Paying Ransomware? Should You Really Pay Ransom Settlements?

Ransomware is one of the top threats facing organizations and individuals today. In fact, according to a recent survey, 85% of organizations are more worried about a ransomware attack than any other cyber threat. By simply clicking a link or downloading a malicious file, anyone can unwittingly initiate a ransomware attack. And while often someone may feel desperate and want to pay the ransom or a ransomware settlement to regain access to critical data, it is a decision that should be considered very carefully.

Just like as a child, when kids steal a bookbag and demand lunch money to get it back, cybercriminals are doing the same thing to organizations after successfully deploying ransomware and taking sensitive data hostage by encrypting it. Unfortunately, in many cases doing more than just demanding a ransom.

Obviously, the stakes are higher for an organization that’s attacked. An organization’s survival may depend on getting the encryption key from the cybercriminals to decrypt and get back their stolen data. But the dilemmas seem surprisingly similar for both sets of victims.

Should You Pay Ransomware Attackers?

The question of whether you should pay the ransom in either case comes with the fear that you won’t get your bookbag back or the encryption key after paying. It is hard to put any faith in the goodwill of bullies or cybercriminals. Instead of returning your stuff (information) you likely want to keep private, they could simply empty your “bookbag” and all of its contents, including sensitive data, on the internet for all to access and use.

Or they could give your data to another bully or criminal to do what they will with it. In this instance, paying doesn’t solve your problem and makes you considerably poorer. In other words, paying the ransom could mean your organization has no “bookbag” and no “money for lunch,. And perhaps, worst of all, you now have a reputation as an easy mark and a “payer” that can be easily and frequently bullied.

The Problems Paying Ransom Creates

An organization doesn’t want to have a reputation as a payer in the cybercriminal underworld, because that could be the equivalent of painting a target on their  back.

While I appreciate that some organizations may have no option but to pay ransomware attackers, I recommend not doing so unless you absolutely must take the risk because if you don’t your business is guaranteed to fail. In addition to becoming a repeat victim, paying the ransom emboldens the bad guys and funds more of their future attacks on you and others.

Is Paying Ransom Illegal?

Victims of ransomware attacks who feel compelled to pay cybercriminals often wonder if it is illegal to do so. There is no law against paying ransom when an organization’s data and/or systems are taken hostage. However, it is strongly discouraged by U.S. government authorities and those of us in the cybersecurity industry to pay cyber ransoms or succumb to extortion demands.

Victims of ransomware are warned against paying ransom settlements by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities that could potentially be illegal according to a U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) advisory.

Can Law Enforcement Help?

Unfortunately, legal authorities sometimes have massive workloads and priorities, which means their resources may not be assigned in a manner that is needed for your organization. Mission goals may also not entirely align in all cases when enforcement might be prioritizing an investigation and your organization may prioritize a return to business processes and tasks. Regardless, law enforcement can be a great asset, but they should be part of your organization’s incident response plan not in lieu of one, which has been considered by your executive leaders, IT and InfoSec staff, and legal teams, among others. 

Looking for help after an attack is a key problem and the definition of “reactive.” You never to want to get to the point where you must pay the ransom. The way to avoid ransomware attacks is having a good defense.

How to Prevent Ransomware Attacks

The best practices for organizations and individuals to protect themselves from ransomware attacks is to incorporate these actions into your cyber defense posture:

  • Take cybersecurity training seriously and encourage employees to do so as well
  • Avoid clicking on suspicious links and practice good cyber awareness
  • Download only from trusted sources
  • Scan emails for malware
  • Employ firewalls and endpoint security products that are integrated with actionable threat intelligence
  • Back up important data
  • Use a VPN when on public Wi-Fi
  • Have an incident response plan in place

You can read more details about proactive strategies for protecting against ransomware online.

What to Do if You Are the Victim of a Ransomware Attack

Organizations can limit the ransomware’s impact by taking quick action. First you must isolate the ransomware. This can prevent horizonal attacks, where the ransomware spreads from one device to another via network connections.

To isolate the ransomware, you must shut down the infected system. Then disconnect anything that links the infected machine to the network or other devices on the network. By “pulling the plug” on the system, you can stop the further spread of the ransomware. This is when prior implementation of segmentation is really helpful to make this process a lot easier and effective.

Next, you need to figure out what type of malware has infected your system with ransomware. It’s typically not just a ransomware attack. Ransomware is usually the last part of a bigger attack. Understanding what kind of malware is involved can assist the security incident response team crafting a solution or, in some cases, use a decryption key that is already available for certain malware.

Data Recovery

To successfully recover data, your organization needs to have had a data recovery program set up prior to an attack. If backups are scheduled for several times a day, a ransomware  attack might only cost your organization a few hours.

Whether you use cloud services or on-premises hardware to make copies of your data, it doesn’t matter. You just need to be able to access the backup files from an unaffected device. 

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.

Read more on threat research and protection from the FortiGuard Labs team: – FortiGuard Labs Perspectives

Sourced from Fortinet

Addressing Cybersecurity and Climate Change for a Sustainable Society

Our society faces significant challenges that must be addressed quickly to prevent disruptions that can threaten lives. The first is climate change, which poses a risk to our physical planet. According to the 2022 Global Risks Report, the current climate crisis remains humanity’s most significant long-term challenge. The second is cybersecurity, which has become a broad sustainability issue, threatening our evolving connected society and the digital economy on which individuals, organizations, and nations now rely.

These are both top concerns for governments, businesses, and individuals worldwide. And while these issues may seem starkly different, according to the “Declaration for the Future of the Internet” (recently issued by the United States and more than 60 signatory countries and partners), technology plays a critical role in “the fight against global climate change,” which, in turn, makes securing technology even more urgent.

Fortunately, the approaches to addressing these challenges are remarkably similar. They include changing behaviors, funding innovation, establishing strict and enforceable regulations, and encouraging collaboration across industries and interests.

Motivating Behavior Change Through Awareness

One of the most significant barriers to addressing these challenges is human nature. So, the first step to addressing these issues is to change behaviors, and that is done through awareness. Of course, not everyone will change, but we can tip the scales if enough people understand the issues and then adapt their behaviors.

Climate Change

Awareness is an essential factor in the global fight against climate change. Knowledge helps people understand the causes and consequences of global warming and encourages them to change their behavior, so we can adapt how we live to the realities of what is already a global emergency. A recent survey queried more than 3,000 people in eight countries about their awareness of climate change. Even during the pandemic, 76% of respondents reported that environmental issues were the same or more concerning than health issues. And 70% said they were more aware now than before COVID-19 that human activity threatens the climate and that the degradation of the environment threatens humans. They also expressed a commitment to changing their behavior to support a sustainability strategy.

Cybersecurity

Awareness also plays a crucial role in improving cybersecurity. The most vital step in the fight against cyberattacks is improving our first line of defense. While security technology continues to improve, the biggest challenge – and opportunity – is the human element. According to the 2021 Verizon Data Breach Investigations Report, 85% of data breaches involve human error. Opening a malicious email attachment, forgetting to change the password on a server, misconfiguring a device, or failing to patch or update a device are still the most common ways for attackers to breach a network.

Educating individuals on the risks they should avoid through cybersecurity awareness training is the most effective way to prevent most threats. Providing a workforce with the latest information about specific threats to the company and clearly explaining their essential role in protecting against them – both at work and at home – are vital for securing corporate networks and systems and keeping users safe online. This same effort needs to be added to school curriculum so children who grow up in an immersive digital society are also cyber aware. Effective cybersecurity awareness motivates lasting behavior change, both professionally and personally.

Fighting Climate Change and Cybersecurity Risk Through Innovation

Innovation is another area where these critical issues intersect. Technology plays a crucial role in helping society retool the systems and infrastructure needed to achieve and maintain a sustainable society.

Climate Change

Green technology innovation in all sectors is essential to addressing the global challenge of climate change. Renewable energy sources (solar, wind, wave, tidal, and geothermal power), sustainable transportation such as electric vehicles, smart energy grids to reduce waste and improve efficiency, clean manufacturing processes, green buildings, and more energy-efficient devices all play a critical role in delivering considerably improved environmental performance.

According to the Global e-Sustainability Initiative, technology has the potential to contribute to all 17 goals of the UN’s Sustainable Development Goals (SDGs). Technology and innovation have the power to implement climate transformation and address the critical challenges of climate change. For example, emerging technologies, like extracting carbon from the atmosphere, can help slow down global warming and help heal the planet. Similarly, new IoT technologies are being distributed globally to improve data-driven decision-making to increase energy efficiency, amplify the effectiveness of “green” technologies such as wind power and bioenergy, and further reduce our dependence on coal-based electricity generation.

Cybersecurity

As our society accelerates its dependence on technology to ensure a sustainable future, cybersecurity becomes mission-critical. To enable and secure digital acceleration and innovation across every sector of the modern digital economy, cybersecurity vendors must develop solutions that can keep up with technological advances and address how today’s businesses, governments, and individuals use technology. For example, to scale and adapt to today’s rapidly evolving digital world, cybersecurity is learning to apply advanced artificial intelligence and machine learning to analyze massive volumes of data to detect sophisticated breaches and unusual network activity. It is also having to consolidate solutions so automation can be better leveraged to accelerate threat response time. Similarly, new security systems must be developed to protect emerging technologies, such as quantum computing, that hold so much promise.

Enforcing Climate Change and Cybersecurity Through Regulations

While self-regulation is ideal, regulations and international standards are necessary to drive a change in behaviors, especially if we hope to affect that change in the limited timeframe available.

Climate Change

Standards are essential to fighting climate change. They ensure trust, integrity, and consistent management in measuring and verifying greenhouse gas emissions and energy efficiency. To ensure progress is being made consistently, global frameworks are essential. The Taskforce on Climate-Related Financial Disclosures (TCFD) has become a worldwide standard for consistent climate-related financial risk disclosures. Companies, banks, and investors use it to provide sustainability information to stakeholders. The EU’s Sustainable Finance Disclosure Regulation (SFDR) is designed to help stakeholders and clients understand, compare, and monitor the sustainability characteristics of investment funds, including their environmental impact. The Corporate Sustainability Reporting Directive (CSRD), due to go live in 2023, requires all large companies to report on their social and environmental impact. And in the United States, the SEC draft rule, which requires public companies to disclose extensive climate-related information in their SEC filings starting in the fiscal year 2023, is another regulation that ensures that organizations are focused – and reporting on – efforts with environmental impact. These and similar measures put teeth in the more generic agreements governments have adopted, like the Paris Agreement.

Cybersecurity 

As with climate change, a unified set of practices and regulations serves as a shared map and reference point for organizations looking to secure digital infrastructures. They reduce risk by ensuring a baseline of quality and compliance for both technology and processes. Widely accepted guidelines for cybersecurity, such as NIST and ISO 27000 certification standards, help organizations implement best practices and technologies. On the other side, regulations like GDPR and HIPAA ensure data privacy, protect personally identifiable information (PII), and force organizations to report on breaches. In addition, following the series of Executive Orders from the White House on the need for cybersecurity, the SEC has proposed new cybersecurity requirements for investment advisers and registered investment companies. They have also unveiled a proposed set of cybersecurity disclosure rules for public companies to standardize cybersecurity-related incident reporting, governance, and risk management.

Such standards are vital for ensuring that security requirements are consistently met using best practices and compliant solutions. Current and proposed regulations are designed to have the same effect as those targeting climate change.

Addressing Climate Change and Cybersecurity Through Collaboration

If there is one lesson to be learned, it’s that none of us can do this alone. In an age of specialization, we must develop private-public partnerships to help us more effectively address climate change, cybersecurity, and other emerging challenges.

Climate Change

As clearly highlighted during COP26 (the 2021 United Nations Climate Change Conference), saving the planet from climate change will not be possible without close partnerships between governments, NGOs, the private sector, and the public. A collective effort will be necessary if we are to meet global temperature and emissions reduction goals set by the Paris Agreement, new regulatory and compliance requirements, and the UN’s 17 SGDs.

Cybersecurity

The arms race with cybercriminals also can’t be won without global collaboration. Vendors, businesses, public agencies, and governments all have a role to play, whether through local coalitions, national organizations, or international forums. Disrupting cybercrime activities and dismantling the attack infrastructure is a joint responsibility that requires strong, trusted relationships between public and private organizations. An example is FIRST, a consortium of incident response and security teams from every country that works together to ensure a safe Internet. Other leading partnerships include the NATO Industry Cyber Partnership (NICP) on cyber threat intelligence sharing and the World Economic Forum’s Partnership Against Cybercrime (PAC), which is currently mapping all major global cybercrime syndicates.  

Conclusion

As leaders from around the world get together at Davos to discuss the critical issues that are impacting the sustainability of our planet and society, they must consider both climate change and cybersecurity as integral to enabling a better future for all. At their core, these are sustainability issues. And while each has its unique challenges, they also increasingly overlap as our digital and physical worlds continue to converge. Addressing one necessarily impacts the other.

At the end of the day, if enough people switch to renewable energy, enough businesses take the necessary precautions to protect their systems and data, and enough governments take efforts to level the digital playing field, I am confident we can make our world sustainable.

Learn more about Fortinet’s cross-sector collaborations and Corporate Social Responsibility initiatives.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification programAcademic Partner program, and Education Outreach program—are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.

Sourced from Fortinet

2022 Cloud Security Report

The COVID-19 pandemic and the shift to work-from-anywhere has forced organizations to significantly advance their digital acceleration initiatives, resulting in increasingly hybrid IT networks to help deliver better access to applications and data. In many cases, these assets are distributed across data center networks and cloud deployments that are in a constant state of flux. In addition to the added complexity of managing hybrid IT architectures, organizations underwent forced acceleration to the cloud due to external factors such as competitive pressures or supply chain issues. The lack of time to properly plan and coordinate around these efforts has led to security gaps across an expanded attack surface. Now, today’s organizations are scrambling to provide consistent security and policy everywhere to defend against attacks without disrupting business operations.

So given this digital acceleration, what is the current state of cloud adoption and cloud security? Fortinet partnered with Cybersecurity Insiders to survey more than 800 cybersecurity professionals from around the world and across industries. The 2022 Cloud Security Report reveals how security executives and practitioners are using the cloud, how their organizations are responding to security threats in the cloud, and the challenges they are facing. Let’s look at some of the highlights from this year’s report.

Digital Innovation Accelerates Cloud Adoption

Organizations continue to shift workloads to the cloud at a rapid pace to achieve faster time to market, increased responsiveness to customer needs, and cost reductions. 39% of respondents have more than half of their workloads in the cloud.

Most organizations are selecting either a hybrid-cloud (39%, up from 36% last year) or multi-cloud deployment approach (33%) to integrate multiple services, provide scalability, or ensure business continuity. Seventy-six percent of organizations currently use two or more cloud providers. AWS and Microsoft Azure currently top the list, though Google and Oracle are rapidly increasing their investment and market share.

Cloud Adoption Faces Headwinds

This year’s Cloud Security Report is set against a backdrop of increasingly brazen and costly ransomware attacks and the major disclosure of a severe zero-day vulnerability in the popular Apache Log4j logging tool, used in many enterprise apps and cloud platforms. It’s not surprising that 95% of organizations are moderately to extremely concerned about cloud security. 

When Cybersecurity Insiders asked what surprises security professionals uncovered that hinder cloud adoption, they discovered lack of visibility, high cost, lack of control, and lack of security are the biggest unforeseen factors that slow or stop cloud adoption. These remain to be consistently top inhibitors of cloud when comparing against previous surveys. Addressing these topics is critical to empowering business success.

The survey also reveals that the biggest challenges organizations face are not primarily about technology, but people and processes. Lack of qualified staff (40%, up from 37% last year) is the biggest obstacle to faster adoption, followed by legal and regulatory compliance, and data security issues. Internal upskilling as well as external expertise are major game-changers to accelerating cloud success.

And with most organizations choosing a hybrid or multi-cloud strategy, not surprisingly, they face increased complexity and security challenges. Lack of security skills becomes the top challenge (61%, up from 57% last year), followed by data protection, understanding how different solutions fit together, and loss of visibility and control. Simplifying this complexity is key.

Breaking Down the Barriers to Cloud Adoption

To reduce complexity and increase security effectiveness, visionary organizations are taking advantage of a cybersecurity mesh platform. This composable, collaborative approach helps dramatically reduce the financial impact of security incidents. With threat intelligence directly shared across diverse attack vectors, visibility, management, and automation are simpler, meaning that threats are identified, and mitigated, faster. Ultimately, this reduces complexities, resolves cloud cybersecurity skills and resource gaps, and increases overall security effectiveness.

It’s no surprise that over three-quarters (78%) of respondents consider it very or extremely helpful to have a single cloud security platform to protect data consistently and comprehensively across their cloud footprint.

Cloud is a critical element of the digital strategy of almost every organization, of every size, and across all industries. Securing this transition is critical. Fortinet helps deliver cloud-native security solutions that empower a secure digital acceleration with cloud. Available on all major cloud platforms and for all cloud environments, the Fortinet Security Fabric extends world-class security across on-premises, hybrid, and cloud platforms. Get the digital advantage of reduced operational complexity, greater visibility, and robust security effectiveness, powered by FortiGuard Labs. Together, we can create a digital future we can always trust. 

Learn how Fortinet’s cloud security solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Sourced from Fortinet

Helping Financial Institutions Navigate the EU’s Digital Operational Resilience Act (DORA)

Fortinet always has a sharp eye on cybersecurity developments around the world, so it’s no surprise that we are keenly aware of the European Union’s proposed Digital Operational Resiliency Act (DORA). Recently, the Council of EU presidency and the European Parliament reached a provisional agreement on DORA. It is expected pass into law by each EU member state by the end of this year.

In addition to the DORA agreement, the Council and the European Parliament also agreed on a directive to further improve the resilience and incident response capacities of the EU’s public and private sectors to cyberthreats. The NIS2 directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents.

What is the Digital Operational Resiliency Act?

DORA is designed to consolidate and upgrade information and communications technology (ICT) risk requirements across the EU financial services industry (FSI). The goal is to harmonize risk management across member states in the financial sector using one common set of standards for their operations to mitigate cybersecurity risks. Proponents of DORA say it will “make sure the financial sector in Europe is able to maintain resilient operations through a severe operational disruption.”

Why Was the Digital Operational Resiliency Act Created? 

One reason for the creation of DORA is that the global pandemic accelerated digital banking. This trend of customers doing more online is prompting banks and financial services companies to respond correspondingly and accelerate their migration to the cloud and provide more digital services.

Another reason for DORA is PSD2, which is an EU directive that leveled the playing field in the financial marketplace. The objectives of PSD2 were to create a more integrated European payments market, making payments more secure and protecting consumers. The result is that new players like challenger banks and digital natives (e.g. Fintechs, BigTechs) are coming into the market and offering financial-type services to customers via APIs. This is referred to as “open banking” and it is a global trend that allows non-traditional players and banks to share customer data.

For open banking to be successful, organizations need to adopt digital platforms that facilitate cloud computing, SaaS services, and other online applications. However, due to the fact there are only a handful of cloud service providers (CSPs) on the market, EU regulators are concerned about the concentration of risk and the systemic effect on the entire financial industry if a CSP were to experience a major issue. Consequently, EU regulators are drafting DORA to mitigate these effects, prescribe best practices, and ensure a more resilient financial industry against cyberattacks.

In addition to DORA, the European Union Agency for Cybersecurity (ENISA) is in developing a cybersecurity certification process that aims to further improve the EU’s internal market conditions for cloud services by improving and simplifying the services’ cybersecurity guarantees.

What does the Digital Operational Resiliency Act Include? 

Uniform ICT Risk Management and Resilience

Currently, the proposed DORA regulation reads: “Financial entities shall identify all ICT systems accounts, including those on remote sites, the network resources and hardware equipment, and shall map physical equipment considered critical. They shall map the configuration of the ICT assets and the links and interdependencies between the different ICT assets.”

The draft copy goes on to say that the EU’s financial organizations must follow a risk-based approach to “establish a sound network and infrastructure management” and use “automated mechanisms to isolate affected information assets in case of cyberattacks.” 

Furthermore, European financial services organizations will be required to “design the network connection infrastructure in a way that allows it to be instantaneously severed and shall ensure its compartmentalization and segmentation, in order to minimize and prevent contagion, especially for interconnected financial processes.”

In addition to uniformed ICT risk management, Europe’s financial services organizations will be required to report all major ICT-related incidents to “the competent authorities; perform periodic digital operational resiliency testing; share information and intelligence related to cyberthreats and vulnerabilities; and measure and manage third-party ICT service provider risks.”

Regulating Third-Party Service Providers

It seems very likely that DORA will have strong effect on third-party organizations that service FSI companies. The current proposed law will require an “oversight framework for critical ICT third-party service providers when providing services to financial entities.” And there will be clear “rules on cooperation among competent authorities and rules on supervision and enforcement by competent authorities in relation to all matters covered by this Regulation.”

Additionally, in the event of an ICT cybersecurity incident, DORA requires third-party service providers to provide assistance to FSI organizations at no extra cost.

Resilience Testing and Severe Penalties

One of the key components of DORA is the digital operational resilience testing program, which calls for a broad range of assessments of European FSI organizations. The tests include “vulnerability assessments and scans, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires and scanning software solutions, source code reviews where feasible, scenario-based tests, compatibility testing, performance testing, end-to-end testing or penetration testing.”

Organizations that fail to meet DORA standards can expect to pay fines that “calculated from the date stipulated in the decision imposing the periodic penalty payment, shall be 1% of the average daily worldwide turnover of the critical ICT third-party service provider in the preceding business year.”

The drafting of DORA’s regulatory technical standards was done by the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA) along with ENISA.

What Organizations Does the Digital Operational Resiliency Act Cover?

DORA will apply to an expansive range of FSI organizations. They will include credit institutions; payment institutions; electronic money institutions; investment firms; crypto-asset service providers, issuers of crypto-assets; central securities depositories; central counterparties; trading venues; trade repositories; managers of alternative investment funds; management companies; data reporting service providers; insurance and reinsurance undertakings; insurance intermediaries, reinsurance intermediaries and ancillary insurance; intermediaries; institutions for occupational retirement pensions; credit rating agencies; statutory auditors and audit firms; administrators of critical benchmarks; crowdfunding service providers; securitization repositories; ICT third-party service providers; and crypto assets providers.

Many of these types of organizations have not previously been subject to the ICT regulations that are within DORA’s scope. The expectation is that financial service organizations under its purview will treat DORA as a best practices guide for their industry, specifically regarding cybersecurity and resiliency.

Will There Be Global Guidance?

While DORA will be an EU regulation, its effects will go well beyond Europe’s borders. It will impact businesses and industries on a global scale, similar to how the General Data Protection Regulation (GDPR) affects countries outside of the Union since it became law in May 2018.

How Fortinet Is Prepared to Help Our FSI Customers

As usual, Fortinet is staying ahead of the curve. Before DORA becomes law, we are prepared to help our European financial services customers and global organizations that work with EU companies anticipate and respond to DORA’s demands.

Of course, Fortinet will assist our customers in monitoring networks and mitigating cyberthreats and cyberattacks. We will also help our customers comply with the DORA rules by aligning to the final version of the regulations and provide:

  • Risk Management – Fortinet provides a unified risk management across environments leading to consolidation of governance, policies, and monitoring.
  • Operational ResilienceFortinet Security Fabric is the industry’s highest-performing cybersecurity platform, with a rich open ecosystem spanning over 480 security partners. It covers the extended digital attack surface and cycle, enabling self-healing security and networking to secure people, devices, and data.
  • Security monitoring – Fortinet provides platforms and solutions to allow customers to monitor and track risk. FortiManager supports network operations use cases for centralized management, compliance best practices, and workflow automation to protect against advanced threat actors. The threat intelligence provided by FortiGuard Labs helps organizations stay ahead of new and existing threats.
  • Digital resilience testing – Fortinet customers benefit from a long-standing commitment to meet the requirements of the most security-minded organizations. With a broad portfolio, comprehensive service offering, and a strong network of partners, Fortinet can help EU customers test their systems and networks to meet regulatory demands. 

Find out more about how Fortinet secures financial services organizations from cyber threats while optimizing cost and efficiency. Also stay tuned for our financial services focused series of podcasts on this topic coming soon. 

Sourced from Fortinet

Top 5 Findings from the Global 2022 Cybersecurity Skills Gap Report

Closing the cybersecurity skills gap has been a topic of interest for a number of years, with many organizations reporting on its slow decline. According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.

There is a lot to be learned from the skills gap. Today, Fortinet released the 2022 Cybersecurity Skills Gap Global Research Report that uncovers the impact the skills gap is having on organizations around the world. From the survey’s findings, five top themes have emerged:

  1. Cybersecurity affects every organization.
  2. Recruitment and retention of talent is a problem.
  3. Organizations are looking for individuals with certified skills.
  4. Organizations are looking for more diversity.
  5. Raising cybersecurity awareness remains a key challenge.

The survey was conducted in January and February 2022, and included more than 1,200 IT and cybersecurity decision-makers from 29 different locations. There was an even split between the respondents in four regions: North America, EMEA, APAC, and LATAM.

How Cybersecurity and the Skills Gap Affect Every Organization

A staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills and/or awareness. Almost 20% suffered five or more breaches.

Number of breaches in the last 12 months

If that weren’t enough, 64% of organizations experienced breaches that resulted in lost revenue and/or cost them fines. Of those, 38% reported breaches that cost them more than a million dollars (USD).

How Is the Skills Gap Creating Cyber Risk?

According to the survey respondents, a key factor contributing to the breaches is that organizations struggle to find and retain certified cybersecurity people. Sixty-seven percent of global leader respondents indicate that the skills shortage creates additional cyber risks for their organization.

Recruitment and Retention Are Key Challenges Causing the Skills Gap

Organizations need qualified cybersecurity professionals now more than ever, which is why 76% of organizations indicate that their board of directors now recommend increases in IT and cybersecurity headcount.

Board members who recommend increases in IT and cybersecurity headcount

MMost would hope that increasing hiring could be an easy fix to this problem; however, 60% of organizations indicated that they struggle to recruit cybersecurity talent, and 52% struggle to retain it.

Another key challenge for recruitment is the that organizations need to hire people for a broad range of security and IT network-related roles and specializations. Cloud security specialists and security operations (SOC) analysts remain among the most sought-after roles in cybersecurity, followed closely by security administrators and architects. But organizations aren’t just looking to ramp up hires arbitrarily. They’re deliberately trying to build teams of specialized talent who are equipped to handle an increasingly complex threat landscape.

Finding Qualified People Is a Challenge for the Skills Gap

Globally, 50% of organizations seek cloud security specialists, a priority that’s likely informed by how rapidly companies moved their operations to the cloud during the pandemic.

The challenge is finding the right people.

What roles are organizations looking for?

What Skills Are Needed to Work in Cybersecurity? 

Central to the challenge of recruiting and retaining cybersecurity talent is the importance of certification. Certified professionals are universally sought after with 95% of decision-makers sharing that technology-focused certifications positively impact both their role and their team. 

Organizations Are Looking for Certified Skills

As such, 81% of leaders prefer to hire people with certifications.

However, 78% indicate it’s hard to find certified people. This may contribute to the fact that globally 91% of organizations say they are willing to pay for an employee to achieve a cybersecurity certification.

Organizations would pay for an employee to get a cybersecurity certification

The preference to hire certified people may be because organization leaders followed that same path themselves:

  • 86% of decision-makers report having earned technology-focused certifications
  • 88% report having other people with certificates on their team

Certification Is an Opportunity Given the Skills Gap

It should also be noted from above that global leaders attributed the struggle to find and retain certified cybersecurity people as a key factor contributing to breaches. This also may influence an organization’s hiring strategy with a tendency to lean toward professionals with corresponding certifications to the positions they are attempting to fill.

Closing the Cybersecurity Skills Gap By Prioritizing Diversity

The challenge isn’t just hiring more people, but also building more capable and more diverse teams. While enterprises need qualified talent for a range of different roles, 89% of global companies also have explicit diversity goals as part of their hiring plan.

Seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges. Sixty-one percent say hiring minorities is also a top three challenge.

Despite the challenges, or perhaps because of it, three out of four organizations implemented formal processes to hire more women, and nine out of 10 actively engaged women and new graduates during the last three years. Fifty-nine percent of companies have structures in place to hire minorities, and 51% for hiring more veterans.

Hiring from these populations is a top three challenge for organizations

Raising Cybersecurity Awareness to Close the Skills Gap

Even though the recruitment, retention, and certification of a cybersecurity team is vital, companies cannot realistically protect themselves until they also raise the cyber awareness of all employees. That requires ensuring that all employees, at all levels and all roles within the organization, have the knowledge and awareness to protect themselves and their organization’s data. Until they do, breaches will always be likely.

Eighty-seven percent of organizations implemented a training program to increase cyber awareness. However, 52% of leaders continue to believe their employees still lack the necessary knowledge. This raises the question of the effectiveness of the programs that organizations currently have in place. 

Employees lack knowledge when it comes to cybersecurity awareness

For those that don’t have a program in place, 66% report they are currently looking for a program that would suit their needs. 

The Power of People Can Help Close the Skills Gap

Cybersecurity can sometimes feel like a purely technological domain. But when you look past the technology that organizations rely on, cybersecurity is all about how well your employees work together to protect the organization.

Fortunately, organizations are making deliberate efforts to improve on all these fronts. However, it is imperative to remember that the cyber battle isn’t won on any one front. Cybersecurity requires an entire system of people and technology working together to protect an organization.

That starts with people who are empowered, qualified, and certified to protect the organization.

Learn more about the Fortinet free cybersecurity training initiative and Fortinet’s Training Institute, including the NSE Certification program, Academic Partner program, and Education Outreach program which includes a focus on Veterans.

Learn more about Fortinet’s efforts in closing the cybersecurity skills gap: Skills Gap Perspectives

Sourced from Fortinet

Fortinet Assists in NATO’s Annual Live-fire Cyber Defense Exercise

There’s an old saying that goes like this: “How do you get to Carnegie Hall? Practice, practice, practice.” The humor is based on misdirection, but the advice is still solid: To become a world-class musician who plays at famous venues, you must practice relentlessly. Of course, this recommendation can be applied to any human endeavor like, say, cybersecurity.

Nation-states and organizations can have all the best-of-breed, state-of-the-art cybersecurity solutions, but unless their teams practice deploying and employing them and partake in cyberthreats drills, they could have sub-optimal results—including high-profile security failures—in a real-live attack. I’m trying to avoid using the cliché “practice makes perfect” because in cybersecurity there is no such thing as perfection, but the point is that repeated practice is vital for successful cyber defense.

Exercise Locked Shields

Fortinet is honored to assist the Exercise Locked Shields, which is “the largest and most complex international live-fire cyber-defense exercise in the world.” In other words, Exercise Locked Shields is a cyberwar games event and a unique opportunity for cybersecurity professionals to practice defending national IT systems and critical infrastructure under the pressure of a severe cyberattack.

Exercise Locked Shields is conducted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). This cyberwarfare drill is not a new initiative. It’s been occurring annually every spring since 2010. Locked Shields takes six months of planning between the CCDCOE, industry partners like Fortinet, and participating nations. This year, over 2,000 cybersecurity experts from 32 countries participated in Locked Shields.

Fortinet has been a NATO NICP (NATO Industry Cyber Partnership) member since 2016, focused on collaborative information sharing, so it has been exciting to see this relationship evolve through different pathways.

Red Teams vs. Blue Teams

Exercise Locked Shields consists of Red Teams (RTs) on offense versus Blue Teams (BTs) on defense. These teams are always made up of experts from the member nations and partners of CCDCOE. This year, there were 24 BTs with an average 50 participants on each team. The Blues took on the role of national cybersecurity rapid responders who were deployed to help a fictional country under a large-scale cyberattack.

Locked Shields events always use realistic scenarios, cutting-edge technologies, and complex networks. And the RTs use diverse attack methods to keep pace with the advancement of technology. The virtual networks are custom-built and include a various services and platforms to emulate both civilian and military systems. All this is done to provide an experience that accurately imitates a real-world cyber intrusion.

Exercises in Different Scenarios

It’s a great help to nations participating in this annual exercise because it offers an unprecedented opportunity to test their cyber-defense skills in a safe environment while being aggressively challenged by a highly skilled adversary. During Locked Shields 2022, roughly 5,500 virtual systems were attacked more than 8,016 different ways. That’s a lot of practice!

In addition to securing complex IT systems, the BTs needed to be effective in reporting incidents; strategic decision-making; and solving forensic, legal, media, and information operations challenges. 

Exercise Locked Shields is just like military exercises that take place in different settings with different scenarios. It’s similar to what the U.S. Marines do when they practice fighting in cold weather and snow, and then in a desert, and then in a jungle. This annual exercise is the same concept for cybersecurity professionals, where defenders are practicing in many different scenarios.

Why Collaborative Exercises Are Important

The recent disruptions from the global COVID-19 pandemic and the broader heightened cyber environment are excellent examples that support the importance of having collaborative cyberwarfare exercises like Locked Shields. The world has now become more interdependent and relies more than ever on virtual solutions to ensure continuity of societal functions.

A side effect of these developments is that the attack surface has greatly increased and requires effective collaboration between government and private-sector organizations to ensure the systems we all rely on are properly defended. 

Another reason these collaborative cyberwarfare games are important is their unique ability to bring together countries, educational entities, NGOs, international organizations, and businesses. According to the CCDCOE, the number of participants in this year’s Locked Shields drills surpassed previous exercises. The benefits that come from this event include increased cooperation within the international cybersecurity community; the sharing of vital cyberattack data; and the camaraderie that comes from common experiences among like-minded nation-states and individuals.

Why Fortinet Is Involved

Fortinet is an active participant in Locked Series for both altruistic and self-serving reasons. Our mission statement is to secure people, devices, and data everywhere. So, when there is any opportunity to help make the digital world more trusted and safer, we are happy to be involved.

What About Smaller Entities?

State and local governments as well as small businesses also need to have drills, though on a smaller scale, to build up their knowledge, capabilities, and confidence in the how to proceed in the event of an cyberattack. That’s why these exercises are done. We need people to come together and think about how best to respond to different scenarios and their effects on different entities.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.

Sourced from Fortinet

Women in Cybersecurity: A Conversation About Careers and Challenges

It’s no secret that the lack of gender diversity in cybersecurity is a worldwide issue. While there are many reasons why women continue to be underrepresented in this industry—significant bias and gender stereotypes drive the belief that a career in cybersecurity is not for women—many companies, including Fortinet, are now actively tackling this issue. This goes beyond seeing diversity as a worthy goal, which it is. Given the growing crisis arising from the global security skills gap, adding women to the ranks of cybersecurity professionals is essential if we want to preserve our society.

History is filled with women who have played a pivotal role in the development of our digital society—from Ada Lovelace, the world’s first computer programmer, to Grace Hooper, who created new ways to code, to Margaret Hamilton, who programmed Apollo’s flight software, to Elizabeth Jake Feinler, who created the first Internet directory—ARPANET—along with a mostly female staff.

Two Fortinet employees: Rashmi Deshpande, Vice President Quality Engineering and Margarette Joven, Staff AV Analyst, discuss their professional backgrounds and how they led to a role in cybersecurity. They offer advice for other women looking to start or pursue a career in cybersecurity.

What does being a woman in cybersecurity mean for you?

Rashmi: Being a woman in cybersecurity today means oceans of opportunities, challenges, and a lot of scope for innovation. Due to digital acceleration, the threat landscape is expanding faster than ever. In less than two years, the pandemic has accelerated digital acceleration further in every aspect of life. And it has also increased cyber threats and bad actors. As a result, securing devices, data, and users has become increasingly important. This has led to a growing requirement for security professionals. However, hiring good talent is challenging due to the demand and supply gap. As per the  (ISC)² Cybersecurity Workforce Study, women only make up 25% of the global cybersecurity workforce today. Fortunately, this percentage is increasing as organizations focus on training and the conscious hiring of women employees. Adding women to the ranks of the cybersecurity profession is invaluable, as I believe women are highly intuitive, and this quality can make a great addition to any cybersecurity team, both from a development and support perspective. This is a good time for women to develop their skills to take advantage of the opportunity in cybersecurity and be part of the journey to build safe and secure cyberspace.

Margarette: Cybersecurity is a fun and unique industry, offering growth opportunities, exciting day-to-day tasks, and the chance to make a real impact on individuals, corporations, and national security. Many women may not realize this, but there is a considerable variety of avenues in cybersecurity careers that are fit for different personality types. There is an urgent need for women and men with the technical and soft skills and understanding required to combat persistent and malicious cyberattacks. I’m happy to be a part of it. 

What was your career path? What inspired you to pursue a career in cybersecurity?

Rashmi: After having worked for many years as a QA engineer and leading QA teams in enterprise-class switching, routing, and Wi-Fi, it was a natural progression for me to seek out the challenges that come from a career in cybersecurity. This field is so exciting and challenging that I see myself long invested in the R&D of cybersecurity products. With the exponentially increasing digitization of the world affecting every walk of life, the world is more digitally connected and more prone to cyberattacks. As digital acceleration continues, this will only continue to increase exponentially.

When the opportunity to work on InfoSec products arose, I quickly realized that it is an excellent field of research and that being able to contribute in my way to securing the digital world would be very fulfilling. This motivated me to pursue my career further in this field. Also, with very few women currently working in InfoSec, the gender gap further inspired me to work toward breaking down barriers. Hopefully, more women will be motivated to take up research and development functions in cybersecurity.

Margarette: My first job was in cybersecurity. When I started, cybersecurity was still a relatively new field. With cyber threats growing and data breaches by both local and international organizations increasing, I chose to pursue this path as I found it exciting and very interesting. And it still is! Cybersecurity is now one of the fastest growing sectors in the IT industry and one of the top skill areas to pick up. Cybersecurity is needed in every sector, whether retail, transportation, healthcare, finance, or government services. This allows you to work with a variety of businesses and immerse yourself in different industries.

What does your job consist of, and what about your work excites you? What is the achievement you are most proud of?

Rashmi: As VP, Quality Engineering at Fortinet, I lead teams responsible for validating the Fortinet products that are part of Fortinet’s Secure Access Networking portfolio in the area of AIOps (Artificial Intelligence for IT Operations), application security, vulnerability testing, and LAN cloud.

At Fortinet, there is something new to learn every day. Over the last two years, our team has worked on five new products as part of end-to-end development, from the conceptualization phase to customer engagements. I look forward to going to work in a diverse, inclusive, and employee-friendly work environment every day. Fortinet is a tremendous equal opportunity employer and treats us like we are like a Fortinet family.

Fortinet also strongly believes in innovation. Fortinet is a leading innovator in cybersecurity, and I would say building a highly innovation-focused QA team is one of my most significant achievements. Over the last eight years, my team has generated numerous patents and contributed to Fortinet’s success journey. I am very thankful to my team for all their support.

Margarette: My job consists primarily of training newer AV (anti-virus) analysts on how to analyze malware and helping them improve their skills. One achievement that I’m proud of is the training program I had a significant role in creating. This program has helped form the AV analyst team into what it is today. AV analysts play an essential role in cybersecurity. Part security engineer, part digital forensics expert, and part programmer, this crucial function provides in-depth intelligence and analysis about threats, including taking a close look at the tools and methods used by cybercriminals. By analyzing the malware used in an attack, new defenses can be deployed or refined as needed. The ability to reverse-engineer malicious code is paramount in an effective defensive strategy, and this is where a malware analyst brings value to the cybersecurity team. The cross between being a programmer and a cyber detective makes this an exciting job.

When it comes to progressing to a leadership role, what are the most important traits women must develop?

Rashmi: Organizations must invest in their employees. Recognizing, mentoring, and growing talent is one of the most essential traits for a leader. The trick is to identify the value of thinking outside the box. Women leaders should encourage other women to apply for training and positions within their company and give them opportunities to lead projects and teams. No one can get to the second or third rung of the ladder until they are on the first rung, which also requires you to act as a mentor. Apart from being a good team leader, leaders need to be equally accountable for their team’s success and failure. Learn from failures. Effective delegation is another vital trait. A leader should be ready to take or give away responsibility when needed.

Margarette: Taking responsibility by taking ownership of projects and tasks, meeting deadlines, and enhancing your ability to solve problems are valuable assets to any company and could present you with senior leadership opportunities. Such skills show your tenacity and resilience and the ability to inspire confidence in the executive team and your direct reports. Another critical trait is being open to change as situations evolve to succeed through every business’s ebb and flow.

How have you dealt with challenges throughout your career, and what would be your main advice to girls and women considering careers in cybersecurity?

Rashmi: Throughout my career, I have seen challenges as learning opportunities. I have learned from failures, tried new things, taken advice, and sought out support from my managers and colleagues. I have been fortunate to get good support from my mentors and team throughout my career. My advice to girls/women is to be focused on your goal. Cybersecurity is an ever-changing field due to a multitude of dynamics involved in the evolution of technology and the fact that bad actors are always ahead of the curve. It is also very important to be ready to learn new things and be proud to be part of securing the cyberspace so many rely on. On a personal front, accept that you cannot handle everything on your own. Seek help from colleagues, family, and friends whenever you are overwhelmed. As much as a career in cybersecurity can be challenging, it can also be very rewarding, both emotionally and financially.

Margarette: It’s very common to get stuck when trying to figure out a problem. And it’s important for girls and women to know that this is normal and does not necessarily mean that their skills are inferior. Just take a deep breath, break down the problem into manageable parts, and tackle one piece at a time. With patience, hard work, and determination, a solution will usually present itself. Even if you later find out that a solution isn’t possible, you’ve learned a lot of things along the way, which will be helpful later on when you encounter the next big problem.

Tune in to a special edition of FortinetLIVE to hear more about women in #cybersecurity and fostering diversity. Read other employee stories from Fortinet: FortinetLife Perspectives series.

Sourced from Fortinet

CISO Q&A: How to Protect Healthcare Ecosystems in 2022

The past few years have been challenging for healthcare. Organizations have faced spikes in the pandemic and constant shifts and challenges. During the first wave of being on the front lines of the pandemic, many healthcare organizations had to invent or reinvent patient treatment plans and clinical guidance, build testing centers, expand inpatient capacity and dramatically expand virtual visit platforms.

All of these digital initiatives have security implications, and healthcare is facing increasingly sophisticated cyber threats and cybersecurity complexity. Fortinet’s Troy Ament, Field CISO for Life Sciences and Healthcare, offers his thoughts on cybersecurity priorities and the threats healthcare organizations are facing in 2022.

What technology changes are you seeing in healthcare?

Troy: Before I joined Fortinet, I worked for large health systems with over 46 hospitals and more than 60,000 employees. We were only doing 100 virtual visits per month. Now those same organizations are doing over 45,000 virtual visits. There’s been a huge step forward for the healthcare ecosystem in terms of technology. After that, it was a heroic effort to vaccinate almost four billion people across the globe, which is just tremendous. These initial challenges during the pandemic continue to evolve and adapt and leverage new technologies and digital transformation. There are a few that I just wanted to touch on specifically.

The first is workforce mobilization. At my organization, we moved more than 6,000 people home in two weeks. We also had to manage data analytics and data sharing to provide information to state, local, and federal governments about infection rates and vaccine administration and adoption rates. Within our organization, we had to use a lot of data analytics to know where we were from a personal protective equipment (PPE) and intensive care bed rate perspective.

All the billions of doses of vaccines that were administered ended up putting a big target on the back of many healthcare and pharma organizations. Amid the vaccine rollout success, there’s that darker side as adversaries track and take inventory of digital changes in healthcare and look at ways they can monetize their attacks.

What challenges and threats are you seeing?

Troy: From the beginning of 2020 up until maybe the first half of 2020,  adversaries weren’t attacking the provider space as much. But as they saw the acceleration of digital transformation and health systems becoming focused on COVID-19, they recognized the opportunity, and there was a dramatic spike in ransomware attacks. The attacks successfully disrupted operations during a time when health systems were extremely challenged, just in staffing their hospitals and having enough PPE for them. So the adversaries were successful in forcing some health systems to pay tens of millions of dollars in ransomware settlements. Organizations couldn’t continue to be down because it affected patients’ ability to get vaccinations and test results.

But it didn’t stop there. The challenges went beyond the four walls of a health system. Over the last six months to a year, cloud application providers are more prevalent. They provide critical applications to health systems, such as payroll, staffing and scheduling, revenue, cycle and billing. And then, more recently, electronic medical records have been impacted. These organizations provide services to these health systems, which is a pivot I’ve seen away from health systems. Now adversaries are going after larger cloud application service providers that need to be taking a comprehensive security approach with zero-trust solutions.

Reliability and safety are paramount in healthcare. How are organizations making different choices to enable cyber protection in healthcare?

Troy: First and foremost is foundationally integrating security into the business practice. Even when a business wants to quickly adopt new technologies or clinical workflows, security needs to be embedded into those workflows across IT, networking, etc. The convergence of networking and security is important. And then adopting a mesh-type architecture approach to security. It’s important to have a comprehensive, integrated approach to security that includes zero trust as well. Securing remote and online care is paramount in healthcare.

Right now, we’re seeing much higher adoption of multifactor authentication and having zero-trust solutions embedded into networks to minimize the impact of an attack. Healthcare organizations are doubling down on security because they’re starting to understand it better. The health systems that have become more mature within security operations to get in front of or limit the damage of attacks are being successful, and that information is spreading through the industry.

Learn more about how Fortinet healthcare security solutions can help enable the latest advances in patient care while protecting against cyberattacks.

Sourced from Fortinet

How to Select a Network Firewall—A Guide for SMBs

While it’s impossible to foresee how growth and expansion will affect your network and security requirements, making a wise investment is still possible. Regardless of your configuration, a firewall still serves as the critical inspection point for all network traffic. The right firewall will help prepare your business for growth by consolidating the number of products you must manage, reducing costs and cycles, and making the overall management of your network infrastructure more effortless and cost-efficient.

The challenge is sifting through the vast array of firewall options to find the best one for your organization now and that can grow with you as your organization and network expand. So, what questions do you need to consider when choosing a firewall for your business? Here are some critical considerations:

Does the throughput match your business needs?

As anyone can tell you, throughput demands are a moving target. Yesterday’s ultraperformance is today’s baseline requirement. As the volume and maturity of users, devices, and applications increase, bandwidth demands naturally intensify. Your firewall must be able to quickly identify applications, scale to process and secure increasing network traffic demands, especially now as most traffic is encrypted hitting 95% as estimated by Google’s latest Transparency report. Decrypting SSL including the latest TLS1.3, is the key to identify bad actors hiding in those encrypted paths.

What type of inspection do you require from your firewall?

Generic CPUs were never developed to perform specialized inspection, analysis, correlation, and response tasks modern firewalls need to deliver—including things like performing deep inspection of encrypted traffic that can quickly overwhelm generic CPUs. Just as advanced graphics demand specialized GPUs to render rich video streams, the increasingly sophisticated technologies and tactics used by today’s cybercriminals demand more processing power. Effectively analyzing streaming traffic in real-time requires a much more specialized and intensive process that most firewalls cannot deliver.

The second issue is longevity. Selecting a firewall should be a long-term investment. But even though most businesses expect their technology to last two to four years, over half end up purchasing additional tools and workarounds every one to two years to either fill gaps in their existing solution or compensate for creeping performance issues according to research. The best rule of thumb is to make an educated guess about your bandwidth requirements in three years, double it, and then select a firewall that is very comfortable with securing that volume of traffic.

How quickly and effectively can it analyze traffic for threats?

Your firewall serves as the critical inspection point for all network traffic. And in today’s application-centric business environment, performance is vital. Unfortunately, few firewalls were designed to meet the digital performance needs of today’s small businesses. Getting one fast enough is almost always cost-prohibitive. Performance is determined by the device’s central processing unit (CPU) and its alignment with its underlying operating system. Therefore, a key consideration is whether its CPU can support the specialized functions of high-performance security inspection or if it’s built around generic processors being asked to do something they weren’t designed to do.

Do you want a multivendor solution or one from a single vendor?

Multivendor: A multivendor, best-of-breed strategy is not wrong. But it is more complex. Look for solutions built using common standards and open APIs to reduce the time and effort required to develop and maintain workarounds to help discrete solutions operate more like a system. And if not managed correctly, vendor sprawl can render your entire security environment less effective by fragmenting visibility and control, especially when security devices deployed at different network edges struggle to share threat intelligence. Cybercriminals are experts at finding and exploiting security gaps and areas of weakness. Such gaps are most commonly due to misconfigurations and a lack of interoperability and deep integration between security products.

Single vendor: Solutions provided by a single vendor, especially when supported by a common OS, can significantly reduce deployment time, simplify management, and improve operational efficiency. Centralized orchestration also helps eliminate configuration errors and reduce the potential for human error. But perhaps the most significant advantage is that a deeply integrated system is the only way to implement the automation needed for instant threat detection and remediation. The challenge is that many single-vendor platforms often include sub-par components that diminish the effectiveness of the entire system. Look for vendors who regularly put each security element through rigorous, public testing and that publish specs based on real-world conditions so you can make fair comparisons between solutions.

Non-Negotiables for NGFWs

While most firewalls include nice-to-have features vendors promote to differentiate their solution, you need to focus on the fundamentals. If those don’t meet your requirements, none of the bells and whistles are worth your time or money. At a minimum, your firewall must provide:

  1. Decryption: To inspect traffic, a firewall must be able to read it. Which means it must first be decrypted. But given the need to maintain optimal user experience, decryption, inspection, and re-encryption needs to happen in as close to real-time as possible. Look carefully at this because many firewall vendors won’t even publish their performance numbers for inspecting encrypted traffic because they are so bad.
  2. Advanced Threat Protection: Because the threat landscape is evolving so rapidly and moving to smaller targets, your firewall must combine traditional threat-matching signatures with advanced AI and machine-learning capabilities to identify all threats, new or old and protect organizations from known, zero-day and unknown threats.
  3. Content Filtering: The most effective way to prevent users from being infected by malicious websites and downloading ransomware is to prevent them from going there in the first place. This requires AI/ML powered web and content filtering. With video becoming a predominant tool for human communication, inspecting video traffic becomes a core pillar of any security policy.
  4. Endpoint Integration: Employees with unpatched applications give hackers a backdoor to install malware.. Built-in network access control and endpoint visibility can enforce access policy based on endpoint risk and hygiene assessments, forcing the end-user to update and patch their system appropriately before being allowed on the network. Once on board, endpoints can share threat intelligence within the ecosystem and prevent other users from falling victim to the previously seen malware.
  5. Sandboxing: Sandboxing opens and “detonates” files and attachments unknown to AV inspection to determine if they are malicious. The challenge is that most sandbox solutions allow files to pass through, requiring IT teams to track them down and remove them if they are deemed to be malicious. Inline sandboxing will enable you to hold a potentially malicious file until a final verdict is received to proactively block previously unknown threats.
  6. IoT visibility and control: The future is increasingly connected and IoT must be factored in. Your firewall should be able to perform automated discovery, real-time segmentation, and policy enforcement for IoT devices. This includes IoT device and OS detection and tracking, vulnerability correlation, and virtual patching.
  7. Remote Access: Providing secure access to remote workers is a fundamental requirement of any firewall. An effective VPN solution needs to not only be fast, but able to scale as users move between on-premises and remote work. But VPN is just the start. It does not provide the sort of advanced protections—such as access control and application monitoring—that today’s hybrid networks require. Built-in ZTNA extends VPN functionality by ensuring per-session user and device access to applications and resources. This protects against threats that exploit less inspected VPN tunnels or newly deployed application protocols in order to avoid detection. And additional integration with a security client and coordination with cloud-based services further ensures that every user anywhere complies with the same access policy. 
  8. Secure SD-WAN: Few standalone SD-WAN solutions include security. Look for a firewall that not only natively supports SD-WAN but that can seamlessly apply security to connections. Converging connectivity with security opens up new possibilities for advanced routing and functionality that enables and optimizes user experience without ever compromising on protection.

Your Firewall Must Support a Larger Security Framework

A security framework, where every component is designed to work together as an integrated fabric from the beginning, enhances the sharing of threat intelligence and indicators of compromise to better detect and automatically respond to threats quickly and accurately. The right firewall solution should operate seamlessly within a comprehensive security framework that can span and adapt to your evolving needs.

Choosing the right firewall provides the peace of mind that comes from knowing that your security works now and will continue to protect and sustain your business in the future—even as technologies and business strategies continue to evolve. Additionally, working with a vendor who understands your needs now and tomorrow ensures longevity, prevents unnecessary workarounds, and avoids the rip and replace conversations down the road that can derail a business.

Find out how the Fortinet Security Fabric is the industry’s highest-performing cybersecurity platform, powered by FortiOS, with a rich open ecosystem delivering broad, integrated, and automated protection across an organization’s entire digital attack surface.

Curious to learn more? Check out our Firewall Buyer’s Guide now.

Sourced from Fortinet

Collaboration is Crucial to Combating Cybercrime

As one of the founding members of the World Economic Forum’s Partnership Against Cybercrime (PAC), Fortinet has spent the last few years collaborating with this dynamic group of organizations to combat cybercrime worldwide.

In responding to the unprecedented and exponential growth in cybercriminal activity during the global pandemic, PAC has focused on linking the digital expertise and data of the private sector with the public sector’s threat intelligence to help obstruct cybercrime ecosystems. PAC has always believed that a global approach and a unified effort to eliminate communication barriers will make it easier to get beyond the obstacles that shield cybercriminals.

This blog highlights the purpose of the partnership, its successful collaboration exercises, and its future initiatives.

The Benefits of Collaboration

By breaking down the barriers between private companies and public agencies, PAC is able to make significant progress in achieving the very ambitious goal of mapping all of the major global cybercrime syndicates.

PAC believes providing this visibility is a critical first step in its efforts to help disrupt cybercriminal ecosystems and infrastructures. Enhanced visibility assists legal authorities in achieving more successful cybercrime investigations, takedowns, prosecutions, and convictions. It also provides an unprecedented opportunity to strategically identify and target vulnerabilities in the criminal ecosystem. Recently FortiGuard Labs’ Derek Manky discussed some examples of recent good news in fighting cybercrime as evidenced by the DOJ, but more needs to be done.

Considering the scale and sophistication of the threat landscape, it may seem like an impossible dream to make a real difference in the battle against cybercrime. However, the consortium of industry leaders that make up the PAC vehemently disagree. In addition to Fortinet, the founding members of the PAC include Microsoft, Bank of America, Coinbase, Accenture, the Cybercrime Support Network, and the Cyber Threat Alliance.

This partnership has brought together the cyberthreat experts within these organizations. These individual partners are volunteering to design and build a “working map” for understanding the cybercriminal ecosystem’s components, interfaces, and connections. With the information collected, PAC, legal authorities, and other stakeholders can leverage this data to inhibit the nefarious efforts of cybercriminal gangs and reduce the impact of their misdeeds. This is very timely given the continued evolution of the threat landscape according to FortiGuard Labs’ recent Global Threat Landscape report.

Achieving Clarity

The principles of this project can be found in the World Economic Forum’s Partnership Against Cybercrime November 2020 Insight Report that promoted the idea for collaboration to waylay cybercrime ecosystems. After over a year of engagement and investigation, PAC partners have been encouraged by the clarity provided through their framework of cybersecurity expertise and some basic taxonomies.

This past year, PAC members have been conducting threat research to gain an understanding of the cybercriminal ecosystem and who some of the major threat actors are. The plan is to share the results with public sector law enforcement agencies and criminal justice systems.

Following more than a year of increasingly malignant cyberattacks and our under-the-radar tracking of cybercriminal organizations, the partnership is preparing to share its detailed, specific threat-mapping and cybercrime examples. We hope our insights will help identify new opportunities for cooperation between digital security experts and law enforcement, as well as assist in disarming the worst cybercriminal gangs that have been escalating their attacks, creating havoc, and getting rich.

The Cybercrime ATLAS Project

The PAC began an initiative in September 2021 called the Cybercrime ATLAS. The goals of this project are to:

  • Enable senior management to make strategic resource and targeting decisions on cyberthreats
  • Increase the efficiency of cybercrime investigations by supporting legal authorities with high-quality, actionable intelligence
  • Support disruptive efforts against criminal networks
  • Help public and private cybercrime investigators identify common targets of concern
  • Accelerate collaborative efforts

The ultimate vision for Cybercrime ATLAS is to create a respected international community built on the expertise of public sector and private sector partnerships to understand the cybercriminal ecosystem, how to disrupt it, and how to mitigate the negative impact of attacks.

PAC members want the Cybercrime ATLAS project to become a hub for linking cybersecurity experts and for sharing knowledge on analysis techniques, new tools, new adversary behavior, and strategic insights. Another outcome they would like to see is for ATLAS to become an “intelligence pool” for understanding cybercriminal group operations, such as TTPs (tactics, techniques, process) over time, threat actor infrastructures, syndicate financial support systems, and the criminals’ identities.

A Joint Responsibility

Disrupting cybercriminals and dismantling the attack infrastructure is a joint responsibility that requires strong, trusted relationships with other organizations. Cybercriminals operate like a business and if we keep forcing them to start over, rebuild, and shift tactics, the better off the digital world will be. Our goal is not only to prevent attacks, but we also want to dismantle and force cybercriminals to change models, approaches, and techniques, which demands their time, effort, and resources.

For Fortinet, the sharing of actionable threat intelligence between organizations and helping shape the future of mitigation against cyberthreats is vitally important. The World Economic Forum’s Partnership Against Cybercrime is a powerful example of what can be accomplished when organizations work together to fight against global cyberthreats.

Learn more about global threat partnerships from FortiGuard Labs.

Sourced from Fortinet