93% of businesses are worried about public cloud security

Bitglass released a report which uncovers whether organizations are properly equipped to defend themselves in the cloud. IT and security professionals were surveyed to understand their top security concerns and identify the actions that enterprises are taking to protect data in the cloud.

worried public cloud security

Orgs struggling to use cloud-based resources safely

93% of respondents were moderately to extremely concerned about the security of the public cloud. The report’s findings suggest that organizations are struggling to use cloud-based resources safely. For example, a mere 31% of organizations use cloud DLP, despite 66% citing data leakage as their top cloud security concern.

Similarly, organizations are unable to maintain visibility into file downloads (45%), file uploads (50%), DLP policy violations (50%), and external sharing (55%) in the cloud.

Many still using legacy tools

The report also found that many still try to use tools like firewalls (44%), network encryption (36%), and network monitoring (26%) to secure the use of the cloud–despite 82% of respondents recognizing that such legacy tools are poorly suited to do so and that they should instead use security capabilities designed for the cloud.

worried public cloud security

“To address modern cloud security needs, organizations should leverage multi-faceted security platforms that are capable of providing comprehensive and consistent security for any interaction between any device, app, web destination, on-premises resource, or infrastructure,” said Anurag Kahol, CTO at Bitglass.

“According to our research, 79% of organizations already believe it would be helpful to have such a consolidated security platform; now they just need to choose and implement the right one.”

The cost of an insider attack is as much as $2 million

Employees, whether careless or malicious, can pose a great risk to organizations, a Bitglass survey reveals. 61% of survey respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks).

cost insider attack

Insider threats becoming increasingly challenging

Businesses are currently undergoing seismic shifts, including rapid migrations to the cloud and widespread adoptions of remote work and BYOD (bring your own device) policies. Along with these trends, securing against insider threats has become increasingly challenging.

Most organizations cannot guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%), while 81% find it difficult to assess the impact of insider attacks.

Despite these concerns, few respondents have a single platform that delivers complete, unified visibility and control for any interaction.

When dealing with multiple disjointed tools that provide disparate levels of protection, security professionals spend an inordinate amount of time managing each of the solutions individually. As such, 49% of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organization recovers from the attacks.

cost insider attack

Security budgets are decreasing

While organizations were already working with constrained security budgets before the pandemic, security teams are now being asked to do even more with less. 73% of companies’ security budgets are decreasing or staying flat over the next year.

“Enterprises report that loss of critical data and disruption to business operations are the biggest repercussions of insider attacks,” said Anurag Kahol, CTO of Bitglass.

“Along with brand damage, remediation costs, legal liabilities, and loss of revenue, these are serious ramifications that must be prevented. Enterprises need a multi-faceted security platform that is designed to monitor user behavior, secure personal devices, deliver maximum uptime and cost savings, and prevent leakage on any interaction. Only then can they defend against insider threats.”

BYOD adoption is growing rapidly, but security is lagging

As the shift to remote work has increased, most businesses are embracing BYOD in the workplace.

BYOD adoption

In a survey by Bitglass, 69% of respondents said that employees at their companies are allowed to use personal devices to perform their work, while some enable BYOD for contractors, partners, customers, and suppliers.

While the use of personal devices in the work environment is growing rapidly, many are unprepared to balance security with productivity. When asked for their main BYOD security concerns, 63% of respondents said data leakage, 53% said unauthorized access to data and systems, and 52% said malware infections.

Lack of proper steps to protect corporate data

Despite the concerns, the research shows that organizations are allowing BYOD without taking the proper steps to protect corporate data. 51% of the surveyed organizations lack any visibility into file sharing apps, 30% have no visibility or control over mobile enterprise messaging tools, and only 9% have cloud-based anti-malware solutions in place.

Compounding these problems are results that demonstrated that organizations need physical access to devices and even device PINs to secure them. This may be acceptable for managed endpoints, but it is a clear invasion of privacy where BYOD is enabled.

BYOD adoption

“The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy,” said Anurag Kahol, CTO of Bitglass.

“However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables. To remedy this standoff, companies need comprehensive cloud security platforms that are designed to secure any interaction between users, devices, apps, or web destinations.”

41% of organizations have not taken any steps to expand secure access for the remote workforce

Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications. Remote work and secure access concerns When asked what their organizations are primarily concerned with securing while employees … More

The post 41% of organizations have not taken any steps to expand secure access for the remote workforce appeared first on Help Net Security.

Solving the security challenges of remote working

Unprecedented times call for unprecedented actions and the ongoing COVID-19 pandemic has caused what is likely to be the biggest shift towards remote working that the world has ever seen. But, while the technology has been around for quite some time, recent events demonstrate just how few businesses are capable of switching from an office-based setup to a remote one in a fast, secure, and non-disruptive manner.

security challenges remote working

There’s a significant number of reasons why it is prudent to have a remote working infrastructure in place. Truth be told, “in the event of a global pandemic” probably wasn’t very high up most people’s list before 2020. In normal circumstances, common occurrences like adverse weather, transportation issues, and power outages can also severely affect the productivity of business if employees can’t access what they need outside the office.

That being said, proper implementation of any remote working program is key. In particular, the right security tools must be in place, otherwise businesses risk exposing themselves to a wide range of cyber threats.

This article examines some of the major considerations for any business looking to tackle the security challenges of remote working and implement a program that will enable employees to work both effectively and securely from anywhere.

Security challenges of remote working: Finding the right approach

Historically, office-based businesses have managed off-site workers through the use of virtual private networks (VPNs) and managed devices with installed software agents – also known as the mobile device management (MDM) approach. While still a relatively popular strategy today, it raises an increasing number of privacy concerns, mainly because it gives businesses the ability to monitor everything employees do on their device. VPN technology is also widely considered to be outdated and its complexity means skilled IT professionals are required to manage/maintain it properly.

For businesses without legacy technology to consider, a bring your own device (BYOD) approach is often preferable. Not only does it significantly reduce IT costs, but employees will always be able to work on their device in the event of unforeseen circumstances that prevent them from traveling to the office.

Unlike a managed device approach, employees using their own personal devices have more freedom over what and where they can view or download sensitive data, making robust security even more critical. Below are three security technologies that can be used to complement the flexibility a BYOD program provides:

1. Data loss prevention technology keeps businesses in control

One of the biggest issues with a BYOD approach is how to prevent sensitive data loss or theft from unmanaged devices. The use of data loss prevention (DLP) technology can significantly mitigate this, giving businesses much more control over their data than they would otherwise have. With DLP in place, any unauthorized attempts to access, copy or share sensitive information – whether intentional or not – will be prevented, keeping it out of the wrong hands and helping to prevent security breaches.

2. Behavioral analytics quickly detects suspicious user activity

Implementation of user and entity behavior analytics (UEBA) is a great way to quickly detect anomalous behavior that might indicate a potential security breach amongst your remote workforce. UEBA works by learning and establishing benchmarks for normal user behavior and then alerting security teams to any activity that deviates from that established norm. For instance, if a remote worker typically logs in from London but is suddenly seen to be logging in from Paris, particularly under the current circumstances, this would raise an immediate alert that something is amiss.

3. Agentless technology delivers robust security without breaching privacy

Employees using personal devices as part of a BYOD program can often be resistant to agent-based security tools being installed on them. Not only are some – like MDM – considered an invasion of privacy, but they can also impact device performance and functionality. Conversely, agentless security tools utilize cloud technology, meaning they require no installation but still give security teams the control they need to monitor, track and even wipe sensitive data if/when necessary.

Furthermore, because agentless security tools only monitor company data on the device, employees can be confident that their personal data and activity remain completely private. Leading agentless security solutions even include cloud based DLP as part of their offering, meaning businesses can cover multiple bases in one go.

Over the last few months, the pandemic has forced many businesses to fundamentally change the way they operate. For some, this switch to remote working has been quick and painless, but for many others, a lack of foresight or advanced planning has made it a significant challenge.

Of course, hindsight is a wonderful thing, but even in the midst of this pandemic, it’s not too late to change tack. By combining BYOD with powerful cloud security and analytics technology, businesses of all shapes and sizes can quickly establish an effective, secure remote working program, keeping the wheels of business turning when even the most unexpected things happen.

Protecting corporate data in popular cloud-based collaborative apps

Cloud adoption has grown at an astonishing rate, providing organizations with the freedom to store data in numerous cloud applications that meet their specific business demands. Additionally, migrating to the cloud gives employees the ability to access work material from anywhere and anytime.

protecting data cloud

This increases productivity by allowing employees to collaborate remotely with applications like G Suite, Office 365, Salesforce, and Slack (to name a few). While utilizing these cloud apps provides flexibility and cost savings, it also can allow sensitive data to be exposed.

While there are plenty of cloud applications available, let’s explore G Suite, Office 365, Salesforce, and Slack, and how organizations can leverage these apps to reap benefits while keeping data safe.

Proceed with caution

No matter what your company does, you likely share documents with employees, clients, or partners on a daily basis. These documents can include proposals, contracts, financial records, HR paperwork, and other confidential files. While these apps have made it easier to share, the documents and files are highly sensitive and could be very damaging if malicious actors got their hands on them.

Over 6 million businesses are paying to use G Suite, which provides access to corporate data from any device, anywhere, improving IT flexibility and employee productivity.

Similarly, Microsoft’s Office 365 provides teams with collaborative services to share and store data on SharePoint or Microsoft Teams. Another popular application over 150,000 enterprises use is Salesforce, a customer relationship management service that supports marketing, sales, commerce, and service functions. Lastly, Slack has become one of the most used team collaboration solutions with over 12 million daily active users sharing messages or other files on the platform.

Unfortunately, companies are not able to monitor all of the documents or data being shared across these apps. For example, Slack has private channels and direct messaging capabilities where admins cannot view what information is being shared unless they are a part of the conversation.

As we have witnessed with previous data breaches, there is a risk that sensitive data will not always be shielded from anyone outside your organization. Slack previously experienced a data breach back in 2015 as a result of unauthorized users gaining access to the infrastructure where usernames and passwords were stored. Salesforce has also had security issues in the past exposing users stored data to third parties due to an API error. These are just a few instances that should serve as a stark warning to enterprises that they can’t rely solely on app providers to ensure the security of their data – they must implement their own proper security solutions and processes in tandem.

While these cloud-based services have native security capabilities in place to protect the infrastructure against intrusions, the onus is on the enterprises using these tools to ensure files that are being stored and accessed in the cloud are secure. As businesses continue to use these apps, they must understand that they have a shared responsibility to protect corporate and customer information.

To achieve this shared goal, organizations need tools that are designed for enforcing real-time access control, detecting and remediating misconfigurations, encrypting sensitive data at rest, managing the sharing of data with external parties, and preventing data leakage while using these apps.

You can have your cake and eat it, too

Single sign-on (SSO) should be included as part of an organization’s cloud security strategy in order to authenticate their users and ensure that sensitive data is not being accessed maliciously. Along with SSO, having a cybersecurity solution that can protect data at upload, download, and at rest is essential to preventing a security breach.

Enterprises should also equip themselves with full-strength, data encryption and data loss prevention (DLP) as a part of their cloud-based collaborative apps. Additionally, companies should often train employees on best practices while using these apps including educating them on any specific company rules around data sharing.

As enterprise security teams have come to the realization that legacy security tools are not enough to secure their ever-changing ecosystem, cloud adoption will continue to rise. However, just like any other application, it’s important to have further preventive security in place to ensure that the data that is stored within the app, stays completely secure.

Number of records exposed in healthcare breaches doubled from 2018 to 2019

In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass.

records exposed healthcare breaches

Categories of breaches

  • Hacking or IT incidents: Breaches related to malicious hackers and improper IT security
  • Unauthorized access or disclosure: All unauthorized access and sharing of organizational data
  • Loss or theft: Breaches enabled by the loss or theft of endpoint devices
  • Other: Miscellaneous breaches and leaks related to items such as improper disposal of data

Number of records exposed in healthcare breaches doubles

According to the findings, the total number of records breached more than doubled from 2018 to 2019. This same doubling also occurred between 2017 and 2018, revealing a dramatic upward trend over the last few years.

Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300 – the 386 incidents in 2019 represented a 33% increase over 2018.

“Last year, ‘Hacking and IT Incidents’ was the top cause of breaches in healthcare, accounting for more than 60% of all data leakage,” said Anurag Kahol, CTO of Bitglass.

“This is not particularly surprising given the fact that threat actors are maturing their capabilities and adapting to security measures organizations put in place, like multi-factor authentication.

“Healthcare databases are heavily targeted by cybercriminals as they hold a wealth of sensitive information like medical histories, Social Security numbers, personal financial data, and more. This means that healthcare firms must employ the appropriate technologies and cybersecurity best practices to ensure all data within their IT systems is secure around the clocks.”

records exposed healthcare breaches

Key findings

  • The cost per breached record in healthcare was $429 in 2019. Last year, with 27.5 million records exposed, data breaches cost healthcare organizations $11.8 billion.
  • Around 24 million people were affected by healthcare breaches due to Hacking and IT Incidents. This category was followed by Unauthorized Access or Disclosure, which affected 2.5 million people.
  • Texas had the most healthcare breaches in 2019 with 47 incidents, nearly twice the number of California, which came in second place at 25.
  • Lost or stolen devices has consistently had the biggest annual decrease over the past few years, dropping from 148 in 2014 to 42 in 2019.
  • The total number of records breached has more than doubled each year; from 4.7M in 2017 to 11.5M in 2018, and to 27.5M in 2019.

Hacking and malware cause 75% of all data breaches in the financial services industry

Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries.

data breaches financial services

Leaked records and data breaches in the financial services industry

In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records.

Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.

“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO of Bitglass.

“Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”

data breaches financial services

Key findings

  • Hacking and malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider Threats grew from 2.9% in 2018 to 5.5% today, while Accidental Disclosures increased from 14.7% to 18.2%.
  • The cost per average breached record in financial services ($210) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare ($429).
  • For mega breaches, which affect approximately 100M or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018.
  • Many financial services organizations are still not taking proper steps to secure data in our modern cloud and BYOD environment. Consequently, they are suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.
  • The top three breaches of financial services firms in 2019 were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).

New infosec products of the week: November 15, 2019

Sysdig Secure 3.0 provides enterprises with threat prevention at runtime Sysdig Secure 3.0 includes an incident response and audit tool for Kubernetes, giving enterprises the ability to reconstruct historical system activity. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. Jamf unveils Jamf Protect, an enterprise Mac endpoint protection solution Jamf Protect leverages native Apple security tools and on-device analysis of macOS activity to create customized telemetry that gives … More

The post New infosec products of the week: November 15, 2019 appeared first on Help Net Security.

Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net

As companies and consumers have become more aware of phishing, hackers have refined their techniques and are now launching a more advanced form of attack known as lateral phishing. This technique is highly convincing and, consequently, highly effective. Hackers are no longer phishing in the dark Millions of individuals have had their personal information exposed in recent breaches at companies like DoorDash, PCM Inc., and Nordstrom. When email addresses, dates of birth, names, and other … More

The post Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net appeared first on Help Net Security.