In the world of OT, ensuring the security and reliability of systems is critical. Disruptions to critical processes can have severe consequences, impacting production, safety, and even environmental well-being. The focus on uptime may sometimes conflict with another essential aspect of OT security, patch management.
COPENHAGEN, DENMARK. July 23, 2024 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today released a survey conducted by Foundry, as well as a study based on in-depth interviews conducted by Keepit. Both reveal critical gaps in disaster recovery strategies and highlight the pressing need for enhanced data security measures.
In an evolving technological landscape, enterprise IT leaders are grappling with unprecedented challenges in data protection and governance, driven by the rapid adoption of cloud applications and generative AI.
The CISOs and CIOs interviewed by Keepit for the study: “The great balancing act: Cybersecurity leaders tackle rising pressures” spoke to the necessity of rising to the challenge by adopting a mindset of continuous improvement. They are building collaborative best practices, partnering to bring in needed expertise, and investing in data-centric solutions optimized for security and simplicity.
Data protection struggles amid cloud and AI expansion
Enterprise disaster recovery strategies, traditionally designed for on-premises IT infrastructure, are lagging behind the surge in cloud application usage and the integration of AI technologies. Foundry’s survey: “Can data protection keep pace with the shifting landscape?” underscores this trend. The respondents of the survey represent IT decision-makers from companies with over 1,000 global employees. While 70% of respondents report that their financial applications are covered by data protection strategies, a significant portion of other key systems and custom applications remain vulnerable.
Survey highlights
• Financial systems: 70% are covered by data protection strategies.
• E-commerce and HR Management Systems: 50% are covered.
• CRM and ERP systems: 48% and 42% respectively.
• Critical transaction-based systems, custom applications, and collaboration and productivity tools: Are lagging behind with only between a third and a quarter of systems covered.
“Anything related to finance is important, most people will agree. And it’s an obvious place to start when you map your critical systems and data. The survey shows that financial systems are by far the most incorporated in data protection strategies, and when you look at verticals, financial institutions are also a little more mature than others,” says Kim Larsen, CISO at Keepit, an industry professional with a background in advising public and private sector organizations in cyber security and cyber resilience.
Strategic gaps and vulnerabilities
The survey reveals that only half of the organizations have incorporated cloud-stored SaaS data into their disaster recovery plans. Another 40% plan to address this gap soon. A decision-maker participating in a recent Keepit CISO roundtable remarked, “We solved many of these challenges 10 to 15 years ago, but with the move to cloud, it’s like we’re starting from scratch again.”
The current state of data protection is also seen as a significant barrier to expanding the use of generative AI technologies.
Strategic gaps:
• Critical SaaS data applications: 50% of respondents have included cloud-stored data for critical SaaS applications in their disaster recovery plans, and 40% plan to do so.
• AI data protection: Nearly all organizations prioritize AI data protection, with 52% already implementing tools for chatbots and AI platforms and 43% considering them.
“Good data protection is essentially ‘data classification plus good recovery capabilities’: If you understand your data, and can recover uncorrupted versions of it fast, you have a solid foundation to ensure business continuity, compliance and recovery. But this is easier said than done: The complexity of implementing new initiatives, such as governance over data used by large language models (LLMs), and the need to balance conflicting IT demands, pose additional challenges for any industry,” adds Kim Larsen, CISO at Keepit.
Compliance and future-proofing
Data protection is a top concern for 73% of survey respondents heading into 2024, with data governance (53%) and enterprise backup and recovery (45%) also ranking high. Regulatory scrutiny is increasing globally, with mandates from agencies like the SEC in the US and the upcoming Digital Operational Resiliency Act (DORA) in the EU.
Compliance challenges:
• Regulatory mandates: New cybersecurity resilience requirements.
• Cybersecurity risks: Continued threats, notably ransomware.
“Cyber strategy must be perfectly aligned with the business to effectively support it. The more global an organization becomes, the more difficult this is – to align access, and comply with regulations. This is backed up in our study, where CISOs emphasized the need for a unified risk management strategy that aligns with regional regulatory requirements,” said Kim Larsen.
Organizational maturity and risk management
Keepit’s interviews with over 30 CISOs and CIOs reveal the importance of organizational maturity in handling data security. The variability in CISOs’ backgrounds and responsibilities was cited as a reason for the slow implementation of data-focused innovations.
Key findings:
• Cloud flexibility: 80% of organizations adopt a “cloud smart” approach, introducing new security and compliance challenges.
• Regulatory and expertise challenges: The rise of GenAI and the need for specialized knowledge in AI and cybersecurity.
“One thing stands out: Organizations have very different levels of maturity. A lot of the governance activities are so obvious, you would think everyone is doing them. But they aren’t. Classic difficulties include managing multiple security vendors, leading to gaps in protection. Another is circumstances – one CISO told us how he had experienced five major cyber events in the previous year, prompting a complete overhaul of their cyber response plan,” says Kim Larsen, CISO at Keepit.
Strategies for success
CISOs and CIOs are adopting continuous improvement mindsets, building collaborative best practices, and investing in data-centric solutions. Establishing effective data governance frameworks and engaging the board of directors are seen as crucial steps forward.
Strategic recommendations:
• Align with business objectives: Frame cybersecurity in the context of business goals.
• Translate technical concepts: Communicate in terms stakeholders understand.
• Demonstrate ROI: Highlight cost savings, risk reductions, and business benefits.
• Board engagement: Seek feedback and support from the board for cybersecurity initiatives.
“The conclusion is that data protection remains a cornerstone of organizational resilience in the face of growing technological advancements. As CISOs and CIOs navigate these challenges, their ability to enable and protect data-driven innovation will define their success. Robust data security and backup strategies are essential for balancing innovation and protection, ensuring that organizations can thrive in the digital age. Effective communication of cyber risks to stakeholders and demonstrating the ROI of cybersecurity initiatives are critical,” ends Kim Larsen.
### ENDS ###
About Foundry, and IDG, Inc. Company:
Foundry has played a key role in every major milestone, announcement, and development in modern technology since 1964. We engage and activate the world’s most influential tech buyers and early adopters via the award-winning journalism and trusted media brands they’ve turned to for decades. Our integrated ecosystem of owned and operated editorial sites, awards, events, and tech communities is engineered to enable global audience activation through innovative marketing campaigns. Backed by robust audience insights and data from across our network, Foundry sets the standard for delivering business results to help companies grow.
With 38 offices in markets around the globe, Foundry is a wholly owned subsidiary of International Data Group, Inc. (IDG), the world’s leading tech media, data, research and marketing services company.
To learn more about Foundry, visit foundryco.com.
About CSO:
CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. With incisive content that addresses all security disciplines, from risk management to network defense to fraud and data loss prevention, CSO offers unparalleled depth and insight to support key decisions and investments for IT security professionals. www.csoonline.com
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.
With 27% of the US workforce operating remotely, companies need efficient and secure ways to connect users and central servers.
Microsoft’s Remote Desktop Protocol has become a go-to option for flexible working. More than 50% of companies report using RDP in the past year, and it’s not hard to see why. RDP allows fast connections and seamless remote work.
But is RDP a secure option for your workforce? As always, the answer depends on your security setup.
This blog will explore how RDP works and some of the main RDP vulnerabilities. As we will see, remote access creates significant security risks. However, these risks can be managed if you follow our RDP security tips and implement smart remote access solutions. Let’s find out more.
Businesses use the Remote Desktop Protocol (RDP) to communicate with and control external devices. Created by Microsoft, RDP enables seamless remote work via Windows systems.
RDP functions by creating sessions between clients and servers. Clients request access. Servers authenticate requests and transmit a graphical interface to the remote client. This interface replicates the desktop contained on the server and functions just as if installed on the client.
The Remote Desktop Protocol supports this setup by carrying data about mouse movements, clicks, and keyboard presses. The protocol converts activity into data packets, which the server converts into graphical updates.
In the process, a lot of information passes across the RDP connection. RDP access handles document printing, audio, and video communications, collaborative editing, and file transfers. Much of this information could be very valuable in the wrong hands.
RDP allows remote workers to access resources located in central data centers. Workers can run applications and manipulate files just as they would in on-premises offices. Users do not need to install apps locally or download documents for local use. Everything stays on-site.
RDP also enables technicians to access remote devices. On-site specialists can diagnose problems, deliver security patches, assess device postures, and monitor remote operations. Managers and security teams can easily train remote workers.
Technicians favor the RDP protocol due to its reliability and speed. Windows compatibility is another attractive feature, making it convenient for most organizations. However, there is a downside: RDP security issues.
RDP is a transfer protocol, and protocols are almost always vulnerable to external attacks. That’s not all. Attackers can also target the servers and applications used to enable RDP access.
Attacks range from mild irritants to serious threats that put workloads and data at risk. Companies using RDP for remote work need plans to handle these threats and keep data safe.
Security planning starts with awareness of common RDP threats. Here are some of the most common (and damaging) vulnerabilities:
Unsecured ports. RDP always uses port 3389 to establish connections. This is an external and open port. Malicious actors can impose themselves between users and port 3389 to steal credentials via on-path attacks. Attackers can then use the open port to access servers or devices.
Credentials theft. Weak credentials are a critical RDP security issue. Users often reuse passwords for RDP and email and access web applications. Attackers obtaining these user credentials can implant ransomware via workloads or servers. Even slightly different passwords are vulnerable to brute-force attacks.
Server exploits. In the past, Microsoft’s RDP services have fallen victim to remote code execution vulnerabilities. Hackers use flaws in servers or protocol codes to gain unauthorized access. For instance, an exploit called BlueKeep once exposed millions of RDP servers to external attacks. Microsoft resolved the BlueKeep issue, but exploits can emerge at any time.
Protocol tunneling. In tunneling attacks, hackers implant malicious code within protocol traffic. RDP traffic appears to be legitimate but carries malware or other harmful agents. Even worse, many standard firewalls struggle to detect this type of attack.
Session hijacking. Attackers can gain access to active remote desktop access sessions. In these situations, attackers can explore any resources available to legitimate remote users. Until they are detected, they can implant malware, extract data, and disrupt operations.
DDoS attacks. Attackers often use protocols to flood networks with traffic and take systems offline. RDP is vulnerable to DDoS-style attacks because it uses an open port, and servers generally do not enforce rate limits. The protocol is also relatively resource intensive, meaning attackers must unleash less traffic to achieve results.
Securing your Remote Desktop Protocol setup should be an urgent task. RDP is involved in 90% of cyberattacks, and the consequences of attacks are severe. RDP is a critical vector for ransomware, and attackers can use exposed work environments to steal confidential data.
There is some good news. Properly secured remote desktop protocol implementations are hard to infiltrate and secure. Let’s run through some best practices to create a secure remote desktop environment.
Use stronger passwords. Brute-forcing attacks are much harder to mount against complex passwords. Avoid any words related to individuals or the company, and always avoid recycling passwords from other logins. Use password managers to generate strong passwords that are impossible to guess.
Change your RDP port. Changing your listening port from 3389 helps make RDP secure by limiting external access. Changing the port is a sensible first step, as it blocks many automated port attacks.
Use access controls. Administrator accounts can change RDP settings or use their privileges to access other network resources. Use access management tools to apply the principle of least privilege. Provide access to administrators when they need it for specific tasks. Otherwise, allow the fewest possible permissions for all remote users.
Apply firewall protection. Strengthen your defenses by casting Windows Firewall protection around RDP environments. Windows Firewall rules for RDP connections block external traffic but allow authorized users to access network resources.
Use Network-Level Authentication (NLA). Network-level authentication is native to RDP systems and adds an extra layer of authentication for every session. Users seeking RDP access must supply an additional form of identification, such as smart cards, one-time passcodes, or biometrics.
Implement lockout policies. Lockout policies block users after a certain number of unsuccessful logins. This is a good starting point for blocking brute-force attacks.
Monitor user sessions. Track user activity during RDP sessions to detect suspicious behavior. Monitoring should check for spikes in resource usage. This could suggest a DDoS-style attack. Technicians should also monitor access to sensitive files and limit access to essential resources.
Add Virtual Private Network (VPN) protection. VPNs ensure secure remote access by creating encrypted shields around remote connections. Users log onto a VPN gateway before accessing RDP servers. This adds an extra barrier for hackers and effectively anonymizes traffic.
Update RDP tools regularly. Promptly apply security updates for remote desktop applications and Windows Server. Ensure VPNs, multi-factor authentication tools, and firewalls are up to date. Regular updates cut the risk of exploits, making life much harder for would-be attackers.
Train staff in RDP security. Never allow remote workers to use RDP connections without security training. Ensure workers know how to use passwords, VPNs, and multi-factor authentication. Outline security and compliance policies.
RDP is among the most common secure remote access solutions available. Yet, it is not necessarily the best way to ensure secure remote access—at least not on its own.
The solution lies in combining Microsoft’s security features with external security tools. On-board tools like NLA, port settings, and user monitoring all help. However, NordLayer’s Smart Remote Access ensures secure RDP connections with end-to-end encryption.
NordLayer provides secure remote access solutions to meet your remote device access needs. Create virtual LANs around every network endpoint and protect remote users via VPN coverage. Cloud LAN enables secure file sharing from device to device, troubleshooting others’ devices, and using remote devices as virtual machines for work.
Benefit from the flexibility and efficiency remote work provides while avoiding security nightmares. To find out more, contact the NordLayer team today.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
Password managers have long been touted as essential tools for securing accounts by generating, storing, and managing complex passwords. However, recent high-profile data breaches involving leading password management companies have raised concerns about their security efficacy. Today, we explore the inherent risks associated with using password manager tools, examine recent breaches, and explore why adopting a passwordless authentication approach using digital certificates might offer a more secure and user-friendly solution.
Password manager tools are designed to simplify and secure the authentication process by storing all user passwords in an encrypted vault, which is protected by a single master password. While this seems like a foolproof method, several risks make them vulnerable targets:
Several high-profile breaches have highlighted the vulnerabilities in password management solutions:
These incidents illustrate that even the most reputable password manager tools are not immune to cyberattacks, and relying solely on them for security can be risky.
Passwordless authentication leverages technologies such as digital certificates, biometrics, and hardware tokens to eliminate the need for traditional passwords. This approach offers several advantages over password managers:
The adoption of passwordless authentication methods is on the rise – and for good reason. The Portnox Cloud has historically offered passwordless authentication to enterprise networks via digital certificates, and recently extended this capability to include SaaS and on-premises applications as well.
While password managers have been valuable tools in the battle against cyber threats, their inherent risks and recent breaches have highlighted the need for more robust security measures. Passwordless authentication, powered by digital certificates and other advanced technologies, offers a more secure and user-friendly alternative. By reducing reliance on passwords, organizations can enhance security, minimize attack vectors, and improve user experiences.
Adopting passwordless authentication is not just a trend but a strategic move towards a more secure digital future. As technology evolves, so must our approach to cybersecurity, and passwordless solutions provide a promising path forward.
By embracing passwordless authentication, organizations can mitigate risks, streamline access management, and pave the way for a more secure and efficient digital landscape.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
)
WAF is a security solution designed to protect web applications by continuously monitoring and filtering HTTP traffic between the web application and the internet. It protects against multiple threats such as SQL injection and cross-site (XXS) scripting, among others. At its core, a WAF works as a kind of protective layer that is put in between web applications and potentially malicious traffic.
To understand the significance of the role WAF plays in cybersecurity, we have to know how it works. In a nutshell, WAF network security, as already mentioned, works by examining the HTTP requests and responses against defined rules and policies. Here is a deep dive into the mechanisms behind WAF.
)
The WAF is put between a user and a web application. So when a user sends a request to the web application, the WAF intercepts the requests passed to the web server and then inspects its contents, including headers, URLs, data payloads, and known attack signatures that might include SQL injection commands or XSS scripts.
WAF employs various rule sets to detect and stop threats. These rules define the normal and abnormal traffic behavior for a web application. For example, one of the rules could be to block the request that contains certain keywords or patterns in the message body that could be associated with SQL injection. The rules can be customized according to the needs of the web application.
Apart from rule-based detection, some advanced WAFs will make use of various behavior analysis techniques. Fundamentally, this is the process of monitoring typical user behaviors to identify deviations that could be indicative of an attack. For example, if the user suddenly starts sending a large number of requests in a very short period, then probably a WAF will raise a red flag for a DDoS attack.
In the event of a threat, the WAF instantly acts to block the request from further passing on to the web application. Responsiveness in real-time is critical in suspending an attack before any serious damage occurs. Furthermore, WAFs can also generate alerts or log messages to inform administrators about identified threats and consequential actions that were performed to stop them.
By combining inspection, detection, and response mechanisms, a WAF can significantly increase the security of a network. Unsurprisingly, these days, WAFs are often a critical part of any comprehensive cybersecurity strategy.
The amount of sensitive information that exists in web applications is vast. Sensitive data includes personally identifiable data, financial details, and proprietary business data. In cases of successful cyberattacks and breaches, all such information is exposed. The role of WAF here is to prevent such incidents by blocking off malicious traffic to the web application and disallowing unauthorized access.
Most industries are governed by stringent regulatory laws concerning data protection and privacy. Non-compliance with these regulations is your one-way ticket to heavy fines and lawsuits. A WAF makes it easier for businesses to comply with regulations by providing the much-needed security layer. Proactive measures taken to safeguard sensitive data mean peace of mind and better chances of avoiding hefty fines.
Today, a company’s reputation is often related to its ability to protect customer data and maintain secure online services. A single successful cyber attack on an organization can put its reputation down the gutter once and for all. Implementing a WAF can mitigate such risk and further improve the reputation. Ultimately, most consumers trust a business, which means security not only in their PR statements but also in their actions.
While WAFs and Network Firewalls both play a critical role in cybersecurity, they serve rather different purposes, and, as discussed, operate at different levels within a network. Here’s a rundown of the key differences between the two.
As we discussed earlier, WAFs are built for the protection of web applications by filtering and analyzing HTTP traffic. HTTP is the protocol used for transferring data on the web, and WAFs focus on this traffic to defend against web-based attacks. WAFs can trace malicious activity against the application layer by analyzing the content of HTTP requests and responses since it works at Layer 7 of the OSI model.
Layer 7 is where user interactions with software applications take place. As a part of their operation, WAFs track this layer for detailed content data about HTTP traffic. For example, an attacker could try to insert malicious code into a web form to gain unauthorized access to sensitive data; in such an instance, a WAF would detect and block that attempt immediately. This kind of sophisticated protection is critical for securing web applications against a variety of threats.
Should an attacker try to gain access to sensitive information by inserting malignant code in a web form, a WAF will block this attempt. This type of targeted protection is important to safeguard web applications from sophisticated threats.
A network firewall works toward protecting the entire network by managing incoming and outgoing traffic through filtering against a set of predefined security rules. It works at the network layer and the transport layer of the OSI model. These layers are responsible for proficient routing and reliable delivery of data packets in a given network. Network firewalls focus on threats like unauthorized access, DDoS attacks, and malware, ensuring that only legitimate traffic is allowed to pass through.
Layer 3 is the network layer, including logical addressing of data packets to ensure that data sent from one device reaches the right destination, while Layer 4 is a transport layer responsible for the reliable transmission of data between devices. Network firewalls regulate the flow of data toward the destination based on IP address ports, and protocols. For example, they can be used to prevent an attacker from using an open port to access the network and so gain unauthorized access to network resources.
In an era where cyber threats are becoming increasingly sophisticated and pervasive, the importance of robust web security measures cannot be overstated. The implementation of a WAF is a vital component of contemporary web security. It provides the necessary tools to detect, prevent, and respond to web-based threats in real-time, ensuring the integrity and availability of web applications. As cyber threats continue to evolve, investing in a robust WAF solution will remain a critical priority for organizations seeking to protect their digital assets and maintain the trust of their users.
For comprehensive security, it’s essential to protect not only your web applications but also your access credentials. Just as a WAF safeguards against web-based threats, a robust password management solution like NordPass Enterprise ensures that your organization’s passwords are protected from unauthorized access and are easily accessible at all times. NordPass provides features such as secure password sharing, automated password generation, and real-time breach monitoring, aligning perfectly with the goals of a WAF by adding an extra layer of security to your web infrastructure.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
Click one of our contacts below to chat on WhatsApp
