Bitglass released a report which uncovers whether organizations are properly equipped to defend themselves in the cloud. IT and security professionals were surveyed to understand their top security concerns and identify the actions that enterprises are taking to protect data in the cloud.
Orgs struggling to use cloud-based resources safely
93% of respondents were moderately to extremely concerned about the security of the public cloud. The report’s findings suggest that organizations are struggling to use cloud-based resources safely. For example, a mere 31% of organizations use cloud DLP, despite 66% citing data leakage as their top cloud security concern.
Similarly, organizations are unable to maintain visibility into file downloads (45%), file uploads (50%), DLP policy violations (50%), and external sharing (55%) in the cloud.
Many still using legacy tools
The report also found that many still try to use tools like firewalls (44%), network encryption (36%), and network monitoring (26%) to secure the use of the cloud–despite 82% of respondents recognizing that such legacy tools are poorly suited to do so and that they should instead use security capabilities designed for the cloud.
“To address modern cloud security needs, organizations should leverage multi-faceted security platforms that are capable of providing comprehensive and consistent security for any interaction between any device, app, web destination, on-premises resource, or infrastructure,” said Anurag Kahol, CTO at Bitglass.
“According to our research, 79% of organizations already believe it would be helpful to have such a consolidated security platform; now they just need to choose and implement the right one.”
Employees, whether careless or malicious, can pose a great risk to organizations, a Bitglass survey reveals. 61% of survey respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks).
Insider threats becoming increasingly challenging
Businesses are currently undergoing seismic shifts, including rapid migrations to the cloud and widespread adoptions of remote work and BYOD (bring your own device) policies. Along with these trends, securing against insider threats has become increasingly challenging.
Most organizations cannot guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%), while 81% find it difficult to assess the impact of insider attacks.
Despite these concerns, few respondents have a single platform that delivers complete, unified visibility and control for any interaction.
When dealing with multiple disjointed tools that provide disparate levels of protection, security professionals spend an inordinate amount of time managing each of the solutions individually. As such, 49% of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organization recovers from the attacks.
Security budgets are decreasing
While organizations were already working with constrained security budgets before the pandemic, security teams are now being asked to do even more with less. 73% of companies’ security budgets are decreasing or staying flat over the next year.
“Along with brand damage, remediation costs, legal liabilities, and loss of revenue, these are serious ramifications that must be prevented. Enterprises need a multi-faceted security platform that is designed to monitor user behavior, secure personal devices, deliver maximum uptime and cost savings, and prevent leakage on any interaction. Only then can they defend against insider threats.”
As the shift to remote work has increased, most businesses are embracing BYOD in the workplace.
In a survey by Bitglass, 69% of respondents said that employees at their companies are allowed to use personal devices to perform their work, while some enable BYOD for contractors, partners, customers, and suppliers.
While the use of personal devices in the work environment is growing rapidly, many are unprepared to balance security with productivity. When asked for their main BYOD security concerns, 63% of respondents said data leakage, 53% said unauthorized access to data and systems, and 52% said malware infections.
Lack of proper steps to protect corporate data
Despite the concerns, the research shows that organizations are allowing BYOD without taking the proper steps to protect corporate data. 51% of the surveyed organizations lack any visibility into file sharing apps, 30% have no visibility or control over mobile enterprise messaging tools, and only 9% have cloud-based anti-malware solutions in place.
Compounding these problems are results that demonstrated that organizations need physical access to devices and even device PINs to secure them. This may be acceptable for managed endpoints, but it is a clear invasion of privacy where BYOD is enabled.
“However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables. To remedy this standoff, companies need comprehensive cloud security platforms that are designed to secure any interaction between users, devices, apps, or web destinations.”
Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications. Remote work and secure access concerns When asked what their organizations are primarily concerned with securing while employees … More
The post 41% of organizations have not taken any steps to expand secure access for the remote workforce appeared first on Help Net Security.
Unprecedented times call for unprecedented actions and the ongoing COVID-19 pandemic has caused what is likely to be the biggest shift towards remote working that the world has ever seen. But, while the technology has been around for quite some time, recent events demonstrate just how few businesses are capable of switching from an office-based setup to a remote one in a fast, secure, and non-disruptive manner.
There’s a significant number of reasons why it is prudent to have a remote working infrastructure in place. Truth be told, “in the event of a global pandemic” probably wasn’t very high up most people’s list before 2020. In normal circumstances, common occurrences like adverse weather, transportation issues, and power outages can also severely affect the productivity of business if employees can’t access what they need outside the office.
That being said, proper implementation of any remote working program is key. In particular, the right security tools must be in place, otherwise businesses risk exposing themselves to a wide range of cyber threats.
This article examines some of the major considerations for any business looking to tackle the security challenges of remote working and implement a program that will enable employees to work both effectively and securely from anywhere.
Security challenges of remote working: Finding the right approach
Historically, office-based businesses have managed off-site workers through the use of virtual private networks (VPNs) and managed devices with installed software agents – also known as the mobile device management (MDM) approach. While still a relatively popular strategy today, it raises an increasing number of privacy concerns, mainly because it gives businesses the ability to monitor everything employees do on their device. VPN technology is also widely considered to be outdated and its complexity means skilled IT professionals are required to manage/maintain it properly.
For businesses without legacy technology to consider, a bring your own device (BYOD) approach is often preferable. Not only does it significantly reduce IT costs, but employees will always be able to work on their device in the event of unforeseen circumstances that prevent them from traveling to the office.
Unlike a managed device approach, employees using their own personal devices have more freedom over what and where they can view or download sensitive data, making robust security even more critical. Below are three security technologies that can be used to complement the flexibility a BYOD program provides:
1. Data loss prevention technology keeps businesses in control
One of the biggest issues with a BYOD approach is how to prevent sensitive data loss or theft from unmanaged devices. The use of data loss prevention (DLP) technology can significantly mitigate this, giving businesses much more control over their data than they would otherwise have. With DLP in place, any unauthorized attempts to access, copy or share sensitive information – whether intentional or not – will be prevented, keeping it out of the wrong hands and helping to prevent security breaches.
2. Behavioral analytics quickly detects suspicious user activity
Implementation of user and entity behavior analytics (UEBA) is a great way to quickly detect anomalous behavior that might indicate a potential security breach amongst your remote workforce. UEBA works by learning and establishing benchmarks for normal user behavior and then alerting security teams to any activity that deviates from that established norm. For instance, if a remote worker typically logs in from London but is suddenly seen to be logging in from Paris, particularly under the current circumstances, this would raise an immediate alert that something is amiss.
3. Agentless technology delivers robust security without breaching privacy
Employees using personal devices as part of a BYOD program can often be resistant to agent-based security tools being installed on them. Not only are some – like MDM – considered an invasion of privacy, but they can also impact device performance and functionality. Conversely, agentless security tools utilize cloud technology, meaning they require no installation but still give security teams the control they need to monitor, track and even wipe sensitive data if/when necessary.
Furthermore, because agentless security tools only monitor company data on the device, employees can be confident that their personal data and activity remain completely private. Leading agentless security solutions even include cloud based DLP as part of their offering, meaning businesses can cover multiple bases in one go.
Over the last few months, the pandemic has forced many businesses to fundamentally change the way they operate. For some, this switch to remote working has been quick and painless, but for many others, a lack of foresight or advanced planning has made it a significant challenge.
Of course, hindsight is a wonderful thing, but even in the midst of this pandemic, it’s not too late to change tack. By combining BYOD with powerful cloud security and analytics technology, businesses of all shapes and sizes can quickly establish an effective, secure remote working program, keeping the wheels of business turning when even the most unexpected things happen.
Account Takeover (ATO) attacks happen when a bad actor gains access to a legitimate customer’s eCommerce store account and uses that account for fraud.
The impact of ATO attacks
A new Riskified survey shows that ATO attacks have a huge negative impact on customers and merchants, damaging brand reputation and hurting merchants’ bottom lines. Despite that, many merchants lack security measures, and 35% of merchants report that at least 10% of their accounts have been taken over in the last 12 months.
Both merchants and customers value secure store accounts. Customers cite their convenience and the opportunity to earn rewards as notable benefits. Merchants report that account holders shop more often and spend more per purchase than other customers.
But accounts can also increase risk if they are not properly secured. Sixty-six percent of merchants and 69% of customers say they are concerned about their accounts getting hacked. Purchases made using compromised store accounts are hard for merchants to detect, because they look like they are made by legitimate returning customers.
ATO attacks are also very costly for merchants. When fraudsters use compromised accounts to make fraudulent purchases, not only does the merchant lose the revenue and the value of the goods sold, but it also often suffers serious damage to its brand reputation and diminished customer lifetime value.
65% of customers say they would likely stop buying from a merchant if their account was compromised. 54% of customers say they would delete their account, 39% would go to a competitor, and 30% say they would tell their friends to stop shopping with the merchant.
Preventing ATOs presents unique challenges
Because ATOs require only a login and stolen password, merchants have less data with which to evaluate the action, making detection and prevention difficult. Many merchants are failing to do so:
- 27% admit that they do not have measures in place to prevent ATOs.
- 24% of merchants can’t identify an ATO during a purchase.
- 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them.
- Only 7.5% of customers learn their accounts were compromised from the merchant. The vast majority spot changes to their accounts or learn of unauthorized purchases.
Merchants that take steps to reduce ATOs risk hurting the customer experience. The most common approach to prevent ATOs is two-factor authentication for login attempts (62%), which can frustrate legitimate customers and increase cart abandonment.
Many merchants also require complex passwords to increase security, with 73% reporting that account passwords must contain a mix of characters, numbers, symbols and uppercase and lowercase letters.
This can help security, but it also increases friction and does little for customers who reuse passwords, meaning that store accounts are at risk through data breaches on other sites. That’s a real concern, as 47% of customers admit to using the same password for two or more online stores.
Embracing advanced technology may offer a solution
Because of their potential for serious financial and reputational harm – combined with the difficulty in detection – merchants need to use as much available data as possible to avoid ATOs. For example, merchants should look at the device and network details, proxy usage and previous logins to determine if the entity attempting to access the account is the rightful owner.
If the device or network is unfamiliar or exhibiting characteristics consistent with fraudsters, merchants should exercise caution by notifying the account owner or applying two-factor authentication.
Merchants also need to recognize that the account takeover isn’t the end goal. Fraudsters use ATO attacks to then place fraudulent orders, and merchants have the advantage of seeing that whole process.
An unfamiliar login or a change of details might seem suspicious initially, but if the cart that reaches checkout is low risk, then merchants can likely safely approve the order.
Similarly, if a safe-looking account event is followed by a chargeback, then merchants should take another look at the account activity and, likely, prompt the customer to change their password. When merchants ensure that these parts of the shopping journey – and the teams and solutions that manage them – are coordinated, they can decrease risk and increase revenue.
“Our survey shows that merchants are aware of and concerned with ATO attacks, but they usually lack the ability to identify and prevent them,” said Assaf Feldman, CTO at Riskified.
“Without a dynamic approach that evaluates all relevant data, merchants risk significant financial losses, frustrated customers and damaged brand reputations. Advanced machine-learning solutions can instantly recognize legitimate customers and ease their path to checkout.
“Suspicious actions can be verified or blocked to minimize damage. By doing so, merchants maximize revenue while giving their customers a great experience.”
The importance of accounts
Accounts are an important shopping tool for customers:
- 3% of customers say they have accounts on individual sites for shopping.
- 75% do most or all of their online shopping with merchants where they have accounts.
- 42% said they shop more frequently when they have an account.
Merchants get a significant portion of their business from customers with accounts:
- More than 67% of the merchants surveyed say at least half of their orders come from customers with accounts.
- 58% of merchants report that account holders spend more per purchase than customers who use guest checkout.
- 61% say that account holders purchase more frequently than customers who use guest checkout.
“Companies can combat lateral phishing threats by adopting advanced security solutions that identify suspicious logins and take actions before breaches can occur. These controls enable businesses to verify users’ identities and enforce measures, such as MFA, which can limit an attacker’s chance of hijacking a corporate email address in the first place. Additionally, all companies can learn that it is essential to have full visibility and control over their customer data in order to prevent a breach. To do so, organizations must implement security solutions that remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information,” said Anurag Kahol, CTO at Bitglass.
Cloud adoption has grown at an astonishing rate, providing organizations with the freedom to store data in numerous cloud applications that meet their specific business demands. Additionally, migrating to the cloud gives employees the ability to access work material from anywhere and anytime.
This increases productivity by allowing employees to collaborate remotely with applications like G Suite, Office 365, Salesforce, and Slack (to name a few). While utilizing these cloud apps provides flexibility and cost savings, it also can allow sensitive data to be exposed.
While there are plenty of cloud applications available, let’s explore G Suite, Office 365, Salesforce, and Slack, and how organizations can leverage these apps to reap benefits while keeping data safe.
Proceed with caution
No matter what your company does, you likely share documents with employees, clients, or partners on a daily basis. These documents can include proposals, contracts, financial records, HR paperwork, and other confidential files. While these apps have made it easier to share, the documents and files are highly sensitive and could be very damaging if malicious actors got their hands on them.
Over 6 million businesses are paying to use G Suite, which provides access to corporate data from any device, anywhere, improving IT flexibility and employee productivity.
Similarly, Microsoft’s Office 365 provides teams with collaborative services to share and store data on SharePoint or Microsoft Teams. Another popular application over 150,000 enterprises use is Salesforce, a customer relationship management service that supports marketing, sales, commerce, and service functions. Lastly, Slack has become one of the most used team collaboration solutions with over 12 million daily active users sharing messages or other files on the platform.
Unfortunately, companies are not able to monitor all of the documents or data being shared across these apps. For example, Slack has private channels and direct messaging capabilities where admins cannot view what information is being shared unless they are a part of the conversation.
As we have witnessed with previous data breaches, there is a risk that sensitive data will not always be shielded from anyone outside your organization. Slack previously experienced a data breach back in 2015 as a result of unauthorized users gaining access to the infrastructure where usernames and passwords were stored. Salesforce has also had security issues in the past exposing users stored data to third parties due to an API error. These are just a few instances that should serve as a stark warning to enterprises that they can’t rely solely on app providers to ensure the security of their data – they must implement their own proper security solutions and processes in tandem.
While these cloud-based services have native security capabilities in place to protect the infrastructure against intrusions, the onus is on the enterprises using these tools to ensure files that are being stored and accessed in the cloud are secure. As businesses continue to use these apps, they must understand that they have a shared responsibility to protect corporate and customer information.
To achieve this shared goal, organizations need tools that are designed for enforcing real-time access control, detecting and remediating misconfigurations, encrypting sensitive data at rest, managing the sharing of data with external parties, and preventing data leakage while using these apps.
You can have your cake and eat it, too
Single sign-on (SSO) should be included as part of an organization’s cloud security strategy in order to authenticate their users and ensure that sensitive data is not being accessed maliciously. Along with SSO, having a cybersecurity solution that can protect data at upload, download, and at rest is essential to preventing a security breach.
Enterprises should also equip themselves with full-strength, data encryption and data loss prevention (DLP) as a part of their cloud-based collaborative apps. Additionally, companies should often train employees on best practices while using these apps including educating them on any specific company rules around data sharing.
As enterprise security teams have come to the realization that legacy security tools are not enough to secure their ever-changing ecosystem, cloud adoption will continue to rise. However, just like any other application, it’s important to have further preventive security in place to ensure that the data that is stored within the app, stays completely secure.
In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass.
Categories of breaches
- Hacking or IT incidents: Breaches related to malicious hackers and improper IT security
- Unauthorized access or disclosure: All unauthorized access and sharing of organizational data
- Loss or theft: Breaches enabled by the loss or theft of endpoint devices
- Other: Miscellaneous breaches and leaks related to items such as improper disposal of data
Number of records exposed in healthcare breaches doubles
According to the findings, the total number of records breached more than doubled from 2018 to 2019. This same doubling also occurred between 2017 and 2018, revealing a dramatic upward trend over the last few years.
Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300 – the 386 incidents in 2019 represented a 33% increase over 2018.
“This is not particularly surprising given the fact that threat actors are maturing their capabilities and adapting to security measures organizations put in place, like multi-factor authentication.
“Healthcare databases are heavily targeted by cybercriminals as they hold a wealth of sensitive information like medical histories, Social Security numbers, personal financial data, and more. This means that healthcare firms must employ the appropriate technologies and cybersecurity best practices to ensure all data within their IT systems is secure around the clocks.”
- The cost per breached record in healthcare was $429 in 2019. Last year, with 27.5 million records exposed, data breaches cost healthcare organizations $11.8 billion.
- Around 24 million people were affected by healthcare breaches due to Hacking and IT Incidents. This category was followed by Unauthorized Access or Disclosure, which affected 2.5 million people.
- Texas had the most healthcare breaches in 2019 with 47 incidents, nearly twice the number of California, which came in second place at 25.
- Lost or stolen devices has consistently had the biggest annual decrease over the past few years, dropping from 148 in 2014 to 42 in 2019.
- The total number of records breached has more than doubled each year; from 4.7M in 2017 to 11.5M in 2018, and to 27.5M in 2019.
Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries.
Leaked records and data breaches in the financial services industry
In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records.
Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.
“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO of Bitglass.
“Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”
- Hacking and malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider Threats grew from 2.9% in 2018 to 5.5% today, while Accidental Disclosures increased from 14.7% to 18.2%.
- The cost per average breached record in financial services ($210) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare ($429).
- For mega breaches, which affect approximately 100M or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018.
- Many financial services organizations are still not taking proper steps to secure data in our modern cloud and BYOD environment. Consequently, they are suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.
- The top three breaches of financial services firms in 2019 were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).
Sysdig Secure 3.0 provides enterprises with threat prevention at runtime Sysdig Secure 3.0 includes an incident response and audit tool for Kubernetes, giving enterprises the ability to reconstruct historical system activity. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. Jamf unveils Jamf Protect, an enterprise Mac endpoint protection solution Jamf Protect leverages native Apple security tools and on-device analysis of macOS activity to create customized telemetry that gives … More
The post New infosec products of the week: November 15, 2019 appeared first on Help Net Security.
As companies and consumers have become more aware of phishing, hackers have refined their techniques and are now launching a more advanced form of attack known as lateral phishing. This technique is highly convincing and, consequently, highly effective. Hackers are no longer phishing in the dark Millions of individuals have had their personal information exposed in recent breaches at companies like DoorDash, PCM Inc., and Nordstrom. When email addresses, dates of birth, names, and other … More
The post Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net appeared first on Help Net Security.