Exabeam News Wrap-up – March 1, 2023

Here’s the latest collection of Exabeam topics, headlines, and news coverage. Stay up to date with the Exabeam News Wrap-up! For press releases, articles, awards and all things newsworthy, check out the Exabeam Newsroom.

In this article:

• Organizations Have Security Priorities Mismatched as Breaches Continue to Rise
• Survey Finds Orgs Might Be Blind to Security Threats While Focusing on Detection, Not Prevention
• Ukraine at D+361: Diplomacy on the Eve of the War’s First Anniversary
• Reddit Suffers Data Breach via Phishing Attack
• Ethical hackers: Should Businesses Tread With Caution?
• The Robots Are Taking Over: Exabeam CEO Creates AI-generated Cyber Song

Organizations Have Security Priorities Mismatched as Breaches Continue to Rise

According to the Exabeam State of the SIEM survey, security professionals remain confident in the face of modernizing adversaries despite rising breach numbers. The survey revealed that 97% of security professionals feel assured that they are well-equipped with the tools and processes they need to prevent and detect intrusions or breaches. However, according to other recent security industry reports, 83% of organizations experienced more than one data breach in 2022.

So where’s the disconnect? What are the problems preventing organizations from having the upperhand against threat actors? Exabeam CISO Tyler Farrar dives deeper into the survey results.

Survey Finds Orgs Might Be Blind to Security Threats While Focusing on Detection, Not Prevention

As mentioned above, the Exabeam State of the SIEM survey has found that 97% of US IT security professionals feel confident that they have the tools and processes to prevent and identify cyber breaches and intrusions. However, recent reports show that 83% of organizations had more than one data breach in 2022, highlighting a disconnect between market promises and team perceptions. 

Steve Moore, Exabeam Chief Security Strategist, discusses the report’s findings in more depth and how security leaders can manage burnout and top threats, like compromised credentials.

Ukraine at D+361: Diplomacy on the Eve of the War’s First Anniversary

Tyler Farrar commented on the one-year anniversary of Russia’s invasion of Ukraine, stating that he foresees an increasing probability of cyberattacks being utilized in Russia’s ongoing conflict. He also predicts that these types of attacks will serve as a model for other nations in 2023 and beyond.

“Nation-state actors will continue cyber operations in 2023,” Farrar predicts. He says the frequency of these attacks will depend on “the strategic objectives of each campaign.” In light of the current geopolitical climate, he believes “we can expect these cyberattacks to increase across the major players.” For example, Russia’s weaknesses were exposed in Ukraine, but they are likely to continue cyberattacks against Ukraine and potentially expand their operations to prove their strength. China’s cyber espionage tactics are key to their global strategy, and Farrar thinks “we can expect these operations to increase, particularly across private sector companies.”

In 2023, state policies will blur the lines between nation-states and hacktivists, making it harder to attribute attacks. “Cybersecurity teams would be wise to remain flexible with respect to threat actor attribution,” Farrar admonishes.

Reddit Suffers Data Breach via Phishing Attack

Reddit confirmed a successful phishing attack that gave hackers access to internal documents and source code by stealing an employee’s credentials. According to Sam Humphries, Exabeam Head of Security Strategy, EMEA, organizations need to prioritize detection to prevent similar attacks. Many successful attacks occur due to compromised credentials that are hard to detect. Humphries recommends placing more emphasis on detection, as it can efficiently identify malicious behavior.

“This latest incident is yet another reminder that all it takes is one employee’s credentials to be stolen to open the door to an organization’s internal systems. Fortunately, the targeted employee self-reported the incident to their security team, allowing for prompt investigation and response,” said Humphries. 

Ethical Hackers: Should Businesses Tread With Caution?

Matt Rider, Exabeam VP of Security Engineering, EMEA, discusses the rise of ethical hackers in the business world. While organizations increasingly invest in information security solutions and testing, more than 40% of last year’s cyberattacks were zero-day exploits that traditional pen testing missed. To address this gap, more businesses are employing ethical hackers who use their skills to find vulnerabilities missed by traditional testing. However, ethical hacking still carries negative connotations, and businesses are unsure about which ethical hacking services to trust. Matt Rider offers five best practice guidelines for businesses considering ethical hacking services, including checking credentials and qualifications, setting clear goals and outcomes, and building clear deadlines into every brief. When conducted properly, ethical hacking can enhance cybersecurity defenses, but businesses must be cautious when giving outside parties access to critical data and systems.

The Robots Are Taking Over: Exabeam CEO Creates AI-generated Cyber Song

We’ll leave you with one last bit of news, to end on a lighter note. Exabeam CEO Michael DeCesare has outdone himself once again by creating the company’s first-ever AI-generated cyber song! Yes, you read that right, folks! The robots have finally taken over the music industry! Don’t worry, they’re not coming for your jobs just yet.

But in all seriousness, the song is a technological masterpiece that showcases how Exabeam is pushing the boundaries of what’s possible with AI and security. Get ready to be blown away by lines like “We’re on the lookout for any sign of attack. With algorithms in place, there’s no turning back.” Move over, Mozart, we have a new musical genius in town!

Stay tuned for the next issue of the Exabeam News Wrap-up and catch up on previous editions!

The Ultimate Guide to Insider Threats

Do you know what the biggest threat is to your organization? The answer may surprise you. It’s your own employees, contractors, and other insiders. These trusted insiders have authorized access to sensitive information and can cause significant harm to your organization, whether they mean to or not.

Insider threats are a growing concern for organizations worldwide, and it’s essential to understand the risks they pose and how to defend against them. That’s why we’ve created this comprehensive guide to help you better understand what insider threats are and how to protect your organization from them.

Read this eBook to learn about:

• What insider threats are and why they’re a growing concern
• The importance of simulation and security training for defending against insider threats
• A modern approach to insider threat detection, including real-world examples and case studies
• Advanced best practices for insider threat programs, including data science, data feed detection points, and use cases.

With this guide, you’ll know how to improve your organization’s overall security posture with faster, easier, and more accurate insider threat detection, investigation, and response. Download it now!