Image credit: Supplied

There has been exponential technological advancement in recent years, bringing with it immense cybersecurity challenges. In todays world, a large amount of data is being transmitted and accessed out of offices as most employers deploy a remote or a hybrid workforce. This data mobilisation has raised serious concerns regarding cybersecurity and encryption.

According to a recent report by cybersecurity firm NortonLifeLock, the average cost of cybercrime in the UAE is estimated to be around $2.6m per incident. This represents a 17 per cent increase from the previous years average cost of cybercrime in the UAE.

Remote work and increasing reliance on cloud-based solutions has resulted in a massive shift in how data is utilised, accessed and transmitted.

However, with employees now working virtually from anywhere, newfound security challenges have emerged.

In addition, vulnerabilities related to unencrypted USBs and cloud storage, and limitations of software encryption have also highlighted shortfalls of traditional security measures.

Hackers are quick to exploit weaknesses in organisations, and are continuously seeking opportunities to intercept and compromise enterprise data security. It is not uncommon for employees to carry sensitive organisational information through USBs.

Many companies also carry the practice of connecting USBs to critical information systems for transferring and storing data. This makes unencrypted USBs prone to several risks and vulnerabilities.

Data from the 2022 Honeywell Industrial Cybersecurity USB Threat report indicates that 52 per cent of threats were specifically designed by malicious actors to utilise removable media, clearly indicating that the threats linked to removable drives have escalated.

The high portability and small size of USBs makes them easy to lose data. Infected USB disks also make it highly easy for attackers to gain access to systems through an infected device and introduce malware into company networks, giving rise to increased ransomware attacks.

It is surprising that despite the vast amount of information available, cyberthreats are constantly increasing and evolving. Ease of availability, low cost and easy accessibility of flash drives make them a popular choice for business despite the numerous vulnerabilities they bring with them.

Software encryption allows an additional layer of protection for drives by encrypting data stored on devices. However, this type of encryption has its limitations and may be less reliable compared to hardware encryption methods and can be easily removed by the user.

Software encryption also requires software updates and causes delays in read and write speeds which makes it difficult for businesses to decide and strike a balance between security and performance.

Hardware encrypted USB drives have a built-in encryption within the drive, and are designed to avoid tampering. They have custom architectures which incorporate an onboard encryption con-troller and access control, and use a digitally-signed firmware that protects the authenticity and integrity of the drive. They also limit password attempts and comply to industry best practices to ward of malicious actors.

Cloud storage is a popular choice for storing and accessing data remotely. However, despite the convenience and ease of access, data stored in the cloud always carries a risk.

Cloud data can be accessed from anywhere; local coffee shops, internet cafes and restaurants, or even co-working spaces. Hackers can target cloud servers, potentially compromising sensitive information stored in the cloud.

Furthermore, entrusting data to a third party may complicate the process of identifying and mitigating data breaches, making it harder to determine what information has been leaked.

Encrypted USBs provide a secure alternate solution to access files and information without com-promising an organisations cloud. Hardware encrypted devices have to meet tough security standards and thus offer the improved data protection that helps manage, contain and reduce cyber risks.

It is imperative that organisations prioritise data security and invest in comprehensive data security solutions by employing a holistic approach that encompasses hardware encryption, education of employees on best practices, and working closely with trusted cloud service providers to mitigate risks.

By adopting a multi-layered approach through increased user awareness, businesses can protect their valuable information and maintain the trust of their customers and stakeholders in this ever-evolving digital landscape.

Antoine Harb is the team leader Middle East at Kingston Technology

Go here to see the original:
Understanding cybersecurity issues that keep organisations on their ... - Gulf Business

Continuous Integration/Continuous Deployment (CI/CD) pipelines have become crucial to modern software development practices. CI/CD pipelines can significantly improve development efficiency and software quality by automating the process of building, testing, and deploying code. Most modern CI/CD platforms (like GitHub actions, Circle CI, etc.) offer an option to run the pipeline process over a self-hosted runner an agent hosted by the user instead of the CI/CD platform, to execute jobs on their own infrastructure.

With self-hosted runners, you can create custom hardware configurations that meet your needs with processing power or memory to run larger jobs. Additionally, you can install software available on your local network and choose an operating system not offered by the platform. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud environment. The alternative is to use a build-as-a-service runner offered by SaaS CI/CD platform where the user has no control over the environment.

One might use self-hosted runners for several reasons:

Compliance and privacy: many organizations are bound to strict regulations that prevent them from building and sending sensitive data to SaaS build services. For example, organizations from the financial or gov sectors often prefer running the build on their internal servers.

Special specifications: when building software for uncommon operating systems or different architectures, the build process needs a machine with specs that match their requirements. This is also the case in many embedded, IoT, or client-side applications.

Cost saving: organizations with existing cloud infra / private cloud can save costs if they choose to use self-hosted runners and manage resource pools themselves.

Given the reasons above, self-hosted runners have gained popularity in many organizations. However, self-hosted runners can pose significant security risks, especially if untrusted workflows run on them. Malicious programs may compromise the build machine, and escape from the runners sandbox, exposing access to the machines network, secrets, and more.

Using a self-hosted runner can offer advantages, such as improved performance and increased environmental control. However, there are also security risks associated with it:

Self-hosted runners require dedicated servers or virtual machines (VMs) to operate. The security of these servers is crucial. If the server hosting the runner is not properly secured, it can become a potential entry point for attackers.

Self-hosted runners typically require privileged access to the repository and the system on which they are installed. Its important to carefully manage access control and restrict the permissions granted to the runner. Unauthorized access to the runner could lead to potential data breaches or malicious code execution.

Failure to isolate self-hosted runners from critical systems and sensitive data increases the risk of a compromised runner leading to unauthorized access and potential data breaches. Without proper isolation, attackers who gain control of the runner may be able to move laterally within the network, potentially compromising other systems and data.

Neglecting to regularly update and monitor the self-hosted runner software exposes the system to known vulnerabilities and leaves it susceptible to attacks. Without timely security patches and updates, attackers can exploit known weaknesses in the runner software. Insufficient monitoring increases the chances of undetected malicious activities and delays in responding to security incidents, potentially resulting in extended periods of unauthorized access or damage.

Using a self-hosted runner without restricting access to authorized users allows anyone to exploit compute resources for activities like crypto-mining and other activities that can inflict financial damage.

GitHub Actions have gained significant adoption in recent years as a powerful CI/CD automation tool for software development. With GitHub Actions, developers can automate tasks like building, testing, and deploying software, allowing them to focus on more important tasks. GitHub Actions offers a wide range of customization options, including pre-built actions, community-built actions, and the ability to create your own actions. As more and more organizations adopt GitHub Actions, it is becoming an increasingly important tool for modern software development.

GitHub also provides the option to use self-hosted runners. You can add self-hosted runners at various levels in the management hierarchy, including repository-level runners dedicated to a single repository, organization-level runners that can process jobs for multiple repositories in an organization, and enterprise-level runners that can be assigned to multiple organizations in an enterprise account.

During our research, weve scanned over three million public repositories. For each repository, weve inspected the different GitHub Actions files and extracted the runner used by each job. We have learned that out of 3,106,445 public repositories checked, 43,803 are using self-hosted runners. Using a self-hosted runner in a public repository increases the aformantioned risks dramatically, as any GitHub user in the world could initiate an attack.

GitHub provides organizations with several options to configure their self-hosted runners. Users need to verify that their organization is following configuration best practices to prevent potential risks.

Runner groups:When a self-hosted runner is defined at the organization or enterprise level, GitHub can schedule workflows from multiple repositories onto the same runner. Consequently, a security compromise in these environments can result in a wide impact. To help reduce the scope of a compromise, you can create boundaries by organizing your self-hosted runners into separate groups.

Disallowing public repositories:If you use self-hosted runners with public repositories and do not properly configure access controls, an attacker can potentially gain access to your self-hosted runner machine by creating a pull request that runs a malicious workflow. This can allow the attacker to execute arbitrary code on your machine, access sensitive data, or perform other malicious actions, depending on the level of access your self-hosted runner machine has.

For example, an attacker could modify the code in a pull request to execute commands that install malware on your self-hosted runner machine or steal sensitive data from your organization. This can lead to serious consequences, including data breaches, loss of intellectual property, and damage to your organizations reputation.

To avoid the risk, its advised to use self-hosted runners only with private repositories. You can limit the attack surface and reduce the risk of unauthorized access to your self-hosted runner machine.

Access control:You can restrict what organizations and repositories can access runner groups. Additionally, you can restrict the runners to specific workflows. For more information, see Managing access to self-hosted runners using groups.

In a blog post posted by @ryotkak, we can see an example of how self-hosted runners impose risk and, if used incorrectly, can lead to sensitive information theft. ryotkak shows an example of workflow created by GitHub. The vulnerable workflow is part of the actions framework itself.Under specific conditions, the self-hosted runner was reachable to any attacker. The token stolen in that example was a token owned by a developer from GitHub itself which attackers could have leveraged to carry a wide-impact software supply chain attack.

In this demo, we show how we created a public GitHub repository with a self-hosted runner. This example shows an external malicious collaborator performing several attacks.

In the first image, we can see the runner pwn_me is added to the runners group pool.

Our next step was to configure a workflow that runs on our self-hosted runner and is triggered by the pull_request trigger:

jobs: hellow_world: runs-on: self-hosted steps: - uses: "actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b" with: fetch-depth: 0 - name: dummy_action run: echo "hello world" && ls -la

Now, all an attacker needs to do is create a fork with a modified workflow file that retrieves the runners secrets and sensitive information. An example of a job created by a malicious contributed:

This video shows how we created a pull request from a fork and gained access to the /etc/passwd file as an example.

The following best practices are relevant to all CI/CD self-hosted platforms. Whether you use GitHub Actions Jenkins, GitLab, or any other platform, these guidelines will help keep your self-hosted runners safe and your software supply chain secure:

Make sure no sensitive information is stored over the runner. For example, private SSH keys, and API access tokens, among others.

Make sure the runner has minimum network access to other internal assets. For example, Azure or AWS management consoles or metadata services. Management consoles and metadata services are panels the cloud vendor provides to retrieve cloud environment management or perform information. An attacker with access to these resources can change the victims cloud configuration or extend their attack surface. The amount of sensitive information in this environment should be minimal. You should always be mindful that any user capable of invoking workflows has access to this environment.

Ensure all services inside the runner are up-to-date and free from known vulnerabilities.

Avoid persistency make sure each job runs on a clean, fresh agent container/VM

If using containers, run at minimum permissions.

Avoid running containers in privileged mode.

Make sure the container is mounted to dedicated devices and does not share resources with the host.

Run only a single container per host.

Use HTTPS for communication: Use HTTPS to encrypt communication between your self-hosted runner and GitHub, and avoid using unencrypted HTTP.

Overall, self-hosting CI/CD pipelines can be risky if not properly managed. To minimize the potential dangers, its essential to follow security best practices, such as regularly updating self-hosted agents, implementing access controls, and monitoring for suspicious activity. Additionally, organizations should consider using cloud-based CI/CD services that can provide better security and reliability than self-hosted solutions.

The Legit Security platform connects to your build environment to detect attack attempts in your pipeline and much more. We identify different misconfigurations, such as a public repository that uses a self-hosted runner. If you are concerned about these security risks and others across your software supply chain, pleasecontact us torequest demo on our website.

*** This is a Security Bloggers Network syndicated blog from Legit Security Blog authored by Nadav Noy. Read the original post at: https://www.legitsecurity.com/blog/securing-your-ci/cd-pipeline-exploring-the-dangers-of-self-hosted-agents

Original post:
Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Agents - Security Boulevard

Load shedding poses significant challenges for businesses, disrupting operations, and hindering productivity. However, the cloud offers a viable solution to mitigate the impacts of power outages.

By Garry Ackerman, CEO of Argantic

By embracing cloud-based solutions for email and file sharing, productivity platforms, and data centres, companies can ensure uninterrupted access to essential services, enhance collaboration, and safeguard critical data.

As load shedding continues to affect the economy, embracing the cloud becomes an imperative for businesses seeking resilience and continuity in the face of power disruptions.

This article explores how businesses are leveraging cloud-based solutions, specifically in email and file sharing, productivity platforms, and data centres, to mitigate the impacts of load shedding.

Email and file sharing in the cloud

One of the primary concerns during load shedding is communication and collaboration. Traditional on-premises email servers and file-sharing systems are heavily reliant on a consistent power supply. When power outages occur, businesses lose access to critical communication channels, hindering employee productivity and impeding collaboration among teams.

To address this challenge, companies are migrating their email and file-sharing systems to the cloud. Cloud-based email solutions, such as Microsoft 365 (formerly Office 365) and Google Workspace, offer several advantages over their on-premises counterparts.

These platforms are hosted in data centres with robust power backup systems, ensuring uninterrupted access to email services even during load shedding events. Employees can continue to send and receive emails, access shared files, and collaborate seamlessly, regardless of power disruptions at their physical locations.

Related

Read the original:
Mitigating load shedding with cloud impacts business operations - IT-Online

The Future of Cybersecurity: Emerging Technologies to Watch

As the world becomes increasingly interconnected, the importance of cybersecurity has never been more apparent. With cyber threats on the rise, organizations and individuals alike must remain vigilant in protecting their digital assets. In response to this growing need, a variety of emerging technologies are being developed to bolster cybersecurity efforts. This article will explore some of the most promising advancements in the field and how they may shape the future of cybersecurity.

One of the most significant developments in recent years has been the advent of artificial intelligence (AI) and machine learning. These technologies have the potential to revolutionize cybersecurity by automating threat detection and response. By analyzing vast amounts of data, AI-powered systems can identify patterns and anomalies that may indicate a cyber attack. This allows organizations to respond more quickly and effectively to threats, potentially preventing breaches before they occur. Furthermore, machine learning algorithms can continuously adapt and improve, ensuring that cybersecurity defenses remain up-to-date with the latest threats.

Another promising technology in the realm of cybersecurity is blockchain. Originally developed as the underlying technology for cryptocurrencies like Bitcoin, blockchain has since been recognized for its potential applications in securing digital transactions and data. The decentralized nature of blockchain makes it inherently resistant to tampering, as any changes to the data would need to be approved by a majority of the network. This makes it an attractive option for securing sensitive information and ensuring the integrity of digital transactions. Additionally, blockchains ability to create an immutable record of transactions can help organizations maintain compliance with data protection regulations.

Quantum computing is another emerging technology that could have significant implications for cybersecurity. While still in its early stages, quantum computing has the potential to solve complex problems much more quickly than traditional computers. This increased processing power could be used to strengthen encryption methods, making it more difficult for cybercriminals to access sensitive data. However, quantum computing also presents new challenges, as it could potentially be used to break existing encryption algorithms. As a result, researchers are working to develop quantum-resistant encryption methods to protect against this potential threat.

The Internet of Things (IoT) is another area where cybersecurity will play a crucial role in the future. As more and more devices become connected to the internet, the potential attack surface for cybercriminals continues to grow. Ensuring the security of these devices will be essential in protecting both individual users and the broader digital ecosystem. One approach to securing IoT devices is through the use of edge computing, which involves processing data closer to the source rather than relying on centralized cloud servers. This can help reduce the potential for data breaches and improve overall security.

Finally, the concept of zero trust architecture is gaining traction as a means of enhancing cybersecurity. This approach involves designing networks and systems with the assumption that any user or device could be compromised. By implementing strict access controls and continuously monitoring network activity, organizations can better protect their digital assets from potential threats. This shift in mindset represents a more proactive approach to cybersecurity, focusing on prevention rather than solely on detection and response.

In conclusion, the future of cybersecurity will be shaped by a variety of emerging technologies, including AI, blockchain, quantum computing, IoT, and zero trust architecture. As cyber threats continue to evolve, it is essential for organizations and individuals to stay informed about these developments and adopt the necessary tools and strategies to protect their digital assets. By embracing these cutting-edge technologies, we can work towards a more secure digital future.

See the original post here:
The Future of Cybersecurity: Emerging Technologies to Watch - CityLife

In a survey of cloud tech professionals, Revolent found that 52% believe that the digital skills gap in their industry has increased.

The digital skills gap remains a pressing issue in the tech sector in 2023, and new research suggests that the gap has actually widened over the last year. Unless action is taken, the US is set to feel the brunt of the skills gap, with it costing the economy $162 Billion. Australia is clearly in a very similar situation.

The World Economic Forum continues to publish suggested strategies to help businesses close the skills gap- all the more urgent in the context of new information from the International Data Corporation predicting that digital transformation investment will reach $3.4 trillion in 2026.

While advances in artificial intelligence might seem to represent possibilities of bridging the gap in some areas, AI is in fact another site where the skills gap is already playing out. According to Salesforce, just 1 in 10 global workers currently possesses AI skills.

To gain a clearer sense of the state of the skills gap, cloud training and recruitment company Revolenthas gauged cloud tech professionals across a range of ecosystems on two critical questions relating to the skills gap:

1. Does an IT skills gap exist in your community?

2. Reflecting on the last twelve months, would you say the skills gap has?

Responding to this new data, Revolent Chairman and CEO James Lloyd-Townshend said, These new statistics put fresh numbers to the state of the skills gap which is important because we have to make sure were regularly assessing the scale of the situation, to see whats working and what isnt.

This new data tells us that the skills gap is still very present, which isnt necessarily unexpected. I dont think anybody in the sector is expecting to resolve it overnight. What is quite shocking, however, is the fact that a majority of tech professionals are saying the skills gap has actually increased in the last year. This is not good news.

Its difficult to pinpoint exactly why the skills gap has widened, despite all the increased focus weve seen on solving it across the business and tech sectors. What we can say is that if were going to solve it, we absolutely have to be preventing it from worsening in the present.

A multi-focal approach seems like our best betwhether thats expanding the talent pool by recruiting from untapped demographics or thinking about how we can support existing professionals to pursue re-skilling and upskilling.

Methodology

Statistics were derived from the latest (2022-2023) careers and hiring guides offered by Tenth Revolution Group and its recruitment brands. The total sample size for this study was 921 for Question 1 and 574 for Question 2. Respondents were tech professionals working across Amazon Web Services, Microsoft Business Applications, NetSuite, and Salesforce

Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?

Picking the right NDR for your team and process can sometimes be the biggest challenge.

If you want to try out a Network Detection and Response tool, why not start with the best?

Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.

Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.

DOWNLOAD NOW!

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

More here:
Tech professionals believe that the digital skills gap in cloud ... - iTWire