Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.

nevarpp, Getty Images/iStockphoto

Grant Geyer came aboard the industrial cybersecurity company Claroty in April 2020 as chief product officer amid the global pandemic and an explosion of ransomware attacks. In the first half of 2020 with COVID-19 restrictions in place, U.S.-based organizations alone saw a 109% rise in ransomware attacks, while general malware detections dropped 24% across the globe.

Recent high-profile ransomware incidents, like the May 2021 Colonial Pipeline attack, indicate that not only is ransomware a financial problem, but one that affects the technology needed to keep society moving as well. "We've reached a tipping point where events happening in the cyber world can impact events in the physical one," Geyer said.

Critical infrastructure, operational technology (OT) and industrial control systems (ICS) are becoming popular with attackers looking for soft targets. In addition to being poorly prepared for the risks of being connected to the internet, the real-world consequences of a successful attack on industry and infrastructure give victims a serious incentive to pay.

Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. Organizations hoping for an easy way out of the ransomware threat shouldn't get comfortable: There's a long, complicated road ahead of the IT and OT worlds if Geyer is correct in his assessment, and he's not the only one who thinks that way.

Think of cybercriminals attacking companies with ransomware, and it's probably a single person in a dark room, furiously writing malicious code that comes to mind. Not so, Geyer said: Ransomware is popular and profitable enough that an entire industry has sprung up around its development and distribution.

"Less sophisticated agents are taking action, multiplied based on ease of use, implementation, help desk support and other factors making it as easy as pushing a few buttons," Geyer said.

SEE: Security incident response policy (TechRepublic Premium)

Geyer isn't joking about the existence of help desk support for both ransomware users and victims. One small Kentucky company that fell prey to a ransomware attack in 2020 was provided with a 1-800 number and told that the attacker was "here to help." The company ultimately paid $150,000 to have its files released.

As evidenced by recent ransomware attacks like the Colonial Pipeline, and non-ransomware attacks like the one on the Oldsmar, Florida water treatment plan, attackers are becoming more aggressive. Western governments, Geyer said, have allowed them to act with relative impunity. "They're stepping over the line without getting their hands slapped, so the line continues to move," Geyer said.

Ric Longenecker, CISO at Open Systems, warns that it's unlikely the ransomware-as-a-service industry will remain aimed at big targets. "These smaller targets may not guarantee a massive payout, but there's less of a chance of consequences or reprisals because it is really difficult for authorities to diplomatically respond like-for-like to an attack that doesn't touch critical industries or infrastructure."

In short, there's a whole industry based on extorting companies, and it's not picky about the target, as long as it pays out. And there's a good likelihood it will, given the current state of things.

Digital transformation is happening in nearly every imaginable industry, and the OT, ICS and critical infrastructure side of things is just the latest to embrace cloud-hosting for network and device management. That's good for data logging, cost-saving and operational continuity, but bad for security.

"A laptop in an IT environment is obsolete after three to four years," Geyer said. "In OT, tech has a life of 15-20, even 30 years. Those networks simply aren't built for the connectivity and security needs of today."

Geyer notes that there was a 74% increase in vulnerabilities disclosed in the energy sector between the second half of 2018 and the second half of 2020. "This highlights the fact that the OT environment is rife with holes and inroads," Geyer said.

Until digital transformation hit the OT world, air gapping was the standard method of protecting industrial and infrastructure networks. Without a connection to the internet, there's no risk of attackers gaining access. John Dermody, former cybersecurity counsel at the NSC, DHS and DoD, agrees with Geyer's take on the problems facing the OT world.

"As more technology is integrated and added to industrial systems, new avenues for exploitation are created. Unlike IT system operators that have a large community to identify vulnerabilities, and history of security being integrated into products, OT operators may have limited insight into the vulnerabilities lurking on their system, just waiting to be exploited when they see the light of day (or the internet)," Dermody said.

To make matters worse, updating OT and ICS networks isn't as easy as updating IT, which isn't as critical for operations. "Segmenting [or updating OT networks and hardware] would require a maintenance window which would pause operations and production. It would require so much change that it may not be practical," Geyer said.

Old hardware and hesitancy to shut down operations to address a theoretical future attack means that many industrial companies, municipalities and critical infrastructure are simply more willing to pay the ransom. "When Baltimore faced a ransomware attack in 2019 it decided not to pay ~$10,000 in Bitcoin and ended up losing $18 million in revenue. With that equation in mind, paying makes more sense," Geyer said.

"We need to shift how boards of directors think about the financial consequences of not protecting their cyber environments," Geyer said, adding that while movement is happening to affect that change, it's going to take government action to finally make it happen. "We need to create an environment that treats cyber risk alongside other types of compliance risks and business considerations."

Geyer said that the Biden administration is largely doing a good job in addressing the growing ransomware threat to industry and infrastructure, citing the May executive order establishing pilot programs for Energy Star-like certifications for businesses that meet certain security standards.

Dermody agrees that the landscape is changing: The TSA's pipeline security directive that arose in the wake of the Colonial Pipeline hack are just one example, he said. "The government's appetite for imposing mandatory cybersecurity requirements has increased, and it is unlikely that government regulatory efforts will be limited to just that critical infrastructure subsector. The government is not going to tolerate a scenario where there are potential cascading effects."

"Whether through new regulatory requirements or through new legislation on the Hill, it is likely that more teeth are coming to government cybersecurity requirements," Dermody said.

Companies, like the Kentucky one mentioned above, often use third parties and/or insurance companies to handle payment of ransomware, which Splunk security adviser Ryan Kovar said could lead to companies sidestepping regulations. Dermody and Kovar both agree that paying ransoms fails to solve the problem; "Decrypting, even when 100% successful, still takes days or weeks even months," Kovar said.

Dermody believes that insurance companies will need to have a say in new requirements as well. "Insurance providers are actively looking for ways to mitigate risk, including through raising the cost of policies and incentivizing prevention."

Infrastructure and industrial companies have to face facts: Whether it's government regulation or the aftermath of a ransomware attack, protecting OT and ICS networks is a priority now.

Preventing phishing attacks, training users to recognize threats, filtering emails, setting proper firewall rules, segmenting networks (when possible), and other cybersecurity best practices are only one part of protecting complicated OT networks.

SEE:How to manage passwords: Best practices and security tips (free PDF)(TechRepublic)

Don't assume that best practices include endpoint detection and response (EDR) or endpoint protection platform (EPP) software. "We're seeing an uptick in attacks on critical infrastructure because attacks are working. Until we recognize that EDR and EPP are going to miss attacks, we will continue to be subjected to more malware and ransomware," said Illumio's VP of product management, Matt Glenn. Glenn also believes that good IT infrastructure is part of good OT infrastructure, and that shoring up one involves shoring up the other.

Quoting Louis Pasteur, Geyer makes the rest of the process pretty cut-and dry: "Fortune favors the prepared mind."

The "three lines of defense" model of cybersecurity popular in IT environments is perfectly suited to adaptation in OT and ICS, Geyer said. For those unfamiliar with the model, it puts owners and managers of risk (IT, cybersec teams, etc.) at the first line. Second comes risk and compliance groups that oversee and monitor first-line teams. Last comes internal audits, and it's here where minds get prepared.

Get leaders together around a table, Geyer recommends, and run low-cost tabletop exercises where everyone with a stake in a security incident gets to model their response. "Real-time exercises like these show how decision makers think, how the process works, and how the organization as a whole will respond," he said.

Exercises like these are also a key way of creating visibility on networks. Sachin Shah, CTO of OT and Armis, uses protecting a house against burglary to explain this important step in network enumeration: "[I would] walk around the house and check to see if all my windows and doors are closed, locked or possibly broken. Once I have done that, at least I know what my risk is. I might need to install better locks or some more floodlights, but I know where I stand."

It's also important, Geyer said, for organizations to know where their technical safeguards should be focused. "Ransomware goes after Windows systems, so know where they are in your environment and how they are vulnerable, then take steps to remediate the risk with updates and security patches.

Organizations that take these steps with a mindset toward growth, learning and improvement will ultimately have "a well-informed understanding of their vulnerabilities, including a realistic understanding that people are going to make mistakes," said Dermody. "It's important to understand, and discuss in advance, how you would respond in such a crisis. When servers are locking up around you is not when you should be deciding for the first time whether you are okay with paying a ransom," he said.

OT, ICS and critical infrastructure networks can be huge, and it's easy for people to be paralyzed into inaction, Geyer said. Paralysis is the worst possible state for businesses to find themselves in when faced with ransomware.

Whether it happens now or in the next several years, the ransomware risk management calculus is changing. While it may be more cost effective to pay a ransom in 2021, the onus will soon be on business leaders and boards to prevent a ransomware attack from ever happening. Organizations that want to prepare for the future would do well to deal with the headaches of prevention before recovery becomes an even larger burden.

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

See the original post:
The ransomware risk management calculus is changing for OT, ICS and critical infrastructure - TechRepublic

A recent market research report added to repository of Mart Research is an in-depth analysis of Global Managed Hybrid Cloud Hosting Market. On the basis of historic growth analysis and current scenario of Managed Hybrid Cloud Hosting market place, the report intends to offer actionable insights on global market growth projections. Authenticated data presented in report is based on findings of extensive primary and secondary research. Insights drawn from data serve as excellent tools that facilitate deeper understanding of multiple aspects of global Managed Hybrid Cloud Hosting market. This further helps user with their developmental strategy.

This report examines all the key factors influencing growth of global Managed Hybrid Cloud Hosting market, including demand-supply scenario, pricing structure, profit margins, production and value chain analysis. Regional assessment of global Managed Hybrid Cloud Hosting market unlocks a plethora of untapped opportunities in regional and domestic market places. Detailed company profiling enables users to evaluate company shares analysis, emerging product lines, scope of NPD in new markets, pricing strategies, innovation possibilities and much more.

Request a Sample Copy of this Report @ https://martresearch.com/contact/request-sample/3/9668

Segmented by Category

Cloud-based

On-premises

Segmented by End User-Segment

Manufacturing

Retail

Financial

Government

Others

Segmented by Country

North America

United States

Canada

Mexico

Europe

Germany

France

UK

Italy

Russia

Spain

Asia Pacific

China

Japan

Korea

Southeast Asia

India

Australasia

Central & South America

Brazil

Argentina

Colombia

Middle East & Africa

Iran

Israel

Turkey

South Africa

Saudi Arabia

Key manufacturers included in this survey

Telstra

Tata Communications

Singtel

Sify

Rackspace

NxtGen

NTT Communications

Microsoft

Fujitsu

Dimension Data (NTT Communications)

Datapipe

CtrlS Datacenters

CenturyLink

BT

Amazon Web Services (AWS)

Buy this Research Report Now @ https://martresearch.com/paymentform/3/9668/Single_User

Table of Contents

1 Product Introduction and Overview2 Global Managed Hybrid Cloud Hosting Supply by Company3 Global and Regional Managed Hybrid Cloud Hosting Market Status by Category4 Global and Regional Managed Hybrid Cloud Hosting Market Status by End User/Segment5 Global Managed Hybrid Cloud Hosting Market Status by Region6 North America Managed Hybrid Cloud Hosting Market Status7 Europe Managed Hybrid Cloud Hosting Market Status8 Asia Pacific Managed Hybrid Cloud Hosting Market Status9 Central & South America Managed Hybrid Cloud Hosting Market Status10 Middle East & Africa Managed Hybrid Cloud Hosting Market Status11 Supply Chain and Manufacturing Cost Analysis12 Global Managed Hybrid Cloud Hosting Market Forecast by Category and by End User/Segment13 Global Managed Hybrid Cloud Hosting Market Forecast by Region/Country14 Key Participants Company Information15 Conclusion16 Methodology

Points Covered in the Report

The points that are discussed within the report are the major market players that are involved in the market such as market players, raw material suppliers, equipment suppliers, end users, traders, distributors and etc.

The complete profile of the companies is mentioned. And the capacity, production, price, revenue, cost, gross, gross margin, sales volume, sales revenue, consumption, growth rate, import, export, supply, future strategies, and the technological developments that they are making are also included within the report. This report analysed 12 years data history and forecast.

The growth factors of the market are discussed in detail wherein the different end users of the market are explained in detail.

Data and information by market player, by region, by type, by application and etc., and custom research can be added according to specific requirements.

The report contains the SWOT analysis of the market. Finally, the report contains the conclusion part where the opinions of the industrial experts are included.

Do Enquiry Before Buying @ https://martresearch.com/contact/enquiry/3/9668

About us:Research is and will always be the key to success and growth for any industry. Most organizations invest a major chunk of their resources viz. time, money and manpower in research to achieve new breakthroughs in their businesses. The outcome might not always be as expected thereby arising the need for precise, factual and high-quality data backing your research. This is where MART RESEARCH steps in and caters its expertise in the domain of market research reports to industries across varied sectors.

Contact Us:Mart Research5708 Copper Creek Court Charlotte,North Carolina 28227, USAContact: +1-857-300-1122Mail Id: sales@martresearch.com

View post:
Managed Hybrid Cloud Hosting Market Analytical Overview, Growth Factors, Demand and Trends Forecast to 2027 The Manomet Current - The Manomet Current

Remember when conversations about clouds foreshadowed the coming of rain or a cumulo-form that resembled a teddy bear in the sky? (You know, when times seemed simpler.)Thats no longer the case. Everybody is talking about The Cloud. For those wondering what The Cloud is and where it is, youre not alone.

Cloud space exists on individual servers found at data centers and server farms around the world, according to Theresa Jones, specialty business consultant with Americas Small Business Development Center, Louisiana.

Technology terms are being pulled from not only the sky above but also the earth beneath our feet. So, whats a server farm?

A server farm is a set of many servers interconnected and housed within the same physical facility. It provides the combined computing power of these many servers by simultaneously executing one or more applications or services, according towww.techopedia.com.

A server is a computer that serves information to other computers. These computers, called clients, can connect to a server through either a local area network or a wide area network such as the Internet. A server is a vital piece of your IT structure, according to the online article, What Does a Server Actually Do in Your IT Infrastructure, by Robert Best.

I tell people all the time that the cloud is nothing more than someone elses computer, Jones said.

Cloud computing makes it possible to use a network of remote servers hosted on the Internet to store, manage and process data, as opposed to using a local server or a personal computer for those tasks.

Instead of purchasing hardware such as servers, data centers, personal computers, routers, switches and other equipment, companies avail themselves of infrastructure from the cloud, this network representing a cadre of remote service companies. Organizations can build, run and manage applications without certain IT infrastructure in house. Devices that are used by companies and individuals dont have software for an individual computer or even the companys computers, instead these devices are provided with licensed subscriptions.

The platform usually dictates if it can be data files, images, applications, etc., Jones said. For example, look at a brand like Carbonite, a company that sells its cloud-based back up and restore services. One solution will back up different applications and files. The other solution saves only files. OneDrive will save files and Microsoft applications only.

Examples of cloud computing include Google Docs and Microsoft Office 365. Users can access work presentations and spreadsheets stored in the cloud at any time from anywhere on any device.

Apple cell phone users do not think of their iCloud accounts being cloud storage, but it is, Jones pointed out. Other common things that are used as cloud storage can be backups on tablets, security camera systems for your home or office, automobile technology systems and web-based business applications, for instance Dropbox, a file-hosting service that offers cloud storage and client software.

Even though the cloud has become a technology buzzword, its been around for some time.

The cloud was introduced in the mid-1990s by AT&T when they introduced a web-based file storage platform in the sense of how we use the cloud today, but in 2006 Google coined the phrase, Cloud Computing. Some put the date of cloud computing back to the 1960s, at the birth of network-based computing, Jones said.

The neat feature of having your data stored in the cloud is, by design, the data is stored in multiple locations, making it harder to lose the information. It is unlikely that the capacity will ever fill up because data centers can be expanded to house more information, Jones said. In terms of failing, it could, in the case of a breach or attack, but it is uncommon due to the amount of security put in place to protect the sensitive data that is housed in the data center.

Jones said cloud storage is safer than utilizing jump drives and external hard drives. Those devices can be damaged or lost.

The cloud, like all of todays technology, comes at a price. Its paid monthly or annually. An IT department generally plans backups and cloud infrastructure.

Paying for a consultant can be costly, depending on how much needs to be migrated to the cloud, Jones said. So, bottom line, the cloud takes the investment, maintenance and manpower cost out of housing your own data.

People and companies will pay for the convenience and benefits.

It is extremely convenient, especially if there is a disaster or issue with the facility and the data is needed to get a company back up and running quickly.

For a small business, the cloud is helpful because of lack of manpower and resources, according to Jones. For example, OneDrive can be utilized because its usually included in an Office365 subscription.

Once the software is set up, where everything is going to the cloud, the business owner will have access to data everywhere they go. This works perfectly for businesses with a small number of employees.

Link:
Technology 101: What is the cloud, where is it and why should you care? - American Press

DENVER, June 29, 2021 /PRNewswire/ --Vertafore, the leader in modern insurance technology, today announced the next generation of ImageRight, the industry's premier workflow and content management system designed specifically for insurance carriers. The announcement was made during the keynote event of Carrier Week at Accelerate, powered by NetVU.

ImageRight 7provides a fully reimagined user experience in a web-based interface, enabling users to get more done with streamlined core processes and personalized task lists.

As the first release in Vertafore's multi-year commitment to modernize ImageRight, the update is available anytime and anywhere via modern browsers, further enabling carriers to equip their workforce for success as the "new normal" of work evolves. ImageRight 7 also includes compliance and security updates to keep users current with the latest rules and regulations.

ImageRight 7 provides a state-of-the-art user experience that improves productivity and streamlines tasks with enhancements that include:

Vertafore Hosting for ImageRight 7 can save carriers 2550% annually

Also available with ImageRight 7 is Vertafore Hosting, a new cloud hosting option available via Amazon Web Services. Carriers get ImageRight delivered Software-as-a-Service (SaaS), including automatic version upgrades, as Vertafore takes the hosting burden off carrier IT teams,freeing them up for other priorities.

Data from Vertafore users show that Vertafore Hosting reduces the total cost of ownership for a carrier with 100 users an average of $320,000 over three years, or 25-50% of savings annually. The biggest savings come from eliminating capital expenses associated with maintaining their own hardware, operating systems, databases, and backup system infrastructure for ImageRight.

"ImageRight 7 provides the industry's most modern experience for carriers to manage their workflow and content," says Sharmila Ray, head of carrier strategy at Vertafore. "With these latest enhancements and the introduction of Vertafore Hosting, carriers are empowered to drive productivity, reduce their IT costs and better meet the expectations and needs of a modern workforce."

About Vertafore

As North America's InsurTech leader for more than 50 years, Vertafore is modernizing and simplifying insurance distribution so that our customers can focus on what matters most: people. Vertafore's solutions provide end-to-end connectivity, improve the client and agent experience, unlock the power of data, and streamline essential workflows to drive efficiency, productivity, and profitability for independent agencies and carriers. For more information about Vertafore, visit http://www.vertafore.com.

2021 Vertafore and the Vertafore logo are registered trademarks of Vertafore. All rights reserved. All other trademarks are the property of their respective owners.

Press ContactAmanda Urban[emailprotected]312-259-1814

SOURCE Vertafore

See more here:
Vertafore unveils next generation of ImageRight to transform productivity and user experience for insurers - PRNewswire

A CLOUD hosting business has won the Company of the Year award as well as another award.

Hyve Managed Hosting in Richmond Parade, Brighton, has been named the company of the year at the 15th edition of the Brighton and Hove Business Awards on June 25.

The UK cloud hosting specialists also took home the title for International Business Of The Year, and this award has recognised the company's international expansion.

The Platinum Media Group, a regional business magazine, produces the awards, and they recognise the achievements of businesses of all sectors and sizes based in Brighton and Hove.

An independent panel of experts judged the awards. Michael Pay, co-founder and director of EMC Corporate Finance, judged the awards. He said: "This award is great to judge, but this year was particularly hard with six strong competitors. We selected Hyve because the winner should be an inspiration to other businesses.

"Brighton and Hove is often perceived as quirky, cutting-edge and innovative, with a breadth of superb start-ups, but often the lure of the sea and the beach, not unreasonably, curtails ambitions, and many become lifestyle businesses.

"Jake and Jon, along with the team at Hyve are bucking this trend. Innovative, fast-paced and dynamic, the business is growing exponentially and has an extremely exciting future. They are the epitome of what we were looking for, and I am delighted for them".

In the last year, Hyve has increased its turnover, both domestic and international, with its international turnover almost tripling from 1m in 2019 to 3m in 2020,bringing the combined Hyve group turnover to over 10m.

Jake Madders, director and co-founder of Hyve, said: "Receiving 'Company of the year' is an incredible honour for us and a great recognition from our Brighton and Hove community which reinforces our growing local footprint.

"We've been shortlisted before, but this is the first time we've won an award! To win two in the same ceremony is an extraordinary achievement, which acknowledges our resilience and ability to continue innovating and thriving during a time of unprecedented changes and challenges".

Jon Lucas, director and co-founder, said: "Despite the restrictions, the Covid-19 pandemic has presented, we have continued expanding our domestic and international presence.

"We have successfully implemented a remote support desk to offer reassurance and support to our customers, helping some shift to remote working without disruptions.

"This has demonstrated the reliability and sheer power of our services and the incredible team behind Hyve that has risen to the occasion admirably.

"Winning "International Business Of The Year" demonstrates the success of our customer-led approach to international business."

This April, the company was named by The Sunday Times as one of the fastest-growing private companies in the UK, featuring in the 10 Profit Track Ones to Watch, and last month they were shortlisted in the category of Cloud Service Provider of the Year at the Datacloud Global Awards 2021.

Here is the original post:
Brighton business Hyve takes home two prestigious awards - The Argus