The average total cost of a data breach declined, but costs increased for many organizations

Data breaches cost companies $3.86 million per breach on average, and compromised employee accounts are the most expensive root cause.

cost data breach

Based on in-depth analysis of data breaches experienced by over 500 organizations worldwide, 80% of these incidents resulted in the exposure of customers’ personally identifiable information (PII). Out of all types of data exposed in these breaches, customer PII was also the costliest to businesses.

As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organizations can suffer if this data is compromised.

Conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professional in organizations that suffered a data breach over the past year. Some of the top findings from this year’s report include:

Smart tech slashes breach costs in half: Companies who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced less than half the data breach costs compared to those who didn’t have these tools deployed – $2.45 million vs. $6.03 million on average.

Paying a premium for compromised credentials: In incidents where attackers accessed corporate networks through the use of stolen or compromised credentials, businesses saw nearly $1 million higher data breach costs compared to the global average – reaching $4.77 million per data breach. Exploiting third-party vulnerabilities was the second costliest root cause of malicious breaches ($4.5 million) for this group.

Mega breach costs soar by the millions: Breaches wherein over 50 million records were compromised saw costs jump to $392 million from $388 million the previous year. Breaches where 40 to 50 million records were exposed cost companies $364 million on average, a cost increase of $19 million compared to the 2019 report.

Nation state attacks: Data breaches believed to originate from nation state attacks were the costliest, compared to other threat actors examined in the report. State-sponsored attacks averaged $4.43 million in data breach costs, surpassing both financially motivated cybercriminals and hacktivists.

“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence. “At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”

Employee credentials and misconfigured clouds

Stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies in the report, representing nearly 40% of malicious incidents. With over 8.5 billion records exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches studied, businesses should rethink their security strategy via the adoption of a zero-trust approach – reexamining how they authenticate users and the extent of access users are granted.

Similarly, companies’ struggle with security complexity – a top breach cost factor – is likely contributing to cloud misconfigurations becoming a growing security challenge. The 2020 report revealed that attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average – making it the third most expensive initial infection vector examined in the report.

State sponsored attacks strike heaviest

Despite representing just 13% of malicious breaches studied, state-sponsored threat actors were the most damaging type of adversary according to the 2020 report, suggesting that financially motivated attacks (53%) don’t translate into higher financial losses for businesses. The highly tactical nature, longevity and stealth maneuvers of state-backed attacks, as well as the high value data targeted, often result in a more extensive compromise of victim environments, increasing breach costs to an average $4.43 million.

In fact, respondents in the Middle East, a region that historically experiences a higher proportion of state-sponsored attacks compared to other parts of the world , saw an over 9% yearly rise in their average data breach cost, incurring the second highest average breach cost ($6.52 million) amongst the 17 regions studied. Similarly, the energy sector, one of the most frequently targeted industries by nation states, experienced a 14% increase in breach costs year over year, averaging $6.39 million.

Advanced security technologies prove smart for business

The report highlights the growing divide in breach costs between businesses implementing advanced security technologies and those lagging behind, revealing a cost-saving difference of $3.58 million for companies with fully deployed security automation versus those that have yet to deploy this type of technology. The cost gap has grown by $2 million, from a difference of $1.55 million in 2018.

Companies in the study with fully deployed security automation also reported significantly shorter response time to breaches, another key factor shown to reduce breach costs in the analysis. The report found that AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches over 27% faster than companies that have yet to deploy security automation – the latter of which require on average 74 additional days to identify and contain a breach.

Incident response (IR) preparedness also continues to heavily influence the financial aftermath of a breach. According to the report, companies with neither an IR team nor testing of IR plans experience $5.29 million in average breach costs, whereas companies that have both an IR team and use tabletop exercises or simulations to test IR plans experience $2 million less in breach costs – reaffirming that preparedness and readiness yield a significant ROI in cybersecurity.

cost data breach

Additional findings from this year’s report

  • Remote work risk will have a cost: With hybrid work models creating less controlled environments, the report found that 70% of companies studied that adopted telework amid the pandemic expect it will exacerbate data breach costs.
  • CISOs faulted for breaches, despite limited decision-making power: Forty-six percent of respondents said the CISO/CSO is ultimately held responsible for the breach, despite only 27% stating the CISO/CSO is the security policy and technology decision-maker. The report found that appointing a CISO was associated with $145,000 cost savings versus the average cost of a breach.
  • Majority of cyber insured businesses use claims for third party fees: The report found that breaches at studied organizations with cyber insurance cost on average nearly $200,000 less than the global average of $3.86 million. In fact, of these organizations that used their cyber insurance, 51% applied it to cover third-party consulting fees and legal services, while 36% of organizations used it for victim restitution costs. Only 10% used claims to cover the cost of ransomware or extortion.
  • Regional and industry insights: While the U.S. continued to experience the highest data breach costs in the world, at $8.64 million on average, the report found that Scandinavia experienced the biggest year over year increase in breach costs, observing a nearly 13% rise. Healthcare continued to incur the highest average breach costs at $7.13 million — an over 10% increase compared to the 2019 study.

Employees are worried about cyber threats in their home office environments

IBM Security released findings from a study focused on the behaviors and security risks of those new to working from home (WFH) during the COVID-19 pandemic.

cyber threats home office

Cyber threats in the home office

The study shows more than 80% of respondents either rarely worked from home or not at all prior to the pandemic, and, in turn, more than half are now doing so with no new security policies to help guide them. This shift to working from home has exposed new security risks and has left nearly 50% of those employees worried about impending cyber threats in their new home office settings.

Now that more than half of the U.S. population is working from home—and a large percentage is expected to continue to do so through the rest of 2020 and beyond—many companies may be playing catch-up as they attempt to manage the security risks of rushed remote-work models. Business activities that were once conducted in protected office environments, and monitored under specific policies, have quickly transitioned to new, and potentially less secure territory. For example, customer service agents who worked in closely managed call centers are now managing sensitive customer data at home.

“Organizations need to use a risk-based approach with work-from-home models, then reassess and build from the ground up,” said Charles Henderson, Global Partner and Head of IBM X-Force Red. “Working from home is going to be a long-lasting reality within many organizations, and the security assumptions we once relied on in our traditional offices may not be enough as our workforce transitions to new, less controlled surroundings.”

Lack of support creates opportunity for cybercriminals

The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools—yet the survey showed many employees are lacking guidance, direction and policies.

cyber threats home office

The IBM Security Work from Home Survey is comprised of responses from more than 2,000 newly working remotely Americans. Key findings include:

  • Confident, yet unprepared: 93% of those newly working from home are confident in their company’s ability to keep personally identifiable information (PII) secure while working remotely, yet 52% are using their personal laptops for work – often with no new tools to secure it, and 45% haven’t received any new training.
  • Lacking PII guidelines: More than half have not been provided with new guidelines on how to handle highly regulated PII while working from home. This is despite more than 42% of people who manage PII as part of their regular jobs now doing so at home.
  • Policy awareness: More than 50% of respondents don’t know of any new company policies related to customer data handling, password management and more.
  • Personal (unprotected) devices in use: More than 50% of new work from home employees are using their own personal computers for business use, however 61% also say their employer hasn’t provided tools to properly secure those devices.
  • Passwords lacking protection: 66% have not been provided with new password management guidelines, which could be why 35% are still reusing passwords for business accounts.

Top security risks for companies to address as cloud migration accelerates

The ease and speed at which new cloud tools can be deployed is also making it harder for security teams to control their usage, IBM Security reveals.

cloud migration risks

According to the data, basic security oversight issues, including governance, vulnerabilities, and misconfigurations, remain the top risk factors organizations must address to secure increasingly cloud-based operations.

Additionally, an analysis of security incidents over the past year sheds light on how cybercriminals are targeting cloud environments with customized malware, ransomware and more.

With businesses rapidly moving to cloud to accommodate remote workforce demands, understanding the unique security challenges posed by this transition is essential for managing risk.

While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources is also creating complexity for IT and cybersecurity teams.

According to IDC, more than a third of companies purchased 30+ types of cloud services from 16 different vendors in 2019 alone. This distributed landscape can lead to unclear ownership of security in the cloud, creating policy “blind spots” and potential for shadow IT to introduce vulnerabilities and misconfiguration.

Cloud environment threats and challenges

  • Complex ownership: 66% of respondents surveyed say they rely on cloud providers for baseline security; yet perception of security ownership varied greatly across specific cloud platforms and applications.
  • Cloud applications opening the door: The most common path for cybercriminals to compromise cloud environments was via cloud-based applications, representing 45% of incidents in IBM X-Force IRIS cloud-related case studies. Cybercriminals took advantage of configuration errors as well as vulnerabilities within the applications, which often remained undetected due to employees standing up new cloud apps on their own, outside of approved channels.
  • Amplifying attacks: While data theft was the top impact of attacks in the cloud, hackers also targeted the cloud for cryptomining and ransomware3 – using cloud resources to amplify the effect of these attacks.

“The cloud holds enormous potential for business efficiency and innovation, but also can create a ‘wild west’ of broader and more distributed environments for organizations to manage and secure,” said Abhijit Chakravorty, Cloud Security Competency Leader, IBM Security Services.

“When done right, cloud can make security scalable and more adaptable – but first, organizations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible. This starts with a clear picture of regulatory obligations and compliance mandate, as well as the unique technical and policy-driven security challenges and external threats targeting the cloud.”

Who owns security in the cloud?

Organizations that rely heavily on cloud providers to own security in the cloud, despite the fact that configuration issues – which are typically users’ responsibility – are most often to blame for data breaches (accounting for more than 85% of all breached records in 2019).

Additionally, perceptions of security ownership in the cloud varied widely across various platforms and applications. For example, 73% of respondents believed public cloud providers were the main party responsible for securing software-as-a-service (SaaS), while only 42% believed providers were primarily responsible for securing cloud infrastructure-as-a-service (IaaS).

While this type of shared responsibility model is necessary for the hybrid, multi-cloud era, it can also lead to variable security policies and a lack of visibility across cloud environments. Organizations who are able streamline their cloud and security operations can help reduce this risk, through clearly defined policies which apply across their entire IT environment.

Top threats in the cloud: Data theft, cryptomining and ransomware

In order to get a better picture of how attackers are targeting cloud environments, incident response experts conducted an in-depth analysis of cloud-related cases the team responded to over the past year. The analysis found:

  • Cybercriminals leading the charge: Financially motivated cybercriminals were the most commonly observed threat group category targeting cloud environments, though nation state actors are also a persistent risk.
  • Exploiting cloud apps: The most common entry point for attackers was via cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities and misconfigurations. Vulnerabilities often remained undetected due to “shadow IT,” when an employee goes outside approved channels and stands up a vulnerable cloud app. Managing vulnerabilities in the cloud can be challenging, since vulnerabilities in cloud products remained outside the scope of traditional CVEs until 2020.
  • Ransomware in the cloud: Ransomware was deployed 3x more than any other type of malware in cloud environments, followed by cryptominers and botnet malware.
  • Data theft: Outside of malware deployment, data theft was the most common threat activity observed in breached cloud environments over the last year, ranging from personally identifying information to client-related emails.
  • Exponential returns: Threat actors used cloud resources to amplify the effect of attacks like cryptomining and DDoS. Additionally, threat groups used the cloud to host their malicious infrastructure and operations, adding scale and an additional layer of obfuscation to remain undetected.

“Based on the trends in our incident response cases, it’s likely that malware cases targeting cloud will continue to expand and evolve as cloud adoption increases,” said Charles DeBeck, IBM X-Force IRIS.

“Malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud.”

cloud migration risks

Maturing cloud security leads to faster security response

While the cloud revolution is posing new challenges for security teams, organizations who are able to pivot to a more mature and streamlined governance model for cloud security can reap significant benefits in their security agility and response capabilities.

The survey found that organizations who ranked high maturity in both Cloud and Security evolution were able to identify and contain data breaches faster than colleagues who were still in early phases of their cloud adoption journey.

In terms of data breach response time, the most mature organizations were able to identify and contain data breaches twice as fast as the least mature organizations (average threat lifecycle of 125 days vs. 250 days).

As the cloud becomes essential for business operations and an increasingly remote workforce, organizations should focus on the following elements to improve cybersecurity for hybrid, multi-cloud environments:

  • Establish collaborative governance and culture: Adopt a unified strategy that combines cloud and security operations – across application developers, IT Operations and Security. Designate clear policies and responsibilities for existing cloud resources as well as for the acquisition of new cloud resources.
  • Take a risk-based view: Assess the kinds workload and data you plan to move to the cloud and define appropriate security policies. Start with a risk-based assessment for visibility across your environment and create a roadmap for phasing cloud adoption.
  • Apply strong access management: Leverage access management policies and tools for access to cloud resources, including multifactor authentication, to prevent infiltration using stolen credentials. Restrict privileged accounts and set all user groups to least-required privileges to minimize damage from account compromise (zero trust model).
  • Have the right tools: Ensure tools for security monitoring, visibility and response are effective across all cloud and on-premise resources. Consider shifting to open technologies and standards which allow for greater interoperability between tools.
  • Automate security processes: Implementing effective security automation in your system can improve your detection and response capabilities, rather than relying on manual reaction to events.
  • Use proactive simulations to rehearse for various attack scenarios: This can help identify where blind spots may exist, and also address any potential forensic issues that may arise during attack investigation.

Only 38% of US govt workers received ransomware prevention training

73% of government employees are concerned about impending ransomware threats to cities across the country, and more employees fear of cyberattacks to their community than natural disasters and terrorist attacks, an IBM survey has revealed.

More than 100 cities across the United States were hit with ransomware in 2019. Data in the new Harris Poll found ransomware attacks might be even more widespread, with 1 in 6 respondents disclosing their department was impacted by a ransomware attack.

Despite the growth of these attacks, half of the employees surveyed have not seen any change in preparedness from their employers, with only 38% receiving general ransomware prevention training. Also, budgets for managing cyberattacks have remained stagnant according to 52% of state and local government IT/Security professionals polled.

ransomware attacks preparedness

“The emerging ransomware epidemic in our cities highlights the need for cities to better prepare for cyberattacks just as frequently as they prepare for natural disasters,” said Wendi Whitmore, VP of Threat Intelligence, IBM Security.

“The data in this new study suggests local and state employees recognize the threat but demonstrate over confidence in their ability to react to and manage it. Meanwhile, cities and states across the country remain a ripe target for cybercriminals.”

2020 elections concerns

With the impending 2020 election in the U.S, it’s no surprise election security is top of mind for government employees. In fact, the study found 63% of respondents are concerned that a cyberattack could disrupt the upcoming elections, with the majority of government employees placing their local Board of Elections among the top three most vulnerable systems in their communities.

While concerns of attacks against election systems and voting machines continue to make headlines, cyberattacks can also be used as a form of distraction or a way to weaken confidence in systems for voters, or even impede them from casting ballots.

The Cybersecurity Infrastructure Security Agency (CISA) has warned that ransomware attacks, in particular, pose a heightened risk to the elections. According to the study, the fear of ransomware attacks feels real to the vast majority of responding government employees, with 73% expressing concerns about threats to U.S. cities.

Public education

Public schools have emerged as a growing target for cybercriminals in 2019, ranking as the 7th most targeted industry. Ransomware impacted school districts in New York, Massachusetts, New Jersey, Louisiana and other states last year.

The study found that education respondents had the lowest amount of cybersecurity training compared to other surveyed state and local professionals. In general, 44% of those from the public education sector said they hadn’t received basic cybersecurity training, and 70% said they hadn’t received adequate training specifically on how to respond to a cyberattack.

With low training numbers, the majority of education respondents aren’t overly confident in their ability to recognize and prevent a ransomware attack – confidence is nearly 20% lower than other state and local employees surveyed.

Calling on the federal government

With ransomware attacks against cities likely to continue in 2020, both U.S. government employees and taxpayers believe the federal government should step in to assist.

The survey shows 78% of government employees believe the federal government should provide assistance to communities in responding to cyberattacks, echoing sentiments from the study where 50% of U.S. taxpayers said it’s the federal government’s responsibility to protect cities from ransomware.

The majority (76%) of state and local employees also believe cyberattacks warrant emergency support, similar to those used for natural disasters.

Positive progress and the path forward for cities

While the study details where work needs to be done in preparing cities for cyberattacks, the results also showed some improvements made since last year.

ransomware attacks preparedness

When asked whether they had seen any increases in preparedness and concern for cybersecurity in their departments, government employees surveyed claimed they had seen more improvements than not, and nearly 70% think their employers are currently taking the threat of cyberattacks seriously.

City and state employees ranked ransomware #3 among the threats they were most familiar with – demonstrating that well publicized attacks are increasing awareness.

A closer look at the global threat landscape

60% of initial entries into victims’ networks leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, according to a new IBM report exploring the global threat landscape.

global threat landscape

The top three initial attack vectors

  • Phishing was a successful initial infection vector in less than one-third of incidents (31%) observed, compared to half in 2018.
  • Scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared to just 8% in 2018. In fact, older, known vulnerabilities in Microsoft Office and Windows Server Message Block were still finding high rates of exploitation in 2019.
  • The use of previously stolen credentials is also gaining ground as a preferred point-of-entry 29% of the time in observed incidents. Just in 2019, the report states more than 8.5 billion records were compromised— resulting in a 200% increase in exposed data reported year over year, adding to the growing number of stolen credentials that cybercriminals can use as their source material.

“The amount of exposed records that we’re seeing today means that cybercriminals are getting their hands on more keys to our homes and businesses. Attackers won’t need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials,” said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence.

“Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organizations and the protection and privacy of user data.”

Configure it out

Of the more than 8.5 billion breached records reported in 2019, seven billion of those, or over 85%, were due to misconfigured cloud servers and other improperly configured systems — a stark departure from 2018 when these records made up less than half of total records.

Banking on ransomware

Some of the most active banking trojans found in this year’s report, such as TrickBot, were increasingly observed to set the stage for full-on ransomware attacks. In fact, novel code used by banking trojans and ransomware topped the charts compared to other malware variants discussed in the report.

Tech trust takeover for phishing

Tech, social media and content streaming household brands make up the “Top 10” spoofed brands that cyber attackers are impersonating in phishing attempts.

This shift could demonstrate the increasing trust put in technology providers over historically trusted retail and financial brands. Top brands used in squatting schemes include Google, YouTube and Apple.

Ransomware attacks evolve

The report revealed trends in ransomware attacks worldwide, targeting both the public and private sectors.

While over 100 U.S. government entities were impacted by ransomware attacks last year, there were also significant attacks against retail, manufacturing and transportation —which are known to either hold a surplus of monetizable data or rely on outdated technology and, thus, face the vulnerability sprawl.

In fact, in 80% of observed ransomware attempts, attackers were exploiting Windows Server Message Block vulnerabilities, the same tactic used to propagate WannaCry, an attack that crippled businesses across 150 countries in 2017.

With ransomware attacks costing organizations over $7.5 billion in 2019, adversaries are reaping the rewards and have no incentive to slow down in 2020. New malware code was observed in 45% of banking trojans and 36% of ransomware. This suggests that by creating new code attackers are continuing to invest in efforts to avoid detection.

Concurrently, a strong relationship between ransomware and banking trojans has been observed, with the latter being used to open the door for targeted, high-stakes ransomware attacks, diversifying how ransomware is being deployed.

For example, the most active financial malware according to the report, TrickBot, is suspected of deploying Ryuk on enterprise networks, while various other banking trojans, such as QakBot, GootKit and Dridex are also diversifying to ransomware variants.

Adversaries spoof tech and social media companies in phishing schemes

As consumers become more aware of phishing emails, phishing tactics themselves are becoming more targeted. There has been a squatting trend in phishing campaigns, wherein attackers are impersonating consumer tech brands with tempting links – using tech, social media and content streaming companies to trick users into clicking malicious links in phishing attempts.

Nearly 60% of the top 10 spoofed brands identified were Google and YouTube domains, while Apple (15%) and Amazon (12%) domains were also spoofed by attackers looking to steal users’ monetizable data. IBM X-Force assesses that these brands were targeted primarily due to the monetizable data they hold.

Facebook, Instagram and Netflix also made the list of top 10 spoofed brands observed but at a significantly lower use rate. This may be due to the fact that these services don’t typically hold directly monetizable data.

As attackers often bet on credential reuse to gain access to accounts with more lucrative payouts, frequent password reuse may be what potentially made these brands targets. In fact, 41% of millennials surveyed reuse the same password multiple times and Generation Z averages use of only five passwords, indicating a heavier reuse rate.

Discerning spoofed domains can be extremely difficult, which is exactly what attackers bet on. With nearly 10 billion accounts combined , the top 10 spoofed brands listed in the report offer attackers a wide target pool, increasing the likelihood that an unsuspecting user clicks an innocent-seeming link from a spoofed brand.

Retail rebounds in targeted industry rankings

Retail has jumped to the second most attacked industry in this year’s report, in a very close race with financial services which remained at the top for the fourth year in a row. Magecart attacks are among the most prominent attacks observed against retail, impacting a reported 80 e-commerce sites in the summer of 2019.

Cybercriminals seem to have set their sights on consumers’ PII, payment card data and even valuable loyalty program information. Retailers also experienced a large amount of ransomware attacks based on insights from IBM’s incident response engagements.

global threat landscape

ICS and OT attacks soar

In 2019, OT targeting increased 2000% year over year with more attacks on ICS and OT infrastructure than any of the prior three years. Most observed attacks involved a combination of known vulnerabilities within SCADA and ICS hardware as well as password-spraying.

North America and Asia: Most targeted regions

These regions experienced the highest number of observed attacks as well as suffered the largest reported data losses over the past year, over 5 billion and 2 billion records exposed respectively.

Photos: Cybertech Global Tel Aviv 2020

Cybertech Global Tel Aviv is one of the largest B2B networking events in the cyber industry, outside of the United States. Every year, the event attracts thousands of attendees, mainly C-level executives, investors, professionals, and government officials from all over the world.

Help Net Security is on-site this year, and here’s a look at the event.

Photos Cybertech Global Tel Aviv 2020

Cybertech Global Tel Aviv entrance

Photos Cybertech Global Tel Aviv 2020

Waterfall Security Solutions

Photos Cybertech Global Tel Aviv 2020

SecBI

Photos Cybertech Global Tel Aviv 2020

IBM Security

Photos Cybertech Global Tel Aviv 2020

Roee Laufer, Division Head, Cyber Security at Israel Airports Authority

Photos Cybertech Global Tel Aviv 2020

Perimeter 81, Q.Rity

Photos Cybertech Global Tel Aviv 2020

CyberArk

Photos Cybertech Global Tel Aviv 2020

Booths

New infosec products of the week: December 13, 2019

IBM Security adds AI features to its Cloud Identity solution

IBM Cloud Identity now features AI-based adaptive access capabilities that help continually assess employee or consumer user risk levels when accessing applications and services. The solution escalates suspicious user interactions for further authentication, while those identified as lower risk are “fast tracked” so they can access applications and services they need.

infosec products December 2019

STEALTHbits launches Privileged Activity Manager with zero standing privilege architecture

STEALTHbits Privileged Activity Manager is a next generation Privileged Access Management solution that seeks to not just control privileged accounts, but effectively reduce the quantity of them altogether using a variety of modern techniques, such as the use of ephemeral accounts and a just-in-time (JIT), just-enough privilege (JEP) approach to privileged access.

infosec products December 2019

ClearDATA Comply: A SaaS solution for automated healthcare cloud compliance

Comply provides healthcare organizations direct access to the cloud with automated compliance and remediation, as well as a real-time compliance dashboard, facilitating rapid adoption of cloud services with peace of mind. Combined with ClearDATA’s cloud services expertise and deep understanding of complex healthcare compliance frameworks like HIPAA and GDPR, Comply is designed to streamline compliance by automatically enforcing technical controls according to different standards and regulations across multiple cloud services thereby achieving and maintaining a compliant posture.

infosec products December 2019

McAfee MVISION Cloud for Containers: A CASB and CSPM integrated security platform

Leveraging NanoSec’s zero trust application visibility and control capabilities for container-based deployments in cloud environments, McAfee MVISION Cloud for Containers provides customers with the ability to speed up application delivery while enhancing the governance, compliance and security of their container workloads.

infosec products December 2019

Spirent launches C200 appliance, a security and application performance testing solution

Enabling industry-leading 100G and Crypto performance testing, the C200 represents a significant expansion of the Spirent CyberFlood security and application performance testing solution family. An all-in-one solution, the C200 packs the full capabilities of CyberFlood into a quint-speed appliance that uses only 1U of rack space. Available immediately, the C200 provides carrier-class performance for applications, attacks and cryptographic testing.

infosec products December 2019

Kanguru launches a new biometric fingerprint access flash drive

This biometric fingerprint access flash drive supplants the bulky pinpads and fussy combo keypads of leading encrypted devices. With just a tap of the finger, the new Kanguru Defender Bio-Elite30 Fingerprint Hardware Encrypted Flash Drive provides quick access to encrypted files.

infosec products December 2019

Yubico launches latest version of its Authenticator mobile application for iOS

Yubico Authenticator now extends support for near field communication (NFC) on iOS, delivering tap-and-go flexibility in addition to authentication over a Lightning connection. The Yubico Authenticator App series now works seamlessly across all major desktop and mobile platforms, with full support for Windows, Mac, Linux, Android and iOS.

infosec products December 2019

IBM Security adds AI features to its Cloud Identity solution

IBM Security announced it is extending its artificial intelligence (AI) technology originally developed to protect users in the financial services industry, to clients in all industries via the company’s identity-as-a-service (IDaaS) offering.

IBM Cloud Identity now features AI-based adaptive access capabilities that help continually assess employee or consumer user risk levels when accessing applications and services.

The solution escalates suspicious user interactions for further authentication, while those identified as lower risk are “fast tracked” so they can access applications and services they need.

With data breaches on the rise, traditional means of securing access, like passwords, are often not enough to prevent unauthorized access. The rise of credential-stuffing attacks, where a malicious actor obtains a list of credentials and tests them at various other sites using a bot, demonstrates that many password combinations have been leaked.

According to a 2019 report, compromised and weak credentials are cited as the cause for more than 80% of data breaches. Meanwhile, 2017 research found that large companies are managing hundreds of applications – up to 788 custom applications on average for companies with more than 50,000 employees.

Considering the amount of programs and passwords that employees are managing between their professional and personal lives, it is increasingly important that new security measures do not hinder user experience.

“Companies are constantly trying to optimize both security and user experience, but the trick is ensuring security is not disrupting the everyday user journey,” said Jason Keenaghan, Director, IBM Security.

“IBM Cloud Identity with adaptive access is using AI to give organizations a holistic view of context for user access, based on indicators like malware and risk indicators, device insights, and user behavior, to help them focus security on high risk logins and give the majority of users seamless access to their accounts and applications.”

Adaptive access: Smart context

Many organizations continue to rely on older username and password methods to provide employee and consumer users access to services. Due to the patchwork of applications and solutions organizations are working with, they may not be able to deploy more modern security layers.

This can create a blind spot that prevents security teams from easily implementing rules that flag suspicious indicators like malicious logins, unknown locations, unrecognized devices, and whether a user is on a company’s network VPN.

IBM Cloud Identity is an identity-as-a-service solution that helps organizations connect every user to every application using adaptive access. Through the use of AI, the service helps simplify access management and security for users by assigning user risk levels based on a defined set of factors.

With these risk levels, administrators can create rules that level up or level down authentication – implementing strong authentication but only when needed. The service leverages the following features to determine risk and enable adaptive access decisions:

  • Artificial intelligence – a user behavior score is assigned based on the level of trust or risk assessed for each user. A number of factors are assessed including web intelligence, location data, malware and risk indicators, and device insights. For example, using AI, the system can detect irregular mouse movements or flag a user trying to login from a browser infected with keylogging malware. IBM Cloud Identity with adaptive access leverages IBM Trusteer AI technology to assess users based on a fraud evidence database, fraudulent pattern analysis, and cross-organizational patterning.
  • Smart access and seamless login: Since AI capabilities are able to assign risk levels, only users considered to pose a higher threat are prompted to go through multifactor authentication or denied access. By only prompting specific users to further verify their identification, rather than all users, organizations may be able to reduce operational expenses related to items such as two-factor authentication and help desk password resets for both current and new users. This can potentially lead to cost cuts considering organizations spanning different sectors have allocated more than $1 million per year to password-related support alone.
  • Low-code deployment: Adaptive access policies can be created and applied to applications and APIs with little to no development effort, and without application changes.

“According to our primary research results, the establishment of low-friction end user experiences has the potential to help boost security effectiveness while reducing management efforts and related costs,” said Steve Brasen, Research Director, Enterprise Management Associates.

“By injecting intelligence into access processes, IBM is helping its customers implement the appropriate level of authentication enforcement for users while minimizing impacts to their productivity.”