirements, particularly regarding data breach notification and incident reporting
• Installing security patches and updates to close known vulnerabilities that may have been exploited in the incident, reducing the risk of further attacks

The recovery phase aims to minimize downtime, enabling operations to resume as swiftly as possible while preventing similar future incidents.

5. Continuous Improvement

An incident response plan should be treated as a living document — as threats evolve, so should your mitigation strategy. After successfully responding to and recovering from an incident, focus on enhancing your incident response capabilities based on lessons learned through a comprehensive post-incident analysis. These analyses typically include:

• A detailed incident timeline
• A description of the attack, including attack vectors, affected systems and data exposed or compromised
• A list of response actions and their effects
• A root cause analysis

Schedule regular reviews, updates and testing of the incident response plan to ensure it remains effective against evolving threats. By consistently refining your incident response procedures, you can strengthen your ability to detect, contain and mitigate future incidents, reinforcing your overall cybersecurity resilience.

Benefits of an Incident Response Plan

Having an organized response plan in place before an incident occurs has many benefits, including:

• Insight into existing security gaps: outlines the steps taken to detect, respond to and mitigate incidents, revealing areas where vulnerabilities and weaknesses may have been exploited
• Reduced downtime and recovery time: provides predefined procedures and resources for effectively restoring systems, services and operations, enabling a quicker return to normalcy
• Protection of sensitive data: implements measures such as encryption, access controls and secure data handling protocols, reducing the risk of data compromise during and after an incident
• Ensured compliance: defines procedures for incident reporting, data breach notification and adherence to relevant regulatory requirements, helping organizations mitigate potential legal and reputational consequences

It’s imperative for organizations of all sizes to have an incident response plan in place — even better if you never have to use it. Panda Security’s premium protection services continuously scan your devices for vulnerabilities and automatically apply security patches to minimize the risk of cyberattacks. If all else fails, you’ll always have a dedicated technician ready to get you up and running again in record time.

The post Incident Response Plan: What It Is and How to Build One appeared first on Panda Security Mediacenter.

Small businesses (SMBs) account for about 43% of cyber attacks annually, despite their size and revenue. Being small doesn’t necessarily mean you are more protected — in fact, sometimes it means just the opposite because IT teams are unprepared, infrastructure is underfunded and employees are uninformed. Even medium-sized businesses can be vulnerable to dangerous cyber attacks.

Keeping your SMB protected from cybercriminals and hackers of all types is more important now than ever. Investing in premium protection plans and following these 13 cybersecurity tips for small businesses can help you defend your business and protect your online systems.

1. Complete a Risk Assessment

Before investing in antivirus software, VPNs and other protection measures, perform risk and vulnerability assessments to identify where your systems face the most threat. These assessments can provide SMBs with a list of potential vulnerabilities as well as areas where security improvements would make a substantial difference.

2. Install Antivirus Software

Small businesses can protect their systems from potential threats by installing antivirus software. Many antivirus systems can detect threats before they break through a company’s security protocols, acting as one of the first lines of defense against a cyberattack. Additionally, antivirus for small businesses is usually scalable and easy to install.

3. Utilize Virtual Private Networks

To increase your business’s protection while employees are traveling or working remotely, use a virtual private network (VPN). VPNs provide users with a secure network connection and protect vulnerable IP addresses and data from hackers or breached public networks.

4. Secure the Network

The tools you use to protect your networks and infrastructures are vital to the level of protection your devices achieve. Defense mechanisms that are able to protect against active and inactive malware, encrypt SSIDs and hide identifying information are indispensable. Investing in state-of-the-art protection, detection and remediation technology tools like WatchGuard EDR and Panda Adaptive Defense can help you secure your network against both external and internal attacks.

5. Keep Machines Clean

Yes, it’s important to keep your machines clear of dust and dirt, but it’s more important to keep your internal systems clean. Install the latest security software and update your device’s operating systems to ensure bug fixes are installed and your systems are up-to-date with the newest protections.

6. Avoid System Mobility

In a perfectly controlled network, the contingencies that could endanger the system are reduced to almost zero. However, as soon as IT employees clock out for the day, that control is lost. Keeping the system isolated by maintaining no contact at all with personal networks or devices outside the working environment is the best way to avoid this. Teams can also create and employ firewall protections to add an additional layer of security while systems are idle.

7. Enable Zero Trust Security

System breaches can come from anywhere. To keep your small businesses’ systems as secure as possible, set up and enable zero trust security. This will require all accessors — including both internal and external actors — to authenticate their identity before gaining access to the system. Additionally, zero trust architecture systems are segmented so users are only granted access to specific areas of a system.

8. Use Secure Solutions

When it comes to payments, data transfers, and other sensitive operations, it’s important to maintain security and data integrity. Using adequate encryption methods, reliable certificates and secure payment platforms is essential. Plus, small businesses should incorporate multi-factor authentication into their system protocols, and refrain from using personal mobile devices as secondary security sources.

9. Educate Your Workforce

Employees are an SMB’s first line of defense in the face of a cyberattack, so they need to know the possible dangers and access points a hacker may try to break through. Employee training and education should focus on security practices, working protocols, prohibited actions, and how to solve problems stemming from cyber activity.

10. Understand Password Security

Strong passwords can make or break the security of any organization, including small businesses of all types. Create passwords at least eight characters long with alphanumeric characters, uppercase and lowercase letters, and symbols to increase their strength. It is also advisable to change them from time to time, never use the same password for more than a year and utilize a password manager for added security.

11. Create Backups

Although there are solutions and companies dedicated exclusively to safeguarding companies’ data, the value of backups should never be underestimated. Maintaining consistent backups of all company data can protect SMBs from the danger of some cyberattacks and prevent ransomware attacks.

12. Vet Third-Party Partners

If your SMB partners with a third party, vet them and their employees before granting them access to your systems. Zero trust security can provide additional protection surrounding your infrastructure systems, but background checks are encouraged before granting network access.

13. Guard Physical Hardware

While hackers are well-known for attacking devices from a distance, they may choose to access devices physically if they have the chance. Keep devices away from unauthorized individuals, and enable remote wiping access so you can protect your system’s security on lost or stolen devices. Additionally, electronic devices should be wiped and recycled instead of thrown away during times of device transition.

These cybersecurity tips for small businesses are not meant to be fail-safes. Rather, these tips should be put into practice well before a cyber threat occurs. 

More than 30 million users trust Panda Security to keep their information and businesses protected from cyberattacks — and you can, too! Our remote support teams can help tailor our services to your business’s specific needs.

The post 13 Cybersecurity Tips for Small Businesses in 2023 appeared first on Panda Security Mediacenter.

The impact of the COVID-19 pandemic on society has led to a digital transition period with organizations and businesses having to rapidly rewrite their plans for the immediate future. As companies set out to address these new scenarios, the need for expert technical support has become increasingly evident, and vital in order for investment and implementation of new technologies to bear fruit. The IT distribution channel has always been evolving to deliver new technologies to the market, and it is now more important than ever that channel partners -and especially service providers (MSP), who represent a key figure in many ways- are ready and able to help businesses rapidly embrace innovations and make the journey of digital transformation as fast, agile, and secure as possible.

IT channel and partners: a new role in the post-COVID era.

As a result of the uptake of new digital technologies by businesses, forecasts suggest that IT spending will increase, as companies seek to keep up with the momentum of recent months.

To derive the greatest possible value from the current and future adoption of new technologies, many companies will be looking to the IT channel for support, and partners must evolve to meet these new demands and ensure they are valued as key trusted partners by the companies of the future.

Now WatchGuard, after the successful integration of Panda Security’s endpoint security solutions and a new focus on MSPs, represents a pillar of support for the IT channel. As Michelle Welch, Senior Vice President of Marketing at WatchGuard says: “We’ve seen a shift in how partners want to deliver their services to end-customers. They are no longer expected to sell individual products, but to deliver the complete stack of solutions. That is why we are looking for ways to expand our portfolio to meet that need.”

According to Welch, the pandemic has impacted IT environments in three ways:

• The perimeter lines of networks are being redrawn. This was already happening, but the COVID-19 pandemic has seen an acceleration of the process. “The boundaries of the network no longer stop at the company walls. Users are the new border. Partners must therefore shift their attention to securing users, wherever they are,” Welch explains.
• Transactions between businesses and customers are changing. “Many companies had to close their doors and continue online. They had to speed up any plans to expand their e-commerce activities. This, in turn, means that they have to take into account new challenges that come with data processing, for example, due to the rules surrounding data protection (GDPR)”.
• A third factor is the way that cyberattackers are exploiting the situation. “You saw a spike in unemployment fraud,” says Welch. “Personal numbers were stolen and misused to illegally obtain benefits in someone else’s name. In general, social engineering and phishing are unfortunately also more effective. People are tired, scared and angry, which makes them more vulnerable”.

Endpoint solution

Panda Security and its Adaptive Defense 360 endpoint solution is the latest addition to WatchGuard’s portfolio, delivering just what partners need at times like these: a truly endpoint-centric solution. In the past, WatchGuard’s endpoint security operated as part of the network. Adaptive Defense, in contrast, works directly on the endpoint, protecting devices even when they are outside the corporate network.

The immediate aim of this joint enterprise is to ensure that partners and customers of both companies have access to the innovative and newly extended portfolio of security solutions, creating a security platform that connects the user’s network and perimeter with advanced endpoint protection capabilities. Find out more about this offering! and discover all the benefits of joining WatchGuardOne.

The post COVID-19: the impact of the pandemic in three IT areas appeared first on Panda Security Mediacenter.

To date in 2020, the Spanish Data Protection Agency (AEPD) has reported 837 security breaches affecting personal data, which is 201 more than those reported in the same period last year. Yet one in three of these are still without a security incident response plan, which underlines how the security teams charged with this task and with providing a forensic response are now needed more than ever.

This was demonstrated when 16 hardware and software platforms were hacked -albeit in a controlled environment- in a matter of minutes, using previously unknown methods, during the renowned Chinese hacker competition ‘Tianfu Cup Security Contest’. Hackers are permitted to bring pre-designed hacks, though they must put them into practice live and prove that they are original. The competition invited participants to hack the following systems: Microsoft Edge, Chrome, Safari, Firefox, Adobe PDF Reader, Docker-CE, VMware Workstation, VMware ESXi, Ubuntu + qemu-kvm, iPhone 11 Pro + iOS 14, Samsung Galaxy 20, Windows 10 2004, Ubuntu 20/CentOS 8, Microsoft Exchange Server 2019, TP-Link WDR7660, and ASUS Router AX86U.

The competition was clearly a success, with 13 of the 16 target systems successfully hacked by Tianfu Cup 2020 contestants, who came up with a total of 23 hacks. The security flaws revealed were promptly reported to the respective companies so they could be addressed.

Can advanced technologies stop hackers?

One of the aims of such hacking competitions is to raise awareness of the importance of protecting systems, as they have demonstrated the extent to which companies and users are exposed to cyberattacks. Hackers are put to the test with challenges in which they have to detect weaknesses in a system in real time, and put themselves in the shoes of a cybercriminal to demonstrate that all they have to do to infiltrate a system is find a security hole.

The prize money in this edition of the competition totaled US$1.2 million. The business reality, however, is that the cost of cyberattackers exploiting security flaws is also significant, and not just in terms of what hackers might earn directly, but also through other security repercussions and damage to corporate image. Organizations should therefore be looking toward a proactive strategy and advanced solutions that enable them to properly classify and control access to sensitive information to avoid any kind of problem.

Regardless of the size of your organization, a cybersecurity suite such as Adaptive Defense ensures a holistic approach to incident response, as it integrates Endpoint Protection and Endpoint Detection and Response (EDR) solutions with 100% Attestation and Threat Hunting and Investigation services, all deployed via a single, lightweight agent. The combination of these solutions and services provides detailed visibility of all activity across all endpoints, complete monitoring of all running processes, and a reduced attack surface. Such factors are crucial for surviving an attack and minimizing impact and recovery costs.

In addition, given that most attacks and exploits take advantage of out-of-date third-party systems and applications, exploiting known vulnerabilities, often when a patch has been available for weeks, or even months before the exploit, Patch Management is one more key tool in the advanced and adaptive security architecture that Adaptive Defense 360 offers companies to strengthen their cybersecurity posture. Now available from WatchGuard products and services.

The post 16 hardware and software platforms hacked in minutes. A contest or business reality? appeared first on Panda Security Mediacenter.

Following World War II, the technological and arms race that began between the United States and the Soviet Union became known as the Cold War. The Cold War nowadays has entered into a new phase: cyberwarfare. Technology is increasingly being used to gain a competitive edge in global geopolitics, and governments are increasingly concerned about the strength of national defenses against foreign intelligence agencies and attacks from other countries.

The three leading players in the current scenario are the United States, China, and Russia, and 2020 has already been a busy year, with cyberattacks used as a launchpad for espionage, disinformation campaigns, and even simply financial gain.

U.S. intelligence agencies, for instance, have gathered evidence that Russian, Chinese, and Iranian state agents have been using social media and other campaigns, including spam, to spread misinformation in the United States and interfere with presidential elections. They have also specifically accused six Russian citizens of this type of hacking. There are many other examples: UK intelligence services found that Russian agents had been plotting to disrupt the -now canceled- Tokyo Olympics. State-sponsored groups have been accused of attempting to infiltrate several health organizations working on coronavirus vaccines. Microsoft and other agencies have been fighting to close down a botnet used in election interference. Chinese operatives have also been accused of politically motivated hacking of diplomats and NGOs. And governments such as North Korea’s have been accused of using ransomware for financial gain.

The year 2020 has also stood out for the cyberwar between Israel and Iran. “It is another common type of conflict,” Arik Brabbing, former head of the Israel Security Agency’s SigInt and Cyber Division told the Washington Post, neither personally confirming nor denying that, following a recent cyberattack by Iran on Israeli water supply infrastructure, there was a retaliatory attack on the control systems of a major Iranian port, disrupting activities in and around the port for many weeks. Regarding the attack on the water supply system, Brabbing confirmed that it was part of the strategic infrastructure of the State of Israel, controlled by the Israeli National Cyber Directorate (INCD), and added that the worst part was that it was not identified early enough and exposed the weakness of cyberdefenses.

As global tensions rise and cyber weapons evolve, it seems clear that cyberwar activity is taking place with no agreed conventions between countries. Moreover, the complexities involved in attributing responsibility for attacks further exacerbates existing geopolitical tensions. And as the world adopts 5G technology, the consequences, scale, and scope of digital attacks could increase exponentially.

These are some of the issues that led the World Economic Forum to identify cyberattacks as the greatest non-environmental threat to humanity. The World Economic Forum’s 2018 Global Risk Report warned that “the use of cyberattacks to target critical infrastructure and strategic industrial sectors (…) could trigger a breakdown in the systems that keep societies functioning,” and this warning was repeated in the 2019 and 2020 reports. Cyberwarfare has undeniably become a major concern for businesses and the economy, yet not everyone is ready to deal with it.

What role has the COVID-19 pandemic played in the evolution of threats?

The COVID-19 pandemic has been accompanied by another associated threat: cyberterrorism. Online attacks on highly vulnerable and sensitive state agencies and systems have increased during the coronavirus crisis, including hospitals or scientific research laboratories, as well as other essential utilities for businesses and consumers, such as infrastructure networks and electricity, gas, or water systems.

According to Corey Nachreiner, Chief Technology Officer, “the COVID-19 pandemic has not had a major impact on cyberwarfare. The Cold Cyberwar had already initiated before the pandemic, and while it offers new opportunities to spread misinformation, it doesn’t change the political landscape that drives these conflicts in the shadows. Having said that,” he adds, “we have witnessed state-sponsored hackers leveraging the pandemic, primarily targeting organizations that may be researching a vaccine. We assume that this is more down to countries trying to gain an advantage in vaccine development, rather than actually attacking the country itself.”

“Living-off-the-Land” attacks in cyberwarfare

One factor that has greatly aided these cyberwarfare attacks is that they don’t require malware to be installed on target systems, but can be perpetrated through seemingly trusted programs.

‘Living-off-the-Land’ attacks take advantage of legitimate tools that are already on operating systems in order to gain control of systems. Smart adversaries do this as these legitimate tools are less likely to be recognized as malicious by security systems. Fortunately, however, advanced cybersecurity solutions such as Adaptive Defense 360 are available on the market. They combine endpoint protection and detection technologies with 100% process classification services, in order to prevent these ‘Living-of-the-Land’ attacks from occurring. Tools such as these provide detailed visibility into all activity across all endpoints, complete monitoring of running processes, and ultimately, reduction of the attack surface.

The post The cold cyberwar and geopolitics: which weapons can protect endpoints? appeared first on Panda Security Mediacenter.

Data security breaches are now among the most common serious incidents affecting businesses. In this respect, 2019 was a bad year for companies. It was a year that saw some of the highest penalties imposed for violating data protection regulations, with examples such as the 50 million euro fine on Google LLC for non-compliance with GDPR transparency rules and the absence of a valid legal basis for processing personal data for advertising purposes. British Airways was also hit with a 183 million pound fine by the UK Information Commissioner’s Office (ICO) in connection with a data breach that occurred in September 2018. Adversaries managed to steal the personal information of some half a million BA customers, data which included their names, credit card numbers and CVV codes, and email addresses. Article 32 of the new regulatory framework requires companies to implement the technical and organizational measures needed to ensure data security.

There have been some high-profile failures to comply with the legislation by several major organizations which have led to heavy fines from national authorities. Such fines may amount to as much as 20 million euros or 4 percent of a company’s annual revenue.

Neither, however, are smaller companies exempt. In Poland, a company was fined 220,000 euros for gathering data from companies and individuals without their express consent. And, in November 2018, authorities in the German state of Baden-Wurtemberg sanctioned an unnamed social media provider with a fine of 20,000 euros. The German press suggested that the firm in question was Knuddels, an online chat service which suffered a cyberattack exposing 808,000 email addresses and 1,872,000 usernames and passwords.

According to Enforcement Tracker, the penalties imposed by European data protection agencies totaled around 600 million euros since the GDPR came into force. And these are not all just from last year. In early October 2020, fashion retailer H&M became the second company in Europe to receive a fine of over 35 million euros. This time, however, in the view of the Hamburg data protection authority, the Swedish company was proved to have unlawfully obtained extensive records regarding the private lives of employees at one of their centers in Nuremberg, dating back at least as far as 2014.

Exemplary sanctions ranked

According to a recently published study by Finbold and after analyzing the fines and sanctions imposed by data protection authorities in the EU between January and August 2020, Spain is the country with the highest number of penalties, with a total value of 1,952,810 euros. Though if other are factors are considered, such as the total value of all fines in a single country, the Netherlands (2,080,000 euros) and Sweden (7,031,800 euros) would both outstrip Spain, as well as Italy, with a staggering total of 45,609,000 euros in penalties so far this year.

And this is not just happening in Europe. A similar scenario can be seen across the Atlantic, where, for example, US insurance firm Anthem recently acknowledged the payment of a US$39.5 million fine imposed as a result of a security breach in 2015. This incident affected the personal and healthcare data of 80 million Americans. This penalty comes on top of the US$115 million that the company had paid out in 2017 as compensation to customers for these security failures.

Various points of entry, various cybersecurity solutions

Data security breaches are sadly an all too common reality in the business world. Such incidents translate into serious financial consequences for non-compliance with the GDPR, not only thanks to the fines, but also because of the serious impact on a company’s reputation and the effect on its results. Given that a data breach can occur through any of the numerous points of entry to a corporate network, it is essential to have the most advanced and appropriate protection for each situation.

Thanks to the visibility afforded by Panda Adaptive Defense 360 and its capacity to prevent and detect threats, and deliver the means required for an immediate response, organizations will be protected from hackers and zero-day or advanced attacks that can culminate in a data security breach. In addition, its add-on module Panda Data Control reveals and audits all unstructured personal data on company endpoints. It generates real-time reports and alerts of unauthorized data usage to prevent leaks, which supports the implementation of proactive controls over access and operation. Additionally, if you are concerned about critical vulnerabilities, which are currently on the rise, you can now reduce your attack surface across Windows servers and workstations with Panda Patch Management.

Given this background, it is vital for businesses to understand the importance of having an advanced cybersecurity solution, monitoring data within your organization, and patching the systems and applications you use. All the IT & endpoint security operations products and modules you need are available from WatchGuard.

The post Numerous points of entry lead to multi-million euro penalties for data security breaches. appeared first on Panda Security Mediacenter.

The professionalization, sophistication, and sheer number of adversaries has forced organizations to reinforce their security policies and develop specific processes to prevent, detect, investigate, and remediate advanced cyberattacks. Artificial Intelligence has burst onto the cybersecurity scene to automate, accelerate and improve all these processes.

AI has begun to be part of almost every aspect of human life, at least those in which data is an essential component. This technology, which aims to emulate the cognitive functions of human intelligence, enables a system to process and interpret information, use and adapt that knowledge to learn about them and achieve the goals for which it was designed. Cybersecurity has been highly improved by this technology. While substantial improvement has been made to informationc management processes, digital threats have also increased due to the dynamic capacity that AI offers.

Discover Panda Adaptive Defense 360 Technologies

Time: a critical concept

If an organization does not have enough IT professionals or specialized solutions to respond to advanced cybersecurity issues, it is highly likely that it has already suffered intrusions or attacks that it has yet to notice. By applying Artificial Intelligence and Deep Learning algorithms in cybersecurity, companies can gain time, which is a critical concept. As we have seen that detecting suspicious behavior or an intrusion as it happens is not always possible, where a cyberattack has already begun to deploy, keeping mean time to respond (MTTR) as low as possible will be key to mitigating risks and minimizing potential damage.

Zero-Trust Application Service

The application of artificial intelligence in cybersecurity processes is varied and it is a technology that will improve detection and prevention processes, as well as delivering effective tools to reduce risk exposure times. At Panda Security, a WatchGuard Brand, our response to the most advanced cybersecurity demands is through cloud-based solutions and services such as the Zero-Trust Service, which leverages the cybersecurity benefits of AI. A managed service is included as part of the Panda Adaptive Defense and Adaptive Defense 360 license which, by classifying all running processes either as trusted or malware, only permits trusted items to be run on an endpoint.

The Zero-Trust Application Service has three key components:

1. Continuous monitoring of endpoint activity from a cloud-native platform.
2. Automatic classification based on IA: the real-time IA classification system is self-sufficient and scalable to large volumes of files, without depending on end user input.
3. Risk-based application control. This refers to the operating modes of the protection agent running on endpoints. The two protection levels are hardening mode and lock mode.

AI forms the basis of the most advanced cybersecurity and cyberthreat intelligence solutions, and the relationship between this technology and Panda Collective Intelligence is key to the operation of the new protection model, increasing the efficacy of the Zero-Trust Application Service. This cloud repository is continuously fed by the AI system as well as expert analysts, and receives constant queries from Panda Security solutions and services before any processes are executed.

Find out more about the Powerful Detection and Reliable Mitigation of Adaptive Defense 360 Technology here.

The post Artificial Intelligence, disruptive innovation in cybersecurity appeared first on Panda Security Mediacenter.

A rapid and efficient response to incidents is a key part of any good cybersecurity strategy. As cyberattacks evolve at pace, IT departments start to question traditional methods of dealing with new criminal gangs and threats, and understand that there is no single or simple way to counter them, given the complexity of the digital environment. Today, an effective and mature cybersecurity plan for businesses requires strategies based on a mix of factors: automation, detection, behavioral analysis, blocking lateral movement, traceability, intelligent classification, investigation, response, correlation, and visibility for better defense against the rise of increasingly sophisticated cyberthreats. How can you achieve a global security structure for your company?

Protect your business with Adaptive Defense 360

Aim: True Protection

The cybersecurity battle has undergone a profound transformation over the past 20 years. Adversaries have evolved from a handful of amateur hackers to well-funded and organized cybercriminal groups looking to monetize their activity and putting hitherto impenetrable networks to the test.

For a cybersecurity program to succeed, investment has to be made in operational speed. It is essential to have the capacity to get thousands of computers up and running in just a few hours. And this is something that can be achieved through the speed, capacity, flexibility, and scalability of AI and cloud processing.

In order to secure and protect an IT infrastructure, a cyberdefense strategy must also be able to prevent and detect advanced threats, have intelligent security technologies, and adhere to a zero-trust policy that prevents malicious applications and processes from running on systems.

For a real protection experience which integrates the widest range of advanced cybersecurity technologies, there is Panda Adaptive Defense 360, which incorporates all the technologies and capabilities needed to effectively protect your business, including endpoint prevention, detection, containment, and response.

The five keys

Starting from the premise that no organization can be absolutely secure, there are nevertheless many mitigation strategies which significantly reduce risks and additional security measures to minimize the impact of a potential cyberattack.

1. Preparation and prevention. It is essential to be prepared in advance and have a solid response plan which helps prevent security breaches. Adaptive Defense 360 provides the technologies and capabilities necessary to prevent and detect advanced threats, zero-day malware, ransomware, phishing, in-memory exploits, as well as fileless and malwareless attacks, both inside and outside the corporate network.
2. Detection and analysis with intelligent security. Once a threat has been detected, the cause of the incident must be determined in order to contain the attack. At this point, the attack trajectory is monitored, the incident is recorded and classified, and a response is prioritized in line with the severity of the attack. Our data-driven intelligence automatically monitors all endpoint activity, detecting suspicious behavior, categorizing it, and identifying the source.
3. Triage and analysis. At this stage, the options capable of providing the best response are evaluated. The kinds of analyses carried out at this point should include: binary analysis, endpoint analysis, and ideally, a threat hunting service that offers an additional layer of analysis and investigation.
4. Containment, eradication, and recovery. Once the incident has been detected and the cause investigated, the damage has to be contained. Backup copies of all compromised devices, systems, or networks should be created for future forensic analysis.
5. The aftermath of the incident and the zero-trust approach. Finally, the cybersecurity strategy has to be adapted accordingly to prevent the incident from reoccuring. The incident response plan also needs to be updated to reflect any new procedures. Adaptive Defense 360’s Zero-Trust Application Service monitors malicious applications and processes and prevents them from running on systems. No process can be executed unless certified as safe by Panda.

Find out more about Adaptive Defense Technologies

Panda Adaptive Defense 360 delivers the visibility and intelligence you need to search effectively for threats, speed up investigation times, and act immediately on endpoints thanks to the widest range of advanced Endpoint Protection (EPP) technologies with intelligent Endpoint Detection and Response (EDR), along with our Zero-Trust Application service and Threat Hunting service.

The post Five keys for mitigating cybersecurity breaches appeared first on Panda Security Mediacenter.

Cybersecurity is a cause for serious concern among companies. New serious or critical vulnerabilities are coming to light almost every day and cybercriminals look to exploit them, not to mention the numerous lower risk security holes that are also detected. PandaLabs, the cybersecurity laboratory at Panda Security, detected 76,000 alerts for exploits in 2019 that aimed to leverage vulnerabilities in applications, networks, or hardware for illicit purposes.

Panda Security includes on its Critical Vulnerabilities site information about the latest vulnerability discovered by Zerologon on Netlogon, which could allow attackers to hijack the Windows domain controller.

During the COVID-19 pandemic, moreover, cybercrime has surged. Hackers have not been slow to generate more threats and take advantage of the situation, particularly the combination of the increase in telecommuting – with the attack surface therefore extending beyond business premises – and the general uncertainty affecting business and social environments.  Consequently, public and private organizations across all sectors are witnessing how their infrastructure is in the sights of malicious actors, and are having to act accordingly to protect themselves.

“More than 90 percent of successful attacks today could have been avoided by applying a patch, according to a report by Gartner. And that’s not all, most of these patches had been available for more than a year and still hadn’t been installed”, explains PandaLabs.

Given this situation, the key strategy for organizations to mitigate risks and protect themselves is to apply security patches, especially since exploits already exist and are ready to be activated. However, since most published vulnerabilities are not exploited ‘in the wild‘, it is vital to be aware of the most critical security holes, i.e. the extent to which the exploit code is available to attackers, so that IT teams can prioritize the most urgent patches and updates.

Knowledge and solutions to counter the effects of critical vulnerabilities

 To prevent cyberattackers from taking advantage of these vulnerabilities – which can now be exploited and pose an imminent threat to organizations – Panda Security has generated a constantly updated list of vulnerabilities detected that IT professionals can check to see the latest security issues on the applications or systems they use, and take appropriate action. In addition, it is also advisable to use specific solutions to manage vulnerabilities and their corresponding updates and patches, both for operating systems and other software.

“At Panda Security we guarantee the security of our customers with a cybersecurity suite such as Panda Adaptive Defense 360, which integrates Endpoint Protection and Endpoint Detection and Response (EDR) solutions with 100% process classification services, based on a single, lightweight agent, providing highly detailed visibility into all endpoint activity and control over all processes. Also, with Panda Patch Management we reinforce the prevention, containment, and remediation of threats, and give real-time visibility into all vulnerabilities, patches and updates pending,” affirms PandaLabs.

30 years of cyberattacks

Although cybercrime trends are forever changing, over the last 30 years the most notorious cybercriminals have shared the custom of exploiting vulnerabilities.

From Morris Worm to BlueKeep to Stuxnet or Conflicker, security holes have long been close allies of cybercriminals to steal personal data, crash systems, or disable infrastructure. Given this background, it is essential that companies are aware of the importance of updating and patching the applications and software they use.

The post Monitoring and response to vulnerabilities to mitigate cybersecurity risks appeared first on Panda Security Mediacenter.

One of the main problems with DNS attacks is the increasing cost of the damage they cause, as well as their rapid evolution and the diverse range of attack types. Data exfiltration over DNS is a major concern in corporate environments. In order to protect themselves, organizations are prioritizing the security of network endpoints and improving DNS traffic monitoring.  We discussed this with Carlos Arnal, Product Marketing Manager – Endpoint Security at Panda.

• Why do you think DNS attacks against companies have increased to such an extent?

Because it is a profitable type of attack for cybercriminals when it comes to achieving their aims, which range from financial profit to obtaining the main asset that companies today hold: data.  To achieve this goal, some attacks aim to bring down certain platforms, such as a web page, saturating the resources of the system that hosts the service, and sending an avalanche of requests that cannot be processed. Other attacks try to modify IP addresses, replacing the IP of the legitimate server with a fake IP address, and thereby causing the user to connect to an illegitimate server so the attackers end up with the data, especially passwords and account details.

It should be noted, however, that these attacks are not only perpetrated by organized cybercrime gangs for financial gain; they are also carried out by attackers as a means of protest and web activism against government decisions or corporate activity. As we’ve seen in the past, this type of attack has caused temporary outages even for companies the size of Twitter, Tumblr, Spotify, The New York Times, or CNN. Finally, it is worth underlining that these attacks not only affect home-user systems, but also many digitalized services that are essential in our day-to-day business lives, often causing them to fail at critical times.

• Do you think the pandemic has been a factor in this increase?

In the same way that the number of fraudulent domains, phishing emails, and other cybercrime tactics using COVID-19 as bait have increased, so have DNS attacks. And not just in number, but also in the amount of bandwidth and resources consumed, as well as their increased complexity. Although Internet providers and cloud-based endpoint security solutions have strived to deal with the increased traffic, given the sudden changes in system management and the need to reinforce endpoint protection outside the typical security perimeter -due to the increase in telecommuting-  we have also had to combat DNS attackers , who have been all the more active during lockdowns, as recent studies indicate.

• What are the main dangers and effects of these types of threats?

There are a wide range of DNS attack types against which companies should be taking preventive measures, each with its own peculiarities and equally concerning for businesses. Firstly, there are DDoS (Distributed Denial of Service) attacks on DNS servers .This consists of using a large number of devices to attack the target. DDoS attacks are often carried out by bots: infected systems whose owners are frequently unaware that their devices form part of a malicious network. It differs from DoS attacks in that, with DDoS attacks, each request comes from a specific IP, so it is a far more difficult type of attack to detect.

The second form of these attacks that most concerns companies is DNS data exfiltration. In this case, cybercriminals take advantage of the DNS to extract information using the DNS protocol, creating a tunnel to transfer information or even take control of computers. Firewalls and other traditional security solutions, while still useful, are insufficient in combating this threat, as they do not have the ability to detect, block, or remedy such attacks.

Another variant of these attacks to cause IT professionals most headaches is the zero-day attack. Here, attackers exploit a security hole in the DNS protocol or server software on the same day that vulnerability is discovered and before it has been patched. By sending a pre-formulated query to the server, attackers can block the system and cause serious problems for the targeted company.

The most effective way of avoiding these threats and protecting corporate networks and systems from their consequences is to implement  advanced cybersecurity solutions such as Panda Adaptive Defense which provide centralized protection for all endpoints and servers, with automated EDR prevention, detection, and remediation.

• Do you feel that, despite everything, there is more corporate awareness of how to resolve these attacks?

The economic impact of a DNS attack is too great to ignore the potential vulnerabilities that would enable it, so awareness against this type of attack and about the importance of cybersecurity in general is increasing among companies. Over the last year, organizations have suffered 34 percent more attacks, meaning an average cost of 950,000 euros (US$1.07 million) for one in five companies – according to IDC – causing application outages in 63 percent of cases. An insecure DNS system is in itself an open invitation for attackers to access a company’s information and reduce online service time. For this reason, it is vital for companies to invest as many resources as possible in implementing appropriate cybersecurity measures and solutions, particularly bearing in mind how widespread these attacks have become.

• How can the use of DNS be improved and how can the Channel help customers to achieve this?

  Panda Security offer four tips for combating DNS attacks:

• Patch management can be the most effective tool for protecting a business from vulnerabilities and the least expensive to run if set up efficiently.  It is highly advisable to automate the discovery, planning, application, and monitoring of critical patches and updates for your organization
• Organization, thereby preventing vulnerabilities from being exploited by hackers to infiltrate systems. The result is a reduction in the attack surface, strengthening preventive and containment capabilities in the event of security incidents.
• Use tools for filtering the network traffic that computers send or receive in accordance with the type of network to which they connect. Such tools can provide maximum protection against DNS attacks through system rules, protection of programs and their communication, and a system for detecting intrusions and malformed traffic patterns.
• Implement an intrusion detection and prevention system (IDS/IPS) that monitors connections and alerts of unauthorized access attempts or misuse of protocols.  By correctly setting up firewalls and an intrusion detection system (IDS), it is possible to reduce the attack surface and the extent to which devices are exposed, as well as preventing external communication of programs.
• Implement advanced cybersecurity solutions that centrally protect all workstations and servers, ideally, a solution that integrates traditional preventive technologies and innovative adaptive prevention, detection, and response technologies against advanced cyberthreats. This type of cloud solution should also include a web application firewall (WAF). Such a cloud-based web security application can be helpful in preventing and mitigating the effects of denial-of-service attacks.

The post Carlos Arnal: “The economic impact of a DNS attack is too great to ignore the vulnerabilities that would enable it” appeared first on Panda Security Mediacenter.