Category: Endpoint Security

Endpoint Security 2019

Endpoint security has come a long way. The threat environment today is nothing like it was back when employees would receive anti-malware updates on a floppy drive a few times a month. Endpoint security is its own market with solutions focused on many different angles, segments, and platforms.  Let’s look at what endpoint security actually is, why it is important, how it differs from antivirus software, and what makes up a balanced security posture.
What is Endpoint Security?
The best way to think about endpoint security is in the context of covering any of the risks associated with devices (endpoints) connecting to your network. This includes laptops, desktops, tablets, smartphones, and a host of IoT machines.
In information security, we often refer to the concept of defense-in-depth. Layering security controls that address different aspects of your organization’s security posture ensures overlapping protection, minimizes the impact of a single failure, and reduces your attack surface.
In a traditional defense-in-depth model, a lot of the heavy lifting was done by your networking security infrastructure to manage tasks including controlling access, monitoring for suspicious activity, and correcting misconfigurations, and other vulnerabilities. However, many of your devices we use now operate outside the protection of your corporate network and, as a result, endpoint security has evolved to address these new challenges. If the border firewall was the edge of your security perimeter before, your endpoints, applications, and end users are today.
Although the landscape looks different, the same principles still apply. Addressing your security concerns with a posture that accounts for the many facets of your business needs ensures that the solutions you adopt are complementary for better overall performance.
From an endpoint perspective, this sounds a lot like endpoint management, doesn’t it? To be equipped to effectively identify, protect, detect, respond to, and recover from security events in your environment, you need to understand your device population, its health indicators, and expected behaviors. This asset intelligence ensures that you know what you need to know when you need to know it to make those critical security decisions.  Additionally, the valuable intelligence that your endpoints generate out on your perimeter not only help you understand their own health and safety, but also enriches what you know about the security of your data, networks, and applications.
Read: FORECASTING INTELLIGENCE: TRANSFORMING IT ASSET MANAGEMENT INTO BUSINESS-CRITICAL INSIGHTS
Why is Endpoint Security Important?
With your endpoints, applications and end users becoming your organization’s new security perimeter, they have a big job to do. Any device that accesses your corporate resources on or off-network could be a potential target for attackers. IT and security teams have to contend with the pressures of BYOD (bring your own device) programs, remote and mobile workforces, as well as an increasingly diverse web of networked devices all pushing against your organization’s IT operations and security infrastructure.
It should be no surprise then, that according to a recent study by Ponemon Institute, nearly two-thirds of enterprise organizations have been compromised in the last 12 months by attacks that originated on endpoints. Compared to numbers just a year earlier, we’re looking at a 20 percent increase.
Attacks from outside intruders may present the most obvious threat and are indeed a daily challenge, but we can’t ignore the impact of internal threats. Of particular concern here is when employees disable or tamper with the critical security applications which IT teams rely on to secure devices and data. Employee behavior, usually out of unwitting negligence (but also sometimes from maliciousness), can put critical organizational information at risk and cause malware infection, corrupted registry files and drivers, or disabled services.
When users interfere with system management – patch management, antivirus, anti-malware, encryption, and other important security tools – these endpoints must often be reimaged which can be a costly process. Intentionally or not, your employees may be putting the organization at risk of a breach while creating additional work for IT staff who are already often spread far too thin.
Endpoint Security and Anti-malware Software
To many outside of information security, endpoint security and anti-malware software sound synonymous. When you would have received those anti-malware definitions in monthly floppy disk shipments, it may have been an organization’s only security control.
As we mentioned before, endpoint security is a posture or a practice. Anti-malware software is one of many important components of that posture. Depending on your organization’s threat model (your understanding of the potential threats and associated risks to your business and what you would need to do to accept, mitigate, or transfer those risks) the specific combination of security tools may vary, but they should all support the overarching objectives of your posture.
What Makes Up a Balanced Endpoint Security Posture?
There is a seemingly endless list of endpoint security solutions on the market. Deciding which ones are the best fit for your business is a difficult task, but where do you even start?
First, it’s important to understand the different types of endpoint security controls. As we have already discussed in a post about NIST CSF, being able to prevent, detect, and respond to threats are foundational capabilities, but ensuring that these tools are active, healthy, and configured properly on your devices requires the asset intelligence derived from tying these tools closely with your IT operations’ service management and configuration management. This is particularly challenging and critically important for those devices out on the security perimeter without the defenses of your corporate network.
The best endpoint security strategy for your organization means finding the right mix of features. To understand what will work most efficiently and effectively, you need to ensure that endpoint security is an integral part of your information security strategy and architecture. According to a peer-authored report by SecurityCurrent, endpoint security solutions must demonstrate how the software and sensors enhance or improve a company’s overall security posture alongside other security tools.
The report lists several key considerations for endpoint security features to look out for. Your checklist should include those solutions, which:

Collect and preserve forensics data
Process integrated threat feeds
Allow security managers to “set and forget” the minimum security baseline
Provide alerts to changes in critical configuration items
Support mobility considerations
Focus on prevention versus detection
Manage resource intensity
Flexible for today’s variety of attacks and adaptable for future threats
Have a minimally intrusive footprint and resource usage
Offer tools to help determine the effectiveness of the solution

Absolute’s endpoint management solution that not only checks these boxes but is the only one that offers self-healing capabilities. Offering you a truly panoramic view of your endpoints, we look at your organization as a whole, complex system, providing unparalleled visibility and control over your endpoints on and off your network.
To help you along with endpoint security strategy, download our whitepaper: Four Essential Strategies For Endpoint Security And Protection.
To see how our endpoint management platform can work in your organization, request a demo or contact our sales team

2019 RSA Conference Takeaways

RSA Conference (RSAC) is a true reflection of the information security industry: the one constant is change. Attendee numbers grow each year, vendors come and go, and the over-arching event theme changes with the times. 2019 was my fifth consecutive RSA Conference and even in those few years, I’ve seen a significant shift in the conference tone, and our industry as a whole.
Ease of Use
A few short years ago, RSAC reflected everything cloud. What is it, what are its advantages and disadvantages and of course, what were the risks? From cloud, conference goers moved into talk about automation, orchestration and threat detection. How could InfoSec practitioners rely on security tools to find and address the overwhelming number of threats out there?
Then came the shift to data. There was, and continues to be, much talk (and a whole lot of FUD) around big data, data analytics, artificial intelligence, and machine learning. Many of us are still trying to sort out how these important data-centric approaches fit with and aide security efforts.
This year, conversations shifted from ‘the what’ of risk to ‘the how.’ And for many, the desire is ease.
There was much less evidence of the-world-is-a-scary-place (think shady hackers in hoodies) and your only hope is dependence upon some cool new widget. Instead, this year, we saw a transition to a call for simplification: reduce complexity to increase security.
Zero Trust Model
One important sub-topic to this year’s conference was zero trust. How can you reduce complexity and improve security using the assumption of zero trust?
Zero trust is the notion there is no trust within your environment across networks, devices, people, applications and, at the center of it all, your data. Data doesn’t trust your device or any other element and conversely, none of the other elements trust the other. At the foundation of zero trust is the assumption that trust is a vulnerability – authentication must take place before trust can be issued.
In my conversations with analysts, Absolute customers, and many other buyers and sellers of security products, the topic of authentication and conditional access came up time and again. Conditional access is a computation that asks questions about worthiness. For example: yes, this user is who he/she says she is. Or, yes, this device is in fact where it should be…
Authentication has its challenges certainly but, in the case of endpoints, you must start with accurate, contextual asset intelligence. You can’t authenticate what you don’t know you have.
Read NIST Cybersecurity Framework: First, See Everything
Asset intelligence is Absolute’s role in this approach; we help orchestrate the zero trust dynamic at the endpoint. Our solution is already embedded in much of the hardware out there today and our platform supports application and security control persistence. Are all of your elements enabled and working? We provide IT with that information quickly and automatically.
Likewise, nearly every RSA vendor also has a role to play in the zero trust approach. Standing on the packed show floor, you got a strong visual of how different vendors approach and provide the authentication that goes to worthiness. Collectively then, you could ask yourself, how could these different tools work together to authenticate access. Most important to the conversations this year at RSAC, was how can IT maximize all of the tools they use to authenticate, secure, and provide confidence (and documentation) that they are all working for the betterment of your organization’s security posture?
RSA is known for bringing together many different perspectives that then drive compelling conversations around the problems we can solve together. This year didn’t disappoint. Effectively solving security issues while also reducing complexity for our IT teams will continue to be a focus in the year to come.
If you would like to learn more about how to increase your visibility and control over your endpoints and reduce your risk, take this dark endpoint assessment.
 

3 Overlooked Data Privacy Considerations

While legislators struggle to agree on a new federal data privacy law and how it would handle fast-emerging state laws like the one in California, organizations shouldn’t sit back and wait on a list of rules. Data privacy considerations are increasingly critical, especially as our now digital world has dematerialized people into being who the data says they are.
Protecting personally identifiable information, PII, for the benefit of your constituents and the demands of regulators is no easy task, however. To address the enormous goal of protecting data, start with these three often-overlooked considerations:

Data residency: Are you certain you know where your data is hiding?
Orchestration of controls: How are your security controls policed?
Continuous monitoring: Can you be sure data is not residing in the wrong place and, if it is, are security controls in place?

Data Residency
Your organization is full of sensitive data. You need it to fuel your business. Generally speaking, PII is accessed only via approved business applications.
Of course, your employees would never export data from Salesforce.com and save it on their laptop. And, they’d never save an Excel spreadsheet containing PHI to their hard drive. They’d certainly never sync a proposal containing proprietary company information to Dropbox.
The problem is that your employees would do all of the above. And they do.
Your sensitive data is sitting out there on more endpoints than you think. You need the equivalent of Google for your endpoint data — a lexicographical crawler for PHI and PII data that can alert you to any unauthorized data hiding out there on endpoint devices.
Unless you have that, you simply won’t be able to track all the places where the data resides.
According to Forbes, one laptop is stolen every 53 seconds. What happens when one of those laptops belongs to your organization? Results from a recent Forrester security survey found that 39 percent of breaches can be traced back to the endpoint (24 percent caused by employee misuse and 15 percent caused by lost or missing devices). Without the ability to know what data resides on a device, you’ve no idea if you’ve exposed your customers to a data breach risk.
Read Lost or Stolen Devices: What To Do in 4 Steps
Orchestration of Controls
There is no shortage of security controls, whether they be native in the operating system or third-party applications like antivirus, antimalware, encryption, or other endpoint detection and response (EDR) solutions. These controls help ensure that the place that data resides is a secure one.
The problem organizations face is ensuring that the third-party controls remain in place and are functioning at all times. Native controls can help with this, giving organizations the ability to pull information from the controls and push actions to the device if they are not operating as they should or if the user of the device is acting suspiciously.
This is particularly important in a breach scenario. For example, if a company laptop is stolen from the trunk of your employee’s car and you know that the laptop contains PHI, without visibility into that device, you have no way to prove that encryption was in place and functioning and that no data was accessed post-incident. In this scenario, you would have to assume that the data was breached and follow HIPAA’s breach notification rules.
With the right visibility in place, you can categorically prove that security controls were in place on a device, that no data was accessed, and that the device has been locked down and is no longer a threat.
Continuous Monitoring
Annual auditing is only valid on the day the audit takes place. Can you be sure on any day in between audits that data is not residing in the wrong place and, if it is, that security controls are in place to protect it? Without continuous monitoring, you’ll never be able to keep track of all the data copies that exist on all your devices. This can leave you in hot water when the regulators come knocking.
Say, for example, that you have a customer who resides in Nice, France. They notify your company that they want to be erased from your records. Under GDPR, you have to find every stitch of their data that is saved in your organization and erase it.
You can pull them from your data lakes — that’s the easy part — but shards of their data will still exist out there on numerous endpoints, leaving you exposed to sanctions under GDPR. In this scenario, you need the ability to reverse your gaze, looking outwards rather than inwards, and surgically delete their data elements from your endpoints.
For your data privacy efforts to be effective, diligence is required across all three these three areas. In my next post, I will discuss 3 simple steps to approaching data protection. In the meantime, if you’d like to learn more, get our new eBook, 3 Overlooked Data Privacy Considerations.

What is Endpoint Management?

At a high-level, the definition of endpoint management is the process an organization undergoes to detect, provision, deploy, update, and troubleshoot its endpoint devices. Sounds simplistic, and it is.
What is an endpoint?
To get a good grasp of endpoint management, the first step is to ensure we have a solid understanding of what constitutes an endpoint.
An endpoint is essentially any remote device that sends and receives communications with the network to which it’s connected.
Endpoints can include:

Desktops/workstations
Laptops
Smartphones
POS Systems
Tablets
Servers

The critical issue surrounding endpoints is that they represent one of the key areas of vulnerability for businesses, and can be an easy entry point for cybercriminals.
Through endpoints, attackers may execute code and exploit vulnerabilities on and with our assets. Today, the workforce is more mobile than ever, with employees connecting to internal networks from outside the office and from endpoints anywhere in the world.
Read: Absolute Named the Leader in the G2 Crowd Grid® Report for Endpoint Management
Now that we’ve established the “what,” we can move on to the “why.”
Why is endpoint management so critical in 2019?
It all starts on the endpoint.
Perhaps the most pressing reason for endpoint management is that most successful breaches begin at the endpoint. In fact, according to an IDC study, the endpoint was the cause of 70 percent of successful breaches.
This stat is no surprise since endpoints represent all the devices connecting to your network. Therefore, if those devices are not well-managed, attacks can quickly morph from a brushfire to a widespread blaze.
Maintaining visibility and control of your endpoints is crucial.
Not enough resources to keep up
The definition of a secure endpoint has changed over the years and is much more complex in 2019 than it was even a few years ago.
New critical threats materialize all the time, and for most IT and security teams, it’s a constant struggle to prioritize the threats that can cause the most harm. When your company lacks sufficient visibility into potentially infected enterprise endpoints, vulnerabilities are patched haphazardly, leaving you more vulnerable.
It’s probably no surprise that in a recent Ponemon study, a mere 37 percent of companies surveyed said they had sufficient resources to minimize risk, despite 69 percent of them acknowledging that endpoint security risk has significantly increased.
Not your typical malware.
Attacks aimed at endpoints are hurtling toward us at an unprecedented rate. In 2019, the attackers are getting stealthier. Bad actors (hackers) may not be changing the strains of their attacks, but their tactics, techniques, and procedures are more sophisticated than ever.
Expect to see more zero-day attacks (where a security hole known to the software vendor exists without a patch in place to fix the flaw) this year. Another attack to watch out for is a file-less attack – which avoids downloading malicious executable files by leveraging exploits or launch scripts and macros from memory in order to circumvent detection by antivirus solutions.
The Ponemon study mentioned above, The State of Endpoint Security Risk, found that “76 percent of successful attacks leveraged unknown and polymorphic malware or zero-day attacks, making them four times more likely to succeed in compromise compared to traditional attack techniques.”
Risks of selecting the wrong type of endpoint management system
Investing in any security solution is a critical decision requiring careful consideration. Think about it – you’re going to be trusting the provider with your critical data. The team behind the endpoint management system you choose is essentially a partner that will help you secure all of your endpoints — preferably for the long-term. After all, who wants to go through the process of evaluating, rolling out, and deploying a solution more than once?
One of the most significant ramifications for choosing the wrong product would be if your endpoint management has promoted a false sense of security within your organization. Assuming you’re secure when you are not may be just as disastrous as not having a solution at all.
In your selection process, make sure the solution is easy to manage and isn’t too complicated. Anything with too much complexity may suit highly-trained IT staff, but most businesses don’t have the time or resources to navigate the choppy waters of an overly confusing management console.
The next generation of endpoint security
We’ve learned that what constitutes a secure endpoint has changed over time. As our endpoints also become weaker over their lifespan, the problem compounds. When you add bad actors to the mix, we have a recipe for potential disaster and an exponential curve downward toward decay.
The next generation of endpoint management is one of self-healing. OS manufacturers may make their operating systems more restorative, but they won’t be self-healing. Next-generation solutions will be organization-specific and customized to your business with its unique set of endpoints.
Read: Comprehensive Security and Why Self-Healing is Imperative
Now, where do I start with endpoint management?
Getting started with endpoint security is not simple, nor is it something you can do in a single day – it takes a lot of time, planning, resources, training, and practice to build a solid foundation.
To help you along, download our whitepaper: Four Essential Strategies For Endpoint Security And Protection.
To see how our endpoint management platform can work in your organization, request a demo or contact our sales team.

Buyers Beware: How to Spot a Stolen Laptop

Laptop theft equals big business for many thieves. Online classifieds and auction sites like Craigslist, pawnshops and sometimes even street corners provide the perfect spot to flip a stolen machine. While few of us will deny that computer theft is a seedy crime, many of us wouldn’t hesitate if offered a great deal on a good computer. But at what price?
Whether you unknowingly make an illegitimate transaction or simply chose to ignore your better judgement to strike a good deal, the consequences of buying a stolen laptop are unfavorable. If you end up in a shady situation but still make the purchase, you could potentially face charges for Possession of Stolen Property. If that laptop contained sensitive data (personally identifiable information from customer data, privileged or proprietary corporate data) that can be linked back to a business, what responsibility do you have to alert police or return that data or device? Even if by chance you can prove you made the second-hand purchase in good faith, you’ll still be without a laptop in the end. The police will return the machine to its legitimate owner, and you’ll be out whatever cash you forked over.
Absolute recovers thousands of stolen computers each year, and so we know the general rule of thumb when it comes to purchasing a used machine.We also have solutions in place that are used by experts to track stolen laptops. If the situation feels suspicious, it probably is, and you should avoid it.

RED FLAGS TO WATCH FOR WHEN BUYING A USED LAPTOP
Although there are no real tell-tale signs of theft, there are definitely red flags to look for when buying secondhand.

The seller is unable to produce any documentation for the hardware
The Kensington lock slot is damaged, which suggests the computer was ripped from its security cable
The laptop is being sold without its power cord
The laptop is being sold for an unusually low price (most thieves are looking for a quick flip)
Serial number is scratched out or blatantly obscured
The laptop is password protected
There are clear signs of corporate branding (e.g. desktop, screen savers, naming schemes, stickers, etching, etc.)
The seller is not willing to turn on the laptop or connect it to the Internet (which would give security protections like Absolute the chance to connect and activate)

WHAT QUESTIONS SHOULD YOU ASK BEFORE PURCHASING A USED LAPTOP?
Even though the offer may be tempting, think before you buy and do your research first.

Inquire into the reason for sale. Why is the seller getting rid of the laptop? What have they used it for in the past? Look for fumbling responses, or incoherent explanations.
Ask where the laptop was originally purchased and for any original documentation the seller may have – manuals, receipts etc.
Request a purchase receipt. An honest seller should have no qualms with this.
Consider fair market price. Is the computer being sold for an unreasonably low amount?
Using the laptop’s serial number, check with online theft registries or local police to see if the machine has been reported stolen.
Request a test drive of the laptop. Connect it to the Internet. If stolen and protected by Absolute, this could trigger an automated delete / lock, at which point a message will appear on the screen about next steps to return the stolen laptop.

Absolute provides persistent visibility and control for endpoint devices – desktop, laptops, tablets and smartphones. Embedded at the factory in more than 1 billion devices, our protection cannot be deleted or disabled. If you are purchasing a device for corporate use, be sure to purchase only new devices that are protected by the self-healing endpoint security from Absolute. The last thing you want is for your new device – and all your sensitive data – to end up in the hands of thieves!

Why IT Asset Management Is Key to Data Security

Information security is a growing concern for many organizations and while the ways you access and protect your data continue to evolve, the reasons for it stay the same – your data is the driving force of your organization. To effectively protect it, you need visibility and control over all your assets.
IT asset management is the foundation of many risk management frameworks for good reason. Having an informed understanding of your IT environment – your expectations for performance, configuration, and behavior – across the complete lifecycle of your assets will improve not only your operational awareness but your security posture too.
It’s tempting to consider IT asset management as mundane work. And that would be true if your approach to it was creating a simple device register and then setting it aside for your next inventory audit. In reality, though, true IT asset management is your key to managing the explosion of devices and systems your organization is likely experiencing.
It also serves as your canary in a coal mine. A strategic IT asset management program will help you identify risk earlier in the event of a security breach and deliver a quick, effective response.
3 Objectives of an Asset Management Program
When thinking through an IT asset management program, it helps to first break it down into three primary objectives:
1.      Plan and organize your devices
Setup your asset management tools to reflect your organization’s plan. Consider all of your devices no matter whether they are on or off your corporate network. Then, document the purpose of each device. What business functions do they perform? How and where are they used? Who is responsible for them? Also, document the expected lifespan of each device including the refresh cycles, lease date or end of life warranty.
Last but certainly not least, determine whether or not it might hold or access sensitive, confidential information. If it’s to be used by the CEO or HR, for example, the answer is yes.
Establishing your expectations before you place devices in the hands of your end users ensures that you can detect and control unexpected changes as they happen, minimizing their impact and increasing your effectiveness.
2.      Keep devices visible and healthy
Developing and implementing your IT asset management plan ensures that you have a living baseline to measure your population against. With this knowledge, you can effectively monitor your devices’ performance, health, and risk exposure, and make informed decisions about changes to your environment.
Are your security applications working and up-to-date?  Users regularly delay patches, remove and/or disable applications, unwittingly putting the devices at risk. How are you able to identify the scope of unexpected changes in your environment and how can you address them at-scale when they occur?  What’s your action plan if a device is lost or stolen? How will you discover that it’s gone?
Also Read Lost or Stolen Devices: What to Do in 4 Steps.
3.      Retire devices
To have an effective IT asset management plan and a capable information security practice, you need to trust your data and ensure that the devices important to you are monitored and protected. This means that your devices need a retirement plan. Establishing a process for your devices’ end of life from the time they first enter your environment means that your devices are collected, secured, sanitized, and removed from your environment when the time comes. It also means that the information you rely on to make critical information security and IT operations decisions is accurate and the alerts you receive when something unexpected happens are real.
How will you manage device returns when employees leave or change roles? How do you manage timely and secure device end-of-life? How can you confirm that are they safely decommissioned from your organization? Having a process in place enables you to answer these questions.
As the population of devices your organization comes to rely on grows and the volume of data you hold rises, it’s critical you maintain visibility and control. Proactive IT asset management is how you accomplish that goal.
If you would like more information on how to effectively manage your growing number of assets across their lifecycle as well as how to deploy, manage, monitor, and decommission your IT assets using Absolute, join our webinar: Effective Lifecycle Management with Absolute.

Cybersecurity 101: What It Is and Why It’s Important

For many organizations, cybersecurity can be one of those important topics that unfortunately gets lost in other company priorities. As the explosion of apps, IoT and mobile users bring about countless possibilities for a cyber-attack, today’s savvy organizations understand that a breach is more of a ‘when’ than an ‘if’.
So we’re here to unravel your critical cybersecurity questions.
What is Cybersecurity?
Look online and you’ll find many different ways to describe cybersecurity. It’s relatively all-encompassing, but the main objective is the protection of data. At the heart of the matter is people, process and technology.
The most important thing to know is what security professionals learn on the road to professional certification: cybersecurity is all about protecting the confidentiality, integrity, and availability of information. These three core elements represent the C-I-A triad (not to be confused with the other CIA).
Cybersecurity ensures that data is only seen by who it’s meant for (confidentiality), that it is not modified or deleted by an unauthorized third party (integrity), and it is accessible to anyone who needs it (availability).
As most of our data is connected to the Internet in some way, the definition of cybersecurity has evolved from the information security designation to include defending data and other devices against hackers, or what professionals call bad actors (not to be confused with an unconvincing thespian).
Why Is Cybersecurity Important?
With more data and devices connected to the Internet than ever before, the importance of cybersecurity for any business is escalating. Whether we like it or not, security needs to be top of mind for everyone in your company from the top down. All employees, especially at the executive level, must be aware of what threats exist and how to properly mitigate risk.
Cybersecurity is all about managing risks such as regulatory risks, reputation risks, and financial risks. By managing risks properly, we can build and maintain trust with stakeholders — such as authorities, customers, shareholders, and management — by ensuring that data is protected.
Perhaps the most powerful reason why cybersecurity is important boils down to the human element. After learning about the CIA triad, security professionals quickly learn that humans are the weakest link in the cybersecurity chain.
Especially in today’s constantly connected world, we are making split-second decisions on our devices — both at home and at work — all the time. Hackers and bad actors know this and rely on us to make decisions to either click on something we shouldn’t or divulge privileged information.
We have so much to do in our workday and multi-task by carrying out tasks on countless apps, websites, services, and devices. Unfortunately, cybersecurity is the last thing on our minds as we make our day-to-day and minute-to-minute decisions. When security mechanisms get in the way, too many of us neglect it.
Far too many companies have suffered serious damage due to a data breach; the most recent example being the Marriott attack, in which data belonging to 500 million customers was stolen.
There has never been a greater need for a security-first mindset across your business or enterprise. Our data, our information and our assets are vulnerable and need to be protected with robust security controls, standards, and strategies. However possible, promoting security awareness in your organization is essential.
Types of Cybersecurity
 As we touched on earlier, cybersecurity is wide-ranging in scope. To help break things down, there are four essential elements of cybersecurity you need to be aware of.
Application Security
This is probably the most specific type of cybersecurity and primarily covers software. Application security is the control activity used to ensure software applications are protected at all stages of their lifecycle – design, development, deployment, maintenance, upgrade, and retirement.
An example of this would be when you add functionality to your software that would prevent threats, attacks, and breaches.
Mobile application security is also included in this definition. 
Network Security
Branching out a little further, we have network security, which covers access and rights to your network and its resources. Network security is there to protect any internal network infrastructure.
Logins, passwords, access rights, VPNs, and firewalls are all examples of what is used to protect the network.
Endpoint Security
Perhaps one of the most crucial defense mechanisms for network security is endpoint security, a strategy to protect the connection between remote devices like laptops, tablets, smartphones and wireless devices and your corporate network. Endpoint security is there to ensure these devices meet your company’s security standards.
Cloud Security
Once we’ve expanded into the cloud, we’re now covering security that protects data and resources that reside on the Internet (hopefully protected in some way). Cloud providers are continually creating and implementing new security tools to help enterprise users better secure their data.
However, it must be noted that Cloud security represents a shared responsibility between your company and the Cloud provider. In other words, the relationship needs to be managed. 
IoT (Internet of Things) Security
Finally, there’s IoT security, possibly the most vulnerable element of cybersecurity. Internet-connected cameras, home appliances, voice assistants and more — by design they are not only connected to our private networks but also connected to the Internet.
What makes these devices so vulnerable is that most users don’t change the default passwords, turning them into easy targets for hackers.
 Cybersecurity Threats
 In today’s business landscape, the threats to our assets and data are skyrocketing. Almost everything that touches your business could be a potential cybersecurity headache, but there are several prominent threats you should know about.

DOS (Denial of Service) Attack
A DOS attack occurs when an attacker actively prevents your users or customers from accessing one or more of your resources. Usually, this attack is achieved by sending an overwhelming amount of data for your resource to process, bringing the service down.
Malware/Viruses/Ransomware
These attacks contain malicious code that can wreak havoc on your systems, and are typically brought about by a user clicking on a harmful link he or she is not aware of, or can also be embedded within software and file downloads.
Both viruses and ransomware are types of malware.
Ransomware is malware that, once invoked, forces the victim to pay a ransom to the hacker to prevent the malware from creating disaster (usually locking and encrypting data to render it inaccessible).
Phishing
Phishing is perhaps the easiest way for an attacker to obtain sensitive information like usernames, passwords or juicy financial details. In a typical phishing attack, an email is sent to trick the target into thinking it is coming from a legitimate business or person. The emails usually contain a link that, if clicked on, take the user to a fraudulent website made to look like a valid login or support page to capture their confidential information.
For more detailed information on how a hacker hacks, check out the recent blog, CYBERSECURITY THREATS PART 1: HOW A HACKER HACKS, from Kim Ellery, Absolute’s Senior Director of Product Marketing.
Social engineering
Phishing is a form of social engineering, in which tactics are used to trick people into divulging sensitive information. While phishing relies on technology, social engineering does not require any technical know-how. With the right data, an attacker can call someone at your company, say the right things to establish trust, and get them to reveal data that should be kept confidential.
Physical security breach
A physical security breach is when a laptop, mobile device, USB stick or other resource is lost or stolen. Another example of a physical security breach would be an unauthorized individual entering your place of business with the intent of stealing data, assets, or resources.
Data breach
A data breach occurs when there is a leak, compromise or theft of a company’s data or information relating to its business or its customers.
It’s important to note that many data breaches (such as the recent healthcare breach of Unity Point Health, which potentially compromised the PHI of 1.4 million patients), began with a phishing campaign.
Equally important: knowing what NOT to do after a data breach.
Where to Go From Here
With so many threats to think about, it’s understandable to be overwhelmed. Keeping up with all the latest advancements in cybersecurity may be too much for the average company’s IT team.
Thankfully, there are countless resources available to help with best practices. NIST’s extensive Cybersecurity Framework and SANS Institute’s collection of information security resources are highly recommended.
You may also want to outsource cybersecurity functions to a managed security service provider.
Regardless of who is responsible for threat management in your organization, there are a few basic strategies you simply cannot ignore:

Software, anti-virus, firewalls, and systems are patched and up to date
An incident response plan is clearly defined and in place
Users and management are well-educated about cybersecurity and how to recognize attacks like phishing

Still not sure how to start? We’ve teamed up with SANS Institute to bring you “Cyber Threat Checklist: Are you Prepared?” a special webinar to help plan your strategy for assembling the key components you need to include.

 
 
 

Lost or Stolen Devices: What to Do in 4 Steps

A lost or stolen device is a dreaded, but highly likely situation for most people to have to face. It’s not so much the device itself–that is replaceable–but that data that the device contains that causes alarm. Forrester’s State of Data Security and Privacy Report 2018 to 2019 claims that lost or stolen devices represent 15 percent of all confirmed data breaches. To make matters worse, 35 percent of all devices contain sensitive, corporate data that then pose a significant risk to you (and your organization) when lost/stolen.
Missing laptops, tablets, phones and other endpoint devices are a very real problem. But what should you do when a device goes missing? Your response to a missing device should begin with answers to these four questions.

Where is it?

When a device goes missing, you might think immediate quarantine is your first logical step. After all, you want to cut off anyone unlawfully trying to gain access to it and/or your network via the device. While that’s true, shutting down access assumes you already have accurate visibility into where the now-missing device is located. Having the ability to precisely pinpoint your device’s true location must be your first step in protecting it, and you.

What’s on it?

Once you’ve discovered a device has gone missing, your next question should be ‘what’s on it’ and therefore, ‘how big of a risk’ is the lost or stolen device to you. This is where good asset intelligence comes into play. Asset intelligence is more than a simple catalog of your devices; it also outlines the business function associated with each device. What is the device used for? Having a pre-defined understanding of asset intelligence is critically important for rapid, effective security incident response. Detailed asset intelligence will tell you if the missing device contains sensitive, personal, regulated data and knowing the answer to that will tell you what your next step needs to be.

What’s protecting it?

In addition to knowing what’s on the missing device, you also need to understand how the information is currently being protected. Compliance calls to mind encryption because it’s a requirement of GDPR. If sensitive data resides on the missing device and it wasn’t encrypted, your next step, as outlined by the EU data privacy regulation, is a breach notification. However, there’s much more to data protection than a simple yes or no checkbox for encryption. Are other protection tools you implemented like anti-virus, security agents and apps still in working order? Good endpoint cyber hygiene is the most important control function you can take. ‘Hygiene’ is a manifestation of your security intent and all the defining attributes of the machine, combined and tracked for conformity throughout the device’s lifecycle. Conduct a regular scan of your devices and see how each conforms to your pre-defined hygiene benchmark.

What can you do to secure it?

Every missing device calls for a custom response that is based on the circumstance. For this reason, you need to be able to automatically reach every device, quickly, in an informed manner so you can tailor every response for best results.
With so many untethered endpoints out there, devices are bound to be lost or even stolen – it’s just a matter of when. Following these four steps will help you prepare for this reality, guide your response and ultimately, better protect your data. For more information on how you can protect yourself from lost and stolen devices, watch this short video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
Lost, Stolen Devices
Video Transcript:
Hey! Josh here from Absolute. Today, we’ll cover something we all experience but rarely talk about: missing devices.
Isn’t it amazing to see how businesses have evolved?
Our workforce is global. Laptops, tablets, mobile phones are scattered around the world, the term ‘user’ includes customers, partners, contractors, among others, and data hides ‘out there’ on endpoints that regularly go out-of-sight.
35% of endpoints contain sensitive corporate data.
What happens when one of these machines goes missing?
Well, we begin by answering 4 questions:
1) Where is it?
Some may say that isolating or scanning or quarantining a device is the first step, but that assumes you have visibility to the machine. So, pinpointing the device’s location is the first step.
2) What’s on it?
Buried within these devices are regulated data like health data, financial records, or personal information. A sure bet to be non-compliant when the device goes AWOL. So, we need to scan the device with lexical crawlers to confirm or disconfirm any sensitive data.
3) What’s protecting it?
Here, we need to see if any of our protective technologies (Anti-virus, encryption, security agents and apps) are working or if they have failed. By extracting this kind of asset intelligence, you can set priorities and act quickly.
4) What can we do to it?
Every scenario calls for a tailored response based on the circumstance. This is why it is so important to have flexibility to reach any device – on or off your corporate network – with any command, script, playbook fine-tuned to the moment.
With so much movement and complexity, you can bet your sweet bitcoin that some of these devices Will. Go. Missing.
In a real-world with a boundless workforce, paired with distributed devices, data, and apps the recurring episode of missing machines is part of the game.
But we can ask ourselves those four questions:
– Where is it? And we can Track & Trace
– What’s on it? Extract Asset Intelligence
– What’s protecting it? This puts the finger on the pulse of Endpoint Cyber Hygiene
– What can we do to it? We can automate our response for a rapid recovery.
Be sure to like this episode, and subscribe to our channel, because next time we will discuss another heart attack problem: Data Privacy. I will see you then!

Final Countdown for a Windows 10 Migration

Windows 10 was launched in late 2015 and since then, usage has climbed steadily. Web analytics firm StatCounter says global Windows 10 use overtook its primary competitor, Windows 7, in February 2018; Net Market Share reports the turning point happened in December 2018. Regardless of timing, Windows 10 is now the most popular desktop OS in the world.
According to Microsoft, there are 1.5 billion devices running Windows but only about 700 million of those are running Windows 10. Further, Forrester says just 56 percent of company-issued PCs are running Windows 10 today. Why hasn’t everyone updated yet? Known non-compatibility issues with legacy apps is the primary migration roadblock for the enterprise. Many companies also cite the time-consuming migration process as their biggest reason for delay. Others remain unclear about the implications of an upgrade, in part because they haven’t completed compatibility testing. Uncertainty, of course, leads to inaction.
Put simply, migrating to a new OS is never an easy process for any organization. It isn’t surprising so many remain hesitant. Regardless, a choice must be made soon; Microsoft will end mainstream support for Windows 7 on January 14, 2020. After that date, you will be forced to operate at your own peril in the absence of new security patches or bug fixes, or pay extra for Microsoft support.
Windows 10 Security Enhancements
While a Windows 10 migration certainly has its challenges, the end result will most certainly be beneficial. The OS includes many powerful new security enhancements that will help you better protect your organization – and it’s a safe bet that more will be rolled out in the future. As cybercriminals’ tactics continually evolve and regulatory fines for data privacy non-compliance climb, information security has never been more critical.

The latest round of security updates in Windows 10 includes: virtualization-based security, kernel isolation, recursive data encryption, and Defenders’ new cloud brain with block-at-first-sight capabilities. These are but a few of the new features that, when implemented, will go a long way in improving your overall security posture. But the implementation process of these new security features will bring challenges for both IT and security teams unless you have the right information.
No matter where you are in your process of Windows 10 migration or if you’ve already migrated and are considering using the new security enhancements, join our webinar, 5 Essentials for Securing and Managing Windows 10. We will discuss the common, costly migration pitfalls and provide tips on how to avoid them.
 

Will 2019 Be the Year of GDPR Fines?

Is 2019 the year we will feel the full impact of GDPR? Chances are good the answer to that question is a resounding “yes!”
GDPR went into effect May 25, 2018 and, as of yet, no sizable fines have been levied for data privacy missteps in the protection of personally identifiable information (PII) of EU citizens. Despite light action in actual enforcement to date, there is plenty of evidence to suggest regulators have been very busy with all of the details that will inevitably lead up to the big penalties the regulation has become known for.
Last year, data privacy groups filed the first complaints under GDPR against Facebook and Google. Since then, nearly every European data protection agency (DPAs) reports a significant increase in both data privacy complaints and breach notifications. The newly formed European Data Protection Board (EDPB) is tasked with enforcing GDPR and says well over 40,000 complaints have so far been lodged across the EU.
As the number of complaints continues to rise, DPAs are staffing up to investigate and handle resulting enforcement action. The Irish Data Protection Commission (DPC) for example, has grown from less than 30 employees in 2014 to 130 employees in 2018, with further expansion planned for 2019. Many of the world’s largest tech companies have their EU headquarters in Ireland, including Facebook, Twitter, Microsoft and LinkedIn and, therefore, fall under the purview of the DPC.
All DPAs aren’t exclusively focused on hand-slapping however. Some have been consulting with businesses on how to better protect their data. And, in December, the EDPB issued guidelines for how to comply with the geographic scope currently outlined in Article 3 of GDPR which could be interpreted as anyone who processes EU citizen data must comply, regardless of where the business is located.
Monitor and Secure PII
What can you do to address GDPR compliance and ensure you won’t be making headlines for the wrong reasons in 2019 and beyond? Because you can’t secure what you can’t see, the first step is to maintain uncompromised visibility and control over all of your endpoints, whether they are on or off your corporate network.
To help you determine where your PII is located (as defined by any of the 31 European countries subject to GDPR) by device ID and username, Absolute today introduced a new GDPR Compliance Report that is now part of the Absolute Platform.
In addition to where your data is located, the report also shows you whether or not that data has been encrypted and when – required pieces of information for compliance. The report generates a GDPR aggregate match score which is a sum of all matches for compliance with rules that have been built in to the system as well as any custom rules you’d like to add.
Watch this video, Strengthen Your GDPR Compliance with Absolute for a quick overview of how Absolute helps you identify EU-specific PII data residing on all of your endpoint devices, and the importance of having the ability to take immediate action to remotely remediate the risk.

Loading

Categories