Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy landscape. For these reasons, international regulatory bodies around the world have created stringent data privacy laws for businesses to meet.

As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital copy of your production facility or your machine.

Mega-breaches, or reported breach incidents that impact more than one million records, have increased dramatically. Our analysis shows that, on average, mega-breaches increased 36% year over year since 2016. In total, mega-breach incidents that we analyzed cost at minimum a combined $8.8 billion and exposed 51 billion records.

Passwords are dying as a sole security measure, particularly within financial services. It is widely expected (and in the UK, mandatory) that any institution responsible for finances, from banks to brokers and even crypto wallets, should be implementing multi factor authentication (MFA) to prevent fraudsters gaining access to accounts using automated attacks, even if they know the user’s password.

With the recent release of Sysmon (System Monitor) for Linux by Microsoft, new opportunities for monitoring, detection development, and defense are now possible. Sysmon for Windows is a very popular tool among detection developers and blue teamers as it provides extensive details from system activity and windows logs. Due to the extensive information this service/driver provides in Microsoft Windows, it is very useful when researching attacks and replicating malicious payloads on lab machines.

It would be hard to overstate the critical importance of security orchestration, automation and response (SOAR) capabilities for the effective mission success of security operations centers (SOC). Without a solid SOAR capability in place, an SOC will be easily overwhelmed with routine and repetitive tasks that in and of themselves could become a vulnerability.