Category: Enterprise

Cloud Storage Set to Surge

Cisco recently unveiled its sixth annual Global Cloud Index (2015-2020), a report analyzing and projecting cloud traffic. The report projects that cloud traffic will nearly quadruple by 2020 as consumers and organizations alike migrate to cloud architecture in order to scale quickly and efficiently. Mirroring growth alongside the cloud is the expected increased use of mobile devices as the primary endpoint device for work, as well as a rise in connected “things,” as mobility becomes a central component of how we work.
Cisco estimates that by 2020, the amount of data stored on devices will be 5 times higher than data stored in data centres by 2020. Additionally, Cisco projects that 59% of the consumer Internet population (2.3 billion users) will use personal cloud storage, up from 47% in 2015. With 1 billion more users in the cloud, the figure this increase represents, that’s a whole lot more data in the cloud as well. And you can be sure that a hefty portion of this data is corporate data hiding in the ‘shadow.’
Organizations: Pay Attention to Consumer Cloud Use
What’s important in analyzing the trends in the cloud is to recognize that consumer trends have a significant impact on enterprise data security. The cloud is currently responsible for an explosive growth in Shadow IT. The projected growth in costumer cloud use points at a likely surge in shadow data hiding in the cloud.
80% of employees admit to setting up cloud services without the approval of IT, so it’s no wonder that the average organization finds out Cloud use is actually 20x higher than they expected, on average about 841 Cloud apps per organization. According to a report from Sky-high, 18% of files in the cloud contain sensitive data and that 38.7% of total cloud services being used within the organization are consumer cloud services. The same report indicates that the average company experiences 23.2 cloud-based security incidents each month. As cybercriminals shift their attacks to the cloud, in recognition of the shift in data storage, it’s likely we’ll see an uptick in incidents associated with the cloud.
The storage of sensitive corporate data on unauthorized Cloud-based applications such as Dropbox, OneDrive, iCloud, and Box can lead to costly data breaches. With the use of consumer cloud storage expected to increase, you need a way to gain visibility into the cloud, whether it’s sanctioned or not. We’ve created that with Absolute DDS.
As we outlined in our post, How to Use Absolute DDS to Identify At-Risk Data in Cloud Applications, Absolute DDS gives you unprecedented visibility into your endpoints and the data they contain, even if that data is stored in cloud storage applications. Absolute DDS can identity devices with cloud storage software and detect devices with sensitive data (predefined by you), allowing you to proactively respond to the presence of at-risk data with remote data delete capabilities. Using custom alerts, you can enforce policies on which cloud applications are used and how, understanding that different users will have different permissions when it comes to data access.
To learn more, get started with your free evaluation version of Absolute DDS today.

Cloud Use Exacerbates Alert Fatigue

It has been estimated that 90% of organizations will suffer at least one security incident this year. There is no question that organizations are suffering more data security incidents than ever before and that more of these incidents are translating into data breaches than ever before. While prevention is always important, detection and response are just as important.
Research indicates it can take an average of 256 days to identify a data breach caused by a malicious attack and 158 days for an attack caused by human error. When an attack goes undetected for this long, the potential for damage (both to the organization and victims of breached data) are so much worse. Accurately detecting a security incident is the first step toward effectively responding to it.
One of the top problems with detecting security incidents is that there are so many false positives created by current monitoring tools. The growth in mobile device use and in cloud use has expanded the attack surface exponentially; this has, as one would expect, resulted in even more security alerts.
Cloud Amplifies Alert Fatigue
According to a report from Sky-high, 18% of files in the cloud contain sensitive data with the average company experiencing 23.2 cloud-based security incidents each month. The report reveals that consumer cloud services represent 38.7% of total cloud services being used within the organization, a problem when it comes to ensuring data is adequately protected. The report also indicates the growing issue of “exception sprawl,” with actual blocking rates for unapproved cloud services falling below governance policies.
The data indicates that employees at the average enterprise collectively take over 2.7 billion unique actions in cloud services each month, with any single action potentially signalling a threat. From accidental or malicious actions (including a large percentage of files being externally shared), compromised accounts, or attacks that leverage the cloud as a vector for data exfiltration, the problem becomes whittling the 23.2 threats out of the 2.7 billion actions taken each month in the cloud. Pair this with the alerts being generated by every layer of security technology in place at organizations and you end up with a “needle in a haystack” scenario.
The storage of sensitive corporate data on unauthorized Cloud-based applications such as Dropbox, OneDrive, iCloud, and Box can lead to costly data breaches. While this survey indicates a known risk associated with cloud services organizations know about, it does not address the unsanctioned use of cloud services (Shadow IT). Whether sanctioned or not, it’s important that organizations have a way to regain visibility into the cloud.
Add Context to Your Alerts
Absolute DDS can help you bring your cloud use, sanctioned or cloud, back under the control of IT. Absolute Endpoint Data Discovery (EDD), a standard feature in Absolute Data & Device Security (DDS), you can detect data at risk on endpoints, including files being stored in the cloud. By defining the kind of sensitive data that is important to you, you can create customized alerts that provide the context you need to identify risks and to proactively enforce security policies or to remotely wipe sensitive data.
With the high volume of alerts being generated by your defense-in-depth security strategy, what you need is a way to add context to that data so that the important alerts don’t get lost along the way. Alert data generated by Absolute DDS and other security solutions can be fed into your SIEM solution and analyzed in context, offering a holistic view of the entire security posture of your organization. By doing so, you can combine the device, application, and data attributes collected by Absolute DDS to identify anomalies that may be indicative of insider threats, device theft, cyber-threats or critical issues with security solutions.
Contact us to learn how Absolute can add context to your security incident detection capabilities.

2017 Will be a Regulatory Wake-Up Call

There have been many predictions for 2017 which have touched on the impact that the EU GDPR will have on organizations around the globe, but the truth is that the GDPR is not the only change on the horizon. Federal, state, and industry regulators have all made moves in the past year indicating that 2017  will an increase in frequency and severity of compliance investigations and fines and perhaps see the introduction of more strict regulations. 
Preparing for the EU GDPR
The EU General Data Protection Regulation (GDPR) entered into force on May 24, 2016, with the rules applying on May 25, 2018. The GDPR imposes lengthy requirements on organizations, particularly those in healthcare; “privacy by default” requires that data protection measures must be implemented across all data processing and storage activities and devices. A failure to remain compliant with the GDPR, or a failure to prove compliance with audit records, could result in heavy regulatory fines. 
The GDPR isn’t just of concern to EU members, but to all organizations that process the personal data of EU subjects. Given the global nature of most businesses, the implications of the GDPR will be wide-reaching. Currently, many US-based organizations are not aware of, or preparing for, the upcoming changes, which will place them in a precarious position starting in 2018.
The UK government released its own plans to implement the GDPR no later than 2018, putting to rest fears that Brexit would upset the implementation of these new standards. The GDPR implemented in the UK would require companies to officially report all cyber security breaches to the Information Commissioner’s Office (ICO) and to customers. 
The Global Landscape is Shifting
Several 2017 prediction forecasts pinpoint 2017 as the year organizations will scramble to change their processes and technologies to remain compliant, but the GDPR is not the only regulation that organizations need to be preparing for. 
China recently passed its own cybersecurity law, set to have broad implications for international businesses, and Australia is also close to passing its first data breach notification bill. It is likely that in 2017, we will see a Canada-wide regulatory requirement to disclose data breaches. The Digital Privacy Act amendments to Canada’s Personal Information and Protection of Electronic Documents Act (PIPEDA) has been on the books, although specific requirements on reporting of data breaches are not yet in force. 
Laws are being enacted and amended on a regular basis across the globe, placing the onus on international organizations to continually research the requirements for each country in which they do business. For global businesses, this results in complexities and uncertainties when it comes to both the required protections as well as the notification requirements. For organizations within the US, there are added complexities of complying with individual State legislative requirements, several of which have seen amendments in 2016. 
The Expanding Power of Independent Regulatory Bodies
Adding to the complexity of complying with global international law, organizations must look beyond the requirements of these Global, Federal and State requirements. 
In 2016, the Federal Trade Commission (FTC) made aggressive strides to assert its authority as the Federal agency responsible for data security enforcement over any organization, even HIPAA-covered entities. Which brings us around to industry-specific regulatory bodies such as HIPAA, the SEC and FINRA, all of whom have increased their commitments to data protection through published requirements, examinations, investigations and even penalties. The actions of independent regulatory bodies in 2016 – publishing guides, conducting examinations, starting to issue fines – points to 2017 being the year we see these regulatory bodies assert independent fines against organizations who have experienced data breaches. 
As you can see, compliance requirements and data breach notification requirements are a moving target, both domestically and internationally. 2017 promises to be a year of continued flux, but we also believe that the collective actions speak to a dramatic shift in the compliance landscape that will see organizations face multiple independent investigations and fines associated with a single security incident, not to mention drawn out class-action lawsuits which are now an inevitable part of a breach incident. 
With Absolute Data & Device Security (DDS), organizations can regain control over the endpoint and the data contained therein, even if held in cloud storage applications. With insight from Absolute DDS reporting and alerts, you can prevent or respond to data breaches, remotely deleting data or locking down devices, and prove compliance if needed. Learn more at Absolute.com

People Continue to Remain Top Cyberthreat

Echoing the findings from the past year, and despite growing media frenzies over cyberattacks and malware, people continue to remain the top cyberthreat to businesses in North America. In North America, the most serious data breaches were attributed to careless / uninformed employee actions in 59% of cases and phishing / social engineering in 56% of cases.
According to Business Perception of IT Security, a report from Kaspersky Lab as part of the Corporate IT Security Risks survey, 43% of global businesses experienced data loss as a result of a data breach in the past 12 months. In North America, 44% of businesses report four or more data breaches in the past 12 months (vs 20% globally for this figure), showing that North American organizations are either more highly targeted and / or less well prepared.
As the data above indicates, the Insider Threat continues to remain the primary cause in successful data breaches, including cyberattacks. The survey goes on to describe the top 10 vulnerable areas, with inappropriate usage or sharing data via mobile devices being cited as the most frequent point of vulnerability. Mobile devices remain the top IT security challenge, as ranked in the survey, confirming that the growing attack surface represented by the proliferation of mobile devices, amplified by cloud threats and insider threats, remain the primary source of data breaches.
“The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments. The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft.”
With mobility and cloud use on the rise, endpoints remain one of the top vectors for cybersecurity risks, often exacerbating the insider threat, with employees accidentally or maliciously putting data at risk. Visibility into the health of your endpoint security stack becomes key to remediating these threats.
Absolute DDS offers a persistent connection to endpoint devices, allowing insight into your entire security stack, as well as the health of the endpoint itself and the data it contains (including data held in cloud storage applications). With automated scans for unusual device or user activity or sensitive data, automated alerts, and zero-touch reinstallation of key security software, you can help ensure that threats are identified and remediated quickly. For example, by remotely locking devices or deleting data, or running an audit log to prove that data on a device remained untouched or protected by encryption, organizations can stop a security incident from becoming a costly data breach. Learn more at Absolute.com

Visibility Key to Thwarting Changing Threat Profile

Right now, we are on the cusp of major change – the expansion of mobile device options, BYOD, the cloud, and the decentralization of IT. Many of these changes are only in their infancy in terms of their current impact on the corporation. In four years time, the technologies we use and the threats they present will be entirely different.
The McAfee Labs 2017 Threats Predictions report explores what the expected top threats for 2017 and also looks forward to how the threat landscape could change in subsequent years. Reflecting the opinions of 31 Intel Security though leaders, the report identifies 14 threat trends to watch, the 6 most difficult-to-solve challenges in cybersecurity, and the need to change the “rules of the game” between attackers and defenders.
Some of the 2017 predictions include:

Ransomware attacks will decrease in both volume and effectiveness
Mobile attacks will combine mobile device locks with credential theft, allowing thieves to access bank accounts and credit cards
IoT malware will continue to grow, opening back doors into homes and offices
Social engineering attacks will become more sophisticated thanks to machine learning
Hardware attacks will increase

According to the report, trust in the cloud has increased in the past 3 years, leading more and more sensitive data being moved to the cloud. The presences of data in the cloud will make the cloud a primary target for attackers. Comparing Q2 2016 to Q2 2015, there was a 129% increase in total DDoS attacks on the cloud. It’s important that organizations realize moving data to the cloud does not offload corporate responsibility for data security.
The McAfee report also addresses the  growth in the IoT market, expected to grow from 15B devices in 2015 to 200B devices by 2020, and the corresponding growth in IoT threats. Unfortunately, given that most IoT devices have limited security or update capability, or are insecure by default (such as using unencrypted network services), these threats cannot be mitigated following standard data protection practices.
“To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments.”
As the report indicates, organizations that want to respond to these threats need to improve their visibility.
“Too often, organizations learn how well their assets are protected after they suffer a breach. Shadow IT, clouds of all types, and the bring-your-own-device movement further obscure visibility into the effectiveness of security operations… Almost no company will claim that they have a solid grasp of information asset locations and controls. So we need to help organizations improve their security visibility.”
Tools that help improve visibility can help organizations “more effectively quantify their risk profile, identify critical gaps, and appropriately focus resources.” Translating that visibility into action is also key.
Providing visibility into your entire endpoint security stack is what we offer in Absolute DDS. With Absolute DDS, you can easily determine the status of complementary security applications such as SCCM, encryption, and anti-malware applications, in addition to monitoring the endpoint itself. Monitoring for suspicious user or device activity (such as attempts to change the firmware, devices moving out of a geographic region, unusual user behaviour, the presence of sensitive data on the device or in the cloud) and the persistent ability to remediate those threats, including automatic zero-touch reinstallation of key security applications, can help keep data out of the hands of cybercriminals. Learn more at Absolute.com

Invest in your Security Culture

Although the risk landscape facing organizations is always changing, the insider threat consistently remains the top source of data breaches. The insider threat is there to amplify any threat: cyberattacks, BYOD, cloud, IoT. Every new threat is made worse by people.
So, how do you address the Insider Threat?
The top of every list now is the recognition that the solution to the Insider Threat does not come in a box. It is not a piece of software or technology, but rather a culture of security reinforced by policy, procedure and technology. A top-down prioritization of data security is a key differentiator to mitigating the insider threat; organizations with effective security cultures have fewer security gaps.
CompTIA CEO Todd Thibodeaux recently published an article on CIO.com about how to create a culture of security ownership, talking about some tangible steps to create a cultural shift that sticks:

Rethink your C-Suite structure be ensuring your security officer (whatever their designation) reports directly to the CEO, sending a message that security is not isolated
Prioritize end-user literacy on an ongoing basis with “robust” end-user training
Establish the right metrics to ensure the efficacy of current security efforts
Shift to ‘investing’ in security instead of reactively ’spending’
Incentive accountability

The need for this cultural shift has never been more pressing. Current trends in IT are only making security more complicated. The decentralization of IT, through increased business-unit spending on cloud apps, is only contributing to the insider threat, with shadow data being stored in data silos that are outside the control of IT, causing issues for security, collaboration and integration. This same shift has affected the role of the CIO, on both purchasing and governance / security; now is the time to re-establish a leadership role that does not put a half to these shifting landscapes.
In a Forrester whitepaper hosted by Absolute, Hunting Insider Threats: Forrester’s Model for Establishing An Insider Threat Team, we talked about a 10-step program to create an insider threat program, including the importance of top-down support and effective monitoring technologies. Visibility and implication are key to ensuring that this widely distributed insider threat landscape is effective managed.
With Absolute DDS, you gain resilient visibility and control over your entire endpoint security stack. From a single console, you can ensure your endpoints & the data they contain are always in your control and can proactively monitor the status of complimentary security applications such as SCCM, encryption and anti-malware. With this visibility, you can take a proactive approach to reducing potential blind spots and are equipped to identify and respond to risks early.

Your BYOD Devices are Your Biggest Vulnerability

Mobile devices are the greatest cyber vulnerability for organizations, suggests a new report. Based on the data on its 10 million mobile device subscriber base and the Zimperium Global Threat Intelligence Lab, the report indicates that 60% of mobile devices in enterprise BYOD environments are vulnerable to known cyberthreats.
We’ve noted for years that endpoint devices have continued to expanded the attack surface for cybercriminals, providing an entryway to further exploit corporate networks. Now, with the addition of the Internet of Things (IoT) and the Cloud, that attack surface has continued to expand, particularly given how interwoven these technologies first. Cloud and mobile or Cloud an IoT are interwoven, amplifying the individual risks of each technology.
The Zimperium report noted that, in general, enterprises are at a high risk for cyber attacks via personal mobile devices, the networks they connect to and the applications they download. To dig deeper, the report also examined the data collected from one single customer. Of the 7,000 mobile devices associated with a single customer, 60% of mobile devices were exposed to known vulnerabilities, with 6% recording a critical threat event and 1% were infected with a malicious app.
As with network security, the endpoint / cloud / IoT requires a layered approach to defend against the multitude of risks. Most endpoint devices are poorly protected, in comparison with network defenses, and often there is little oversight or management of those protections, once installed. How do you know they remain active and effective?
In order to gain visibility and control over the endpoint, we’ve redesigned the Absolute DDS Security Dashboard to make proactively monitoring your multi-layered security posture a breeze. With Absolute DDS, you can easily determine the status of complementary security applications such as SCCM, encryption, and anti-malware applications. With this visibility, you can take a proactive approach to reducing potential blind spots and are equipped to identify and respond to risks early.
No longer is it necessary to jump from application console to application console or from device to device to ensure security. With Absolute DDS, you can fortify your security stack by strengthening your protection. Get started with your free evaluation version of Absolute DDS today.

Most Canadian Organizations Admit Cloud Security Failures

Cloud technology is revolutionizing businesses the world over, extending the capabilities of employees to work and collaborate anytime, anywhere on any device. However, what we are seeing right now is that many uses of the Cloud are disorganized, with most Cloud purchasing being organized at the business unit or employee level. This leads to a chaotic distribution of cloud applications that remain outside the control of IT, contributing to a rise in Shadow IT.
Cloud Security Concerns
In Canada, where cloud adoption is not quite as high as in the US, security concerns remain a top issue with current cloud use. According to an IDC survey of Canadian IT decision-makers, 57% have not adopted client and endpoint protection, 54% have not adopted data classification and accountability, 48% have not adopted identity and access management and 59% have not adopted application-level controls.
One could argue that these findings demonstrate a failure to implement basic data security controls, non-specific to controls for data security in the cloud. An analysis by Data Center Knowledge suggests that organizations may be feeling pressure to become progressively more sophisticated, adopting cloud technologies without thinking through the security ramifications. The survey notes how poorly executed cloud-based technologies can exacerbate security problems for organizations.
Organizing Cloud Adoption Across the Business
Obviously, the cloud isn’t going away. The solution is not to clamp down on cloud use. The solution is to bring that use out of the shadows and into the light. Business-level cloud decisions are inefficient and contribute to problems securing data in all the little pockets where it lives. Organizations must translate that understanding into a strategy that embraces the cloud, with clear executive-driven guidance on organizational cloud use. Supporting that policy would be technologies that back up your policies, providing automated alerts if policies are violated with remote capabilities to remediate these threats.
Staying secure in the cloud is a shared responsibility and the use of tools such as Absolute DDS can help achieve that missing visibility into endpoint devices and the data they contain, even in cloud storage applications. Using Absolute DDS, you can identify corporate devices containing files that are synchronized with cloud storage applications, scanning for at-risk data with remote capabilities to remediate potential compliance violations. Learn more about how to take control of at-risk data in the cloud at Absolute.com

What China's New Cybersecurity Law Means for You

The Chinese government has just passed a cybersecurity law that has broad implications for international businesses. The move comes with great criticism, with some calling the law “draconian” and “abusive” while others note the law is “vague” enough to spark worries of “censorship and espionage.” The legislation was passed on Monday, set to take effect in June 2017.
Move to Counter Hacking and Terrorism
The Chinese government adopted the cybersecurity law to counter hacking and terrorism, but the law comes with strict requirements for operating in China, including security reviews and a requirement to store data on servers in China (data cannot leave the country). Based on the requirements, foreign technology companies would be locked out of many sectors deemed “critical,” despite assurances that foreign business interests would not be affected.
The law also includes a provision to provide unspecified “technical support” to security agencies, which some fear may give security agencies unregulated access to data (personal, sensitive or intellectual) as well as a requirement to notify the government and consumers about data breaches.
James Zimmerman, chairman of the American Chamber of Commerce in China, released the following statement:
“Broad requirements to store data inside China’s borders will hinder trade and innovation for both Chinese and foreign companies… [and] some of the requirements for national security reviews and data sharing will unnecessarily weaken security and potentially expose personal information.”
More than 40 business groups from around the world have argued against this cybersecurity law, saying it would both impede foreign businesses as well as cut China off from the wider digital economy.
Censorship Fears
The law has also drawn criticism from human rights advocates, who say that it will enhance the already strict censorship of China’s Internet and further impact individual rights to expression and privacy. China already bans platforms such as Google, Facebook and Twitter. The new law would require companies to censor “prohibited” information and to demand real names, including for services such as instant messaging.
For international organizations, this new law will either mean that organizations must make some substantial changes in order to comply with Chinese law or they will have to pull back from operating in, or to, the Chinese marketplace.

Is Your Data Breach Response Plan Effective?

We’ve posted many times about the importance of having a data breach response plan in place. Indeed, the FTC just released its own guidance on data breach response. A new study, however, demonstrates that “having a response plan is simply not the same as being prepared,” particularly if that response plan is not kept up to date.
New Ponemon Survey
Ponemon surveyed 619 executives and staff employees who work in privacy, compliance and IT security in the US for the fourth annual Is Your Company Ready for a Big Data Breach? study on behalf of Experian. The study looks into the effectiveness of data breach response plans, with the data indicating that simply having a plan in place is no longer enough.
According to the study, 86% of organizations say their organization has a data breach plan; 42% believe their plan is effective or very effective. Although study demonstrates growing confidence in data breach plans, reported data breaches continue to rise. The percentage of organizations experiencing data breaches has climbed steadily, with 52% of organizations this year reporting a data breach. It was further revealed that 26% or organizations do not practice their data security plan.
“When it comes to managing a data breach, having a response plan is simply not the same as being prepared,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills.”
The report indicates that 61% of organizations have privacy/data protection awareness and training in place (up from 44% the previous year). All of this reveals, to us, that not only do organizations need to actively improve their preparedness, with greater training and practice drills, but the addition of tools to increase visibility into the effectiveness of existing security layers is key to ensuring that security is maintained.
Visibility
At Absolute, we can help lend that visibility to your security program to ensure that your security plans are working effectively. Using Absolute DDS, you can get a real-time assessment of your security posture, in addition to automated alerts if user, device, security application tracking or sensitive data monitoring triggers a warning. With Absolute DDS, you can program the automatic reinstallation of business critical endpoint software applications, remotely recover or delete data, and set policies to ensure offline devices are automatically protected. In the event a security incident escalates, you can produce an audit log to prove data on a compromised device was properly secured, not accessed, and safely deleted. Your data breach response plan should include the automated protections of Absolute DDS. Learn more at Absolute.com

Loading

Categories