Top 10 Cybersecurity Stories of 2016

There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows: 1. C-suite executives confused about cyber-attacks … In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more 2. National Cyber Security Centre to be UK authority on information security… The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more 3. Hunters: a whole breed of enterprise cyber defenders … Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more 4. Security should be driven by business (says Corvid’s Andrew Nanson)… According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more 5. Darktrace says business needs AI defense against AI attacks… According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more 6. IoT security window is closing rapidly… According to Intel's IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more 7. Sage data breach highlights risk of insider threats… UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more 8. No endgame for cybersecurity… Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more 9. UK firms could face £122bn in data breach fines in 2018… UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more 10. Breaches should be on the decline by now, says infosec veteran John Walker… According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows:

  1. C-suite executives confused about cyber-attacks …

In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more

  1. National Cyber Security Centre to be UK authority on information security…

The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more

  1. Hunters: a whole breed of enterprise cyber defenders …

Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more

  1. Security should be driven by business (says Corvid’s Andrew Nanson)…

According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more

  1. Darktrace says business needs AI defense against AI attacks…

According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more

  1. IoT security window is closing rapidly…

According to Intel’s IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more

  1. Sage data breach highlights risk of insider threats…

UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more

  1. No endgame for cybersecurity…

Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more

  1. UK firms could face £122bn in data breach fines in 2018…

UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more

  1. Breaches should be on the decline by now, says infosec veteran John Walker

According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more

What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!



How to Get Critical Systems Back Online in Minutes




Could This Be Preventing Managed Service Providers from Growing?

Could This Be Preventing MSPs from Growing?Making the transition from basic IT support to the more lucrative role of Managed Service Provider (MSP) isn’t always as easy as it seems. Achieving growth from there can take even longer. So why, with IT process automation becoming such a mainstream accepted tool, is becoming a successful MSP so challenging? We thought it might be helpful to uncover some of the most common obstacles to MSP growth and, more importantly, what can be done to overcome them.

Obstacle #1 – Being Too General – Many managed service providers out there that are struggling to achieve growth and ongoing success are missing the mark because they’re not positioning themselves as the gurus they truly are. Obtaining the appropriate certifications and credentials and honing your individual service offerings is key. Additionally, selling these services either by competency or by vertical can boost business tremendously and increase the amount of revenue you could be earning.

Obstacle #2 – Not Differentiating from Break/Fix IT Support – The main driver keeping this barrier in place is fear. Many IT pros want to transition to selling managed services, but they hesitate for fear that they’ll lose some of their customers. In reality, not every client is suited for a managed service provider vs. break/fix type of support. But while you may, indeed, lose a small segment of business, you will gain it back and then some over time. Understanding and accepting this fact can help overcome the uneasiness and make the shift a little bit easier to make.

Obstacle #3 – Underpricing Themselves – Switching from fixed price and/or cost plus pricing to a more realistic and profitable pricing model can be challenging, particularly if you don’t fully understand the true value of your services or, more importantly, how willing your customers are to pay what you’re worth. If you’re undervaluing and underpricing yourself, you will not be able to realize growth. In fact, you may even price yourself out of the industry all together.

Now that you know what may be standing in your way, here are a few helpful tips for overcoming these common barriers to growth:

  • Evaluate your existing business plan and MSP strategy, the strength of your software, and the skills and abilities of your team members.
  • Leverage technology and tools, such as IT process automation, to buckle up your service delivery and make it much more efficient.
  • Keep a close eye on the market and your finger on the pulse of your customers to recognize and capitalize on trends and opportunities.
  • Develop and foster specialties by obtaining certifications, etc. in areas where your customers are.
  • Assess and modify your pricing model to ensure that it properly supports your level of service.
  • Establish a specific goal (i.e. 20% growth in 12 months) and develop a strategy for achieving that goal over the designated time frame.

Making the shift from one-off, break/fix IT support to a qualified, highly sought after Managed Service Provider isn’t as difficult as you may think. By understanding what factors might be hindering your ability to change and grow and applying the above advice for overcoming those obstacles, you’ll be well on your way to securing your position in the profitable MSP world.

Want to learn how the right IT process automation tool can help propel your Managed Service Provider career forward into a successful future? Grab your free 30 day trial today to get started!



eBook: Top 7 Benefits IT Process Automation Provides MSP’s




The Challenges of Implementing Process Automation

The Challenges of Implementing Robotic Process AutomationRobotic process automation has revolutionized the way businesses operate. In its most basic form, RPA facilitates the automation of routine, repetitive manual processes, alleviating human workers of their most mundane tasks and streamlining workflows to make them more effective and efficient. Sounds ideal, right? It can be, but it’s also important to understand that there can and likely will be certain challenges when implementing an RPA initiative. Anticipating these challenges can make it easier to overcome them for a smoother transition.

Choosing What to Automate

When first starting out, we typically recommend starting with one or two workflows and then building from there. But choosing which tasks to automate first can be difficult, especially if there are multiple departments and employees who want to take advantage of RPA for their own benefit. Your best bet is to conduct a thorough audit of everything that’s done on a daily basis, identify and prioritize which areas are creating the most inefficiency and then work through the list that way.

Employee Resistance

Just because management is on board with RPA doesn’t necessarily mean everyone else will be. Many frontline workers view robotic process automation as a threat that will eliminate their jobs. While this may certainly occur, in most cases, RPA will create new and better opportunities for those employees. Education and open, honest communication is key. By showing them how automation can and will make their lives easier, you will break down this resistance and gain much needed buy-in.

Setting Realistic Goals and Expectations

Leading any change initiative, including the adoption of automation, requires defining and setting realistic goals and objectives. It also involves setting expectations about what changes are occurring, what the future will look like and how everything will likely play out over a specified timeframe. Without these things, the process can drag on, get off track and lose momentum. It can also quickly lose the buy-in and support of employees. Be mindful of this throughout the entire planning and implementation process.

Risk of Creating Silos

The goal of any robotic process automation project should be to make the business operate more fluidly and efficiently. If the team leading the initiative isn’t careful, the result could be the exact opposite. Make sure you’ve chosen an RPA tool that is fully integratable to connect and support existing systems for a more harmonious infrastructure. If your RPA is standalone, it will only add another headache to an already frustrating environment of disparate systems.

Getting Started

Sometimes the biggest challenge to RPA implementation is simply getting the ball rolling. If you feel your team is ready to take the plunge, you can start today by downloading a free trial of eyeShare. This will allow you to feel your way around and experience firsthand how robotic process automation can benefit your business.

The best time to make your move is now. Click here to get started.



eBook: 10 time consuming tasks you should automate




5 Biggest Challenges Cybersecurity Pros Face Today

Without questions, the topic of information security has become a central one for organizations of every industry and vertical. With ever-increasing threats becoming more complex and cyber-criminals widening their net, it’s become clear that no business is safe. And along with the increased prevalence of cybersecurity issues, IT professionals are facing newer and greater challenges by the day. Here are 5 such struggles along with what can be done to overcome them.

Social Engineering – Hackers have honed in on the fact that the biggest weakness in most organizations is the very people who work there, targeting employees, contractors and even consultants via tools like spear-phishing to gain a foothold and obtain access to the network and sensitive data contained within. IT leaders are fighting an uphill battle to prevent against these insider threats. Education and leveraging advanced technology are among the five best ways to accomplish this.

Compromised Devices – Like it or not, we are living in the ultra-connected, hyper-intelligent IoT world. With more and more devices being used in the workplace, IT leaders are finding it even more challenging to maintain adequate control and keep sensitive data safe from landing in the wrong hands. Since this will only continue to trend in the same direction, those tasked with cybersecurity will need to focus on strengthening the barriers to entry and staying a step ahead of those targeting them.

Breach Containment – The problem with many of the cyber-attacks that are occurring today is that once the hacker successfully breaches the network, the focus then shifts to spreading the reach as quickly and extensively as possible. This is where the real damage is realized. As such, cybersecurity teams must implement strategies, such as automated playbooks, to pinpoint and contain these threats as quickly and effectively as possible, before they have the opportunity to obtain any additional propagation.

Alert Fatigue – APTs continue to be a nightmare for IT and cybersecurity pros, not just because of the volume of incoming threats, but the growing sophistication of these threats. Keeping up with the demand manually is causing IT teams to burn out quickly, which leaves the door wide open for a potential attack to become successful. Incorporating automation into the incident response process can alleviate this alert fatigue and allow IT to focus on handling only the most critical incidents more effectively.

Skills Gap – Last but not least, there is the remaining chasm that exists between the need for qualified cybersecurity experts and the actual market of available personnel. While there is hope that this skills gap will lessen over the coming years, in the meantime, IT leaders are struggling to keep the ship afloat with limited resources. Technology can help bridge this gap and provide the support needed to get over the hump in the interim.

Are you an IT professional who is struggling with one or more of these challenges? Automation might be just the key to making your job easier and helping you to reach your ultimate goal of achieving maximum protection amidst the growing cybersecurity threat landscape. You can find out now by starting a free trial of eyeShare. (What have you got to lose?!?) Don’t let another day of stress and anxiety get you down. Turn things around today!



eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Ayehu to Present at CyberTech 2017 TLV

Ayehu is pleased to announce its participation in the CyberTech 2017 event, scheduled to be held from 31 January to 1 February at the Israel Trade Fairs & Convention Center, in the new pavilion of the Tel Aviv Exhibition Center – Pavilion 2 (the largest in the Middle East). This will be the third year that Ayehu will be participating.

Cybertech provides attendees with a unique opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference’s main focuses are on networking, strengthening alliances and forming new connections.

This year’s Cybertech Conference & Exhibition will present commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors, including but not limited to: finance transportation, utilities, defense, R&D, manufacturing, telecommunication, health and government. The conference will also provide the exhibition of different innovative technologies, which are key to fighting these threats.

This year, as in years past, Ayehu’s Israeli team will be onsite, presenting eyeShare automation and orchestration platform and offering live demonstrations of how it can be leveraged as a force multiplier for IT and security operations driving efficiency through a simple and powerful IT automation platform.

Ayehu helps organizations save time on manual and repetitive tasks, increase speed of response to identify and resolve critical incidents, maximize scarce resources, and maintain greater control over IT infrastructure. With a flexible deployment model from on-premises to virtual or physical machines as well as cloud environments, Ayehu scales across very large enterprises and supports thousands of end users.

The Ayehu booth number will be available at the Startup Pavilion. We would like to invite any and all attendees to stop by, meet the team and enjoy a live product demo. To schedule individual meetings and private demos, please contact Ron Lozinsky – ron@ayehu.com in advance.

We will also be live tweeting throughout the event using the hashtag: #CyberTechTLV17. Please follow along and interact with us! It’s sure to be an amazing time.

The IT Security Job Landscape in 2017

The IT Security Job Landscape in 2017It’s no secret that the field of IT security is still experiencing a serious shortage of qualified professionals. While the glaring (and growing) need certainly exists, there remains a gap between those who are currently pursuing an education for a career in IT security and the available jobs that need to be filled. But while Forrester, Gartner and other experts have recommended leveraging automation, external expertise or some combination of both as an interim solution to bridge this gap, a picture of what new careers in the infosec realm will look like is beginning to take shape.

The Rise of the MSSP – One of the more prominent new roles emerging is that of the Managed Security Service Provider, or MSSP. But while seeking external support for IT security will remain an option moving forward, the amount and complexity of functions that are being outsourced are likely to be minimal. Since MSSPs don’t possess the deep knowledge or understanding necessary to provide context, most organizations will shift only basic or low-level functions outside while keeping high-skill responsibilities in-house.

Internal Threat Intelligence – In the past, many larger organizations outsourced their SOC responsibilities, but given the availability of more advanced technologies (such as automation), it’s expected that there will be a marked transition to bring incident response back in-house. As such, the need for individuals who possess the threat intelligence skills to develop and manage internal security operations centers will continue to rise over the coming months.

Cloud Security Specialists – As many enterprises move IT hardware and applications to the cloud, the need to keep that data secure will also become critical. Because they are still relatively rare at the moment, the skills necessary to handle cloud security architecture are expected to be in high demand. In fact, architect roles are currently among the highest paid in the cybersecurity realm, so the opportunity for success will be there for the taking.

Cybersecurity Auditors – Along the same concept of “hybrid” type IT roles, the cybersecurity auditing position is one that requires a combination of skills in both IT security and either financial or healthcare. This fast-growing role involves a great deal of risk assessment, particularly in the area of security infrastructure. Openings are most frequently seen in the finance and insurance industry and with few skilled professionals, remain among the hardest cybersecurity jobs to fill.

Big Data Analytics – As more and more data is being harnessed, the need for skilled workers who are capable of managing and manipulating that data to extract what’s useful is also on the rise. In terms of IT security, the widespread adoption of Big Data and the IoT will continue to open doors of opportunity for those skilled in the ability to analyze and proactively protect sensitive information.

As with recent years, it’s becoming obvious that the IT skills to pursue in 2017 and beyond will center on IT security. The roles and opportunities listed above represent just a small sampling of the many areas where skilled individuals can truly make a niche for themselves and achieve great success for many years to come.



How to Get Critical Systems Back Online in Minutes