Category: Thought Leadership

EVENT: Absolute Webinar March 23rd — “Comprehensive Security Begins with Self-Healing”

Traditional strategies for protecting endpoints are failing as attacks increase in relentlessness and sophistication. This reality has elevated the demands on security professionals and requires that organizations adopt new security paradigms that unlock the power of self-healing systems. To stop security breaches at the source, we must become faster at intelligently detecting and responding to threats.
Join us on March 23rd for a webinar exploring how self-healing endpoint security gives enterprises the ability to reduce the dwell time of a dark asset, reducing the likelihood of a breach, supported by real-time remediation capabilities that helps place IT and security professionals in total command of devices, data and applications.
The New Threshold of Comprehensive Security : Learn Why Self-Healing is Imperative
Date: Thursday, March 23rd, 2017 at 10am PST / 1pm EST
Speaker: Kim Ellery, Director, Product Marketing, Absolute
This webinar explores how to create self-healing systems in your own organization, and how to ensure preparedness in the face of evolving threats. You’ll learn about:

The growing risk that insiders and attackers will compromise the security controls businesses have deployed to protect users and endpoints
What leads to an endpoint going “dark” and how you can regain visibility over dark assets
The importance of zero-touch self-healing in an “always on” security posture
How self-healing helps thwart malicious attacks

Register today and reserve your spot!

#BCTech Summit: Grappling With Privacy and Security in the IoT Age

Jo-Ann Smith, Absolute’s Director of Technology Risk Management & Data Privacy, joined a panel yesterday at the #BCTECH Summit, BC’s largest technology conference. The event brought together tech entrepreneurs, anchor companies, and business leaders to exchange ideas around innovation and growth.
Absolute partnered with Microsoft during #BCTECH to showcase our innovative Application Persistence product, helping demonstrate the power of self-healing endpoint security. Application Persistence was recently recognized by Cyber Defense Magazine as the Editor’s Choice Winner for Application Security Solution.
Jo-Ann’s panel —  “Grappling With Privacy and Security in the IoT Age: Aiming to Win” — discussed the deep-reaching social, economic and security impacts of digital technology and the need to foster a strong public-private partnership to combat cybersecurity threats.
The panel was led by Gary Perkins, executive director & chief information security officer, Province of British Columbia, and also included Keith Cerny, chief technology officer at ACL, and Richard Wilding, director, new ventures at BAE Systems Applied Intelligence.

BSides Vancouver 2017: What Really Happens When a Device is Stolen?

Richard Henderson, global security strategist for Absolute, spoke today at BSides Vancouver 2017, a gathering of information security professionals, hackers, coders and stakeholders in the greater technology community.
Richard formed his presentation — “Around the World in 80 Gigs: What Really Happens When a Device is Stolen?” — around real life examples of theft and criminal activity related to corporate devices that we’ve seen here at Absolute, sharing some of our most interesting theft cases. Not all devices are wiped and pawned — and sometimes the real life stories are better than going to the movies!
The commoditization of mobile devices has made devices largely disposable these days: Users simply don’t care about ‘things’ the way they used to. With the proliferation of devices and the explosion of theft cases, there are simply not enough law enforcement resources to pursue the vast majority of theft cases. As a result, stolen devices are everywhere.
What happens when these devices contain sensitive personal or corporate information? What happens if that device is not simply wiped and pawned, but mined for valuable data and credentials? With our team of ex-law enforcement, FBI, military, and homeland security pros, we dig into real life theft scenarios with alarming insights. We’ve uncovered everything, from employees reading emails from their boss’ computer to criminal rings and even child pornography.

@Richard Henderson – Around The World in 80 Gigs – BSides Vancouver 2017 #bsidesvancouver
— BSides Vancouver (@BSidesVancouver) March 14, 2017

Photo credit: @BSidesVancouver

Video: Absolute Talks Self-Healing Endpoints with InfoSecSync

See the power of the self-healing endpoint in action in this podcast interview with InfoSecSync!
Absolute’s Kim Ellery and Phil Shomura talk to InfoSecSync host Nick Thomas about how our persistent, self-healing endpoint security gives enterprises the ability to reduce the dwell time of a dark asset, reducing the likelihood of a breach. And, if it does happen, we can fix it with real-time remediation of breaches at the source.
Absolute’s Phil Shomura also demonstrates the technology in the video, showing how our cloud-based platform puts IT and security professionals in total command of devices, data and applications — whether on or off the network. Questions? Find out more information about our products here.


CyberSecurity: Staying Safe this Black Friday – at Home and at the Office

With Black Friday and Cyber Monday almost upon us, arguably the biggest shopping days of the year, users are getting swarmed with ads, emails, and great deals that can be hard to resist. Sadly, cybercriminals use this to their advantage, making it incredibly hard for you to know what’s legit and what’s a scam.
Taking a moment to review some of the most common scams that crooks will attempt this time of year can be incredibly helpful to ruin your holiday festivities. A simple mindless click, and you could find your system infected, your files held for ransom, or your personal information stolen.
It’s All About Email
Email-based attacks are still an attacker’s “bread and butter” when it comes to cybercrime. Criminals use all sorts of dirty tricks to try to get you to open their messages or click their links.
We often see an uptick in fraudulent messages this time of year that contain malicious attachments containing fake invoices, fake shipping notifications from major couriers like UPS and FedEx, fake receipts, or fake bank alerts. In every case, the criminals’ goal is to make you open their malicious attachment, which when executed, will install malware like ransomware on your computer. Other variants will try and get you to visit a site under their control where you’ll be asked to ‘verify’ your credentials. When you give them your username, password, and other sensitive information like credit card details, you can find yourself locked out of your legitimate accounts, credit cards used to make large purchases, or bank accounts drained. It can be incredibly difficult to clean up the mess left by a successful attack.
Social Media Scams
It’s not just email, though: popular social media platforms are often used to lure unsuspecting victims. Free gift cards from major retailers, surveys leading to massive coupons or discounts, free products: in virtually every single case they’re too good to be true. And when something is too good to be true…
Often I’ll hear refrains from friends and family: “Well, you never know!”… and that’s a hard concept to break. But the consequences for sharing these scams can be significant: you often will be asked to install malicious adding, spyware, or other nefarious plugins designed to infect you with malware or steal your personal information. Ask yourself before you click Share and follow the instructions: do you really believe Walmart is going to give every person who simply clicks Share a $100 gift card? They’d go bankrupt!
Using Public Wi-Fi
Free Wi-Fi is all but ubiquitous today, especially at shopping malls and major retailers; many retailers use it as a value-add to attract shoppers to their store, and it’s a great way for price- sensitive consumers to keep their monthly cell bills down. But it’s important to understand that there are unavoidable risks involved with using public wireless networks. Fake access points can be as simple as hiding a Wi-Fi Pineapple with a USB external battery pack in a closet or cabinet or even ceiling tile. Your phone will connect to the fake AP, and all your traffic can be monitored.
If you absolutely must use public Wi-Fi, consider using a VPN service which will open an encrypted tunnel through the public wireless and into a more secure network who will then send you the traffic you request.
Shopping at the Office
We all do it. In a world where we’re all connected 24/7/365, it’s clear that users will use Internet resources at the office for personal use. While most organizations today understand this happens, it’s incredibly important for users to pay extra caution when shopping online at work.
Don’t use a computer that also contains sensitive data which could be stolen or lost if you fall victim to malware. Breaches and theft of corporate data are what keeps your CISO/CIO up at night. You don’t want to be the person responsible for a breach.
Double-think every click, every email you open. If you’re not sure, or if something seems wrong, don’t hide it: let someone on your security/IT team know about it ASAP. The sooner they can respond, the smaller the impact to your company and its data.
Don’t let all the doom and gloom keep you from having fun this holiday, though! There are some amazing deals to be had out there, and by taking a few extra moments to think about your safety, you can make sure the worst doesn’t happen to you.
Happy Thanksgiving!

Guidelines for IT Security Leaders in State and Local Government

State and local government agencies are under pressure to do more with fewer resources. They are tasked with ensuring the security of the communities they serve, including the protection of sensitive data. These agencies must also maintain high standards of security in an increasingly challenging environment.
Data breaches at government agencies are skyrocketing, currently accounting for 7% of all data breaches and 43% of all breached records in 2016. When you dig into the data, most of those data breaches come from non-federal agencies. One report suggests that more than 65% of government data breaches happen at non-federal agencies.
Behind many of these data breachers we find several common scenarios: the rise of mobility and an increase in remote workers, device theft and unauthorized access to government data, and increased cloud and mobile contributing to the presence of Shadow Data. With data outside the of control of IT, there’s no visibility into how much data is already at risk. A data breach in the public sector can lead to serious security vulnerabilities, compliance penalties and damaged reputations. While news reports have focused on the increased cyberattacks happening across all organizations, studies have proven that 43% of data-related incidents can be tied back to negligent insiders and that 38% of cyberattacks are correlated with an insider incident.
5 Steps to Prevent Data Breaches in State and Local Government Agencies
In our new whitepaper, we lay out a layered approach to security for state and local government IT security leaders. With this guide, public sector agencies can effectively take back control and to prevent and remediate data breaches. We outline the following components and tactics, specifically tailored to the needs and issues faced by non-federal government agencies:

Education and prevention
Persistent visibility into all devices and the data they contain
Awareness of suspicious user activity
Ability to quickly and effectively respond to an attack by immediately securing devices and data
Ability to investigate an incident thoroughly and prove compliance measures were taken

Cybercriminals are willing to take the risk in targeting government data because the payout is huge, up to $500 per compromised personal profile. Without the appropriate tools, it takes an average of 201 days to identify a data breach and 70 days to remediate a data breach. What if you had at your hand a way to detect data at risk before it’s compromised? You can get all that with Absolute DDS, now ramped up to combat the prevalent Insider Threats to state and local government agencies.
Download the full whitepaper, to discover our five steps to prevent data breaches in State and Local government agencies.

3 Ways to Evaluate New InfoSec Solutions: Absolute Security Visionary Interview with Art Coviello

The Absolute Security Visionary Series captures the latest thinking, news and research as shared by the industry’s foremost leaders. These interviews offer valuable advice and a rare glimpse into the future of a complex and quickly evolving security landscape. Subscribe to the Absolute InTelligence Blog for updates as they happen.
With all due respect to the Temptations, former RSA Executive Chairman Art Coviello describes the information security landscape today as a “ball of confusion,” made all the more complex by current approaches to evaluating InfoSec solutions. According to Coviello, the most effective InfoSec solutions don’t fit neatly into a magic quadrant or traditional IT categories.
Instead, these solutions work together to create an integrated system or chain of defense that prevents attacks before they’re launched, detects attacks that can’t be prevented, and remediates intrusions faster to prevent data theft or business disruption. To accomplish this, we need security solutions that are embedded—not just bolted on—working together, reinforcing and adding exponential value to each other to protect endpoint devices and at-risk data that can be just about anywhere. That’s something we at Absolute know a lot about.
If you were unable to attend Structure Security and Coviello’s keynote presentation, you won’t want to miss this inaugural episode of the Absolute Security Visionary Series in which Coviello reveals his three keys for assessing new Infosec purchases to fulfill this vision.
“I’ve been around, and I see the plight of CSOs who have to add control after control; they can’t seem to keep up,” says Coviello.
Listen in as he shares his advice for resource-strapped IT and InfoSec leaders who want to make sense of the rapidly evolving and ever-confusing world of information security and data protection solutions. Download the Forrester Data Security and Privacy Playbook for more actionable advice.
Download the Playbook
About Art Coviello
With more than 30 years of strategic, operating, and financial management experience in technology companies, Art Coviello is one of the most recognized and influential figures within the information security industry. Mr. Coviello joined RSA Security, Inc. in 1995 and became Executive Chairman of the company, a position he held until 2015. He has played a leading role in several national cyber-security initiatives including as a founding board member of the Cyber Security Industry Alliance, and has served as an advisor to key government agencies as well as public-private initiatives.

Preparing for the Australian Data Breach Notification Bill

The Australian Government is close to passing its first data breach notification bill. Cybercrime in Australia is on the rise, with 63% of Australian organizations experiencing a cybersecurity incident or breach in the past year. This has led to increasing pressure on the Australian federal government to pass mandatory data breach notification legislation.
An exposure draft of the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 was published and open for public comment in early 2016. Although the legislation was rolled over into the spring session of parliament, it is expected that public pressure will force the legislation through. There has also been considerable criticism about the Bill from Australian businesses.
Regulatory Requirements for Serious Breaches
The new legislation, if passed, will require organizations to notify the Privacy Commissioner and affected individuals (and potentially the media) following a serious breach.  As outlined in the bill, a serious breach occurs when there is unauthorized access or the disclosure or loss of customer information, including personal details, credit information or tax information. It is likely that there will be a 30-day grace period to determine if a breach is “serious,” although such delays may prove costly.
Australian organizations need not wait for a final ruling to begin taking steps to prepare for more stringent data protection and breach notification requirements. We’ve offered this same advice when talking about the constantly-shifting regulatory environment in the US and the upcoming global ramifications of the EU General Data Protection Regulation (GDPR). The earlier you start your preparations, the better.
The proposed regulations will apply only to larger organizations, with turnover over $3 million per year. However, organizations of any size who fail to disclose a data breach face media scrutiny and sever brand value repercussions. Moreover, organizations that fail to comply with the new legislation could face fines of up to $1.7 million.
Complying with Australian Privacy Law
To learn more about the specific compliance requirements Australian organizations face, download our whitepaper. Proactive organizations should also research technologies that can extend visibility and control beyond the network. Earlier studies have shown that many data breaches in Australia, as elsewhere, are tied back to mobile devices, the cloud and the Insider Threat. With Absolute Data & Device Security (DDS), organizations can regain control over the endpoint and the data it contains, even if held in cloud storage applications. With insight from Absolute DDS reporting and alerts, you can mitigate data breaches and prove compliance if needed. Learn more at