Guest Post, Author at Cyber Secure Forum | Forum Events Ltd - Page 14 of 14
Posts By :

Guest Post

More than half of companies have over 1,000 exposed sensitive files

 960 640 Guest Post
By:
0
0

By Matt Lock (pictured), Director of Sales Engineers UK, Varonis

All an attacker needs to steal your valuable data is access.

Unfortunately, many companies unknowingly give attackers access to their critical data. Personal identifying information on employees and customers, intellectual property, and more can easily make their way from secured systems to unprotected files and emails. 

To make matters worse, companies don’t have time to update global access groups, fail to archive old data, and skip monitoring who has access to what information. Once attackers slip through the cracks, they — and corrupt insiders alike — have the access they need to steal your data.

To shed light on the state of overexposed data, we analysed a random sample of 785 Data Risk Assessments, including more than 54 billion files. The results, available in the report Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab reveal that companies are failing to shore up their sensitive data. 

Some key findings from the report include:

  • Every employee, on average, can access 17 million files.
  • More than half (53%)of companies had at least 1,000 sensitive files open to all employees. 
  • Over one in five (22%) of all folders were accessible, on average, to every employee. 
  • 38% of users had passwords that never expire, up from 10% last year. 
  • Six in 10 companies had over 1,000 enabled, but stale, “ghost” users — accounts belonging to former employees that can still access your network.
  • Financial services firms had the most exposed sensitive files, with an average of 3,791 exposed, sensitive files per TB.
  • Retail organisations had the lowest number of exposed sensitive files, with an average of 858 exposed, sensitive files per TB.

Despitedire warnings of heavy fines under the GDPR and the steady stream of breaches and attacks in the news, companies are not prioritising their data. Take action with a data-centric security approach to ensure you are not giving malicious insiders and external attackers an all-access pass to your data. 

Could your most trusted employee be your biggest threat?

 960 640 Guest Post
By:
0
0

95% of cyber security breaches are due to human error, which in reality means it could be any user, at any time. The best bit? They probably won’t even know they’re doing something wrong, but they have inadvertently just become an unintentional insider threat. As Andy Pearch, Head of IA Services, CORVID, explains, organisations need to stop playing the blame game and pointing fingers at users when the system is compromised and instead ensure they have the right technology in place to take back control of their security defences.

Unintentional insider threats

A person becomes an unintentional insider threat when they unwittingly allow a cyber attacker to achieve their goal – whether that’s a breach of systems or information, or diverting payments to a criminal’s account. This can be through negligence or lack of knowledge, but can also be a result of just doing an everyday job.

Unintentional insider threats are particularly dangerous because the traditional methods of identifying insider threats don’t work – they don’t try to hide emails or files, because as far as they’re aware, they’re not doing anything wrong. If an attacker presents themselves as a legitimate person with the right credentials to request a change, the unsuspecting employee will probably respond exactly as the attacker was hoping.

Trusted employees have access to company-sensitive information, assets, and intellectual property, and permission to make financial transactions – often without requiring any further approval. Threat actors target these privileged, trusted people – impersonating suppliers, regulators, and known colleagues – and try to encourage them to do something they have permission to do, but shouldn’t.

Removing reliance on users

Email allows threat actors to communicate with users with almost no defensive barriers between them. Even the most diligent employee gets distracted, rushed, or slightly too tired, which is all it takes for a malicious email to achieve its objective – whether that’s clicking a link, opening an attachment, or trusting the email’s source enough to reply. Employees don’t expect to be attacked in a safe office environment but threat actors prey on this perceived safety to catch them off guard and socially engineer them into doing something they shouldn’t.

Many people think they know what a spam email looks like, but 97% of people are unable to identify a sophisticated phishing email. This is hardly surprising when considering there are, comparatively, so few highly-convincing fake emails; because they aren’t seen every day, employees aren’t always looking out for them. Then there are some methods of impersonation that organisations can’t realistically be expected to detect – for example, spotting the difference between a 1, l, and I (1, L, and i, respectively). Attackers know that employees aren’t meticulously scanning every email for tiny details like this, so they take advantage. If an organisation’s email security currently relies on users correctly identifying malicious emails 100% of the time, quite simply, their defences are going to succumb to attack.

Preventing the unintended

Research shows that 90% of organisations feel vulnerable to insider attacks, so now is the time for change. Monitoring normal access and behaviour patterns can give early warning signs of potential intentionally malicious activity, but the same can’t be said for unintentional insiderthreats. The attacker’s request could be comfortably within the scope of an employee’s daily duties.

The information available to users is often insufficient for them to determine whether an email is legitimate. As such, they should be suspicious and challenge requests, especially if they’re unexpected or urgent. Checks should also be put in place for a second pair of eyes to confirm certain requests before any action is taken, for example, changing payment details or making unscheduled wire transfers. If the request is for a financial transaction or asks for sensitive or personal information, phone the person who made the request (or better still, speak to them face-to-face) to confirm it’s genuine.

There is only so much humans can do. By having technology in place that alerts users to potentially malicious content and enables them to make an informed decision about an email’s nature and legitimacy before acting on it, organisations can take back control of their security defences instead of playing the blame game and pointing fingers at users when the system is compromised.

Cybersecurity’s biggest asset: Why use the cloud?

 960 640 Guest Post
By:
0
0

The cloud is one of those hot buzzwords that gets thrown around a lot both in the tech world and in our daily lives.

No longer reserved for IT departments alone, the cloud has become something that we depend upon greatly, especially in the way companies go about their business. And it’s about to become even more important.

In fact research shows that companies are looking to drastically increase their investment in the cloud in the coming years. Morphean recently conducted an independent survey of more than 1500 IT decision makers across Europe to discover their views on cloud services. The survey reported:

  • 78% expect their spending on the cloud to increase in the next two to five years
  • 47% said their internal data would be cloud processed within the same time frame
  • 45% said they would definitely consider migrating their physical security systems, such as video surveillance, to the cloud

There’s no doubt that the cloud is becoming a more important part of everyday business dealings, but some people still have reservations about the safety of this storage system, and whether or not it is worth it. We believe it is, and let us tell you why. 

But what exactly is the cloud?

Short for ‘cloud computing’, the cloud is essentially a terrestrial home for your data. So instead of being stored on the computer in front of you, it’s stored somewhere else, or in multiple places, and it is up to a network of servers to take you to it.

Some everyday examples you may recognise include the Apple iCloud, Dropbox, Google Drive, Microsoft OneDrive, and even Netflix.

Is the cloud the future of cybersecurity?

Unfortunately, the cloud has received some negative press in the last few years in regards to security and safety. In fact, according to the Morphean survey, 45% of people cited security risks as being their biggest obstacle to instigating a full move across to the cloud. 

The only way to truly protect your information is to lock it up underground, but you can rest assured that the cloud is far safer than information stored on a local device. Cloud computing services have more complicated security methods in place than the average computer owner can come up with. Any wannabe hackers would then have to get past the cloud system’s first line of defence; encryption.

Encryption is the practice of using complex algorithms to protect your data. In order to get past these algorithms, the hackers would need something called an encryption key. 

But it’s not all down to these intricate and convoluted systems. In fact one of the biggest threats to cloud security is the barriers set by individual people. In other words, easy-to-guess password and security questions. 

Above we talked about negative press aimed at the cloud over the past few years, most notably the infamous Apple hack where celebrities had photos stolen and leaked. The media reported that the cloud had been hacked, which led to a drop in public confidence and has no doubt contributed to people’s existing fears. In reality the cloud itself wasn’t hacked, but rather the accounts of individuals who used the cloud to store their data.  

The truth is that the cloud is incredibly safe and secure, but it’s up to individual users to do their part. That means choosing strong passwords by adding letters, numbers and symbols, using different passwords for different accounts, and avoiding using passwords that relate to your personal life.

But if that’s not enough to convince you of the cloud’s excellent security systems, did you know that online retailing giant Amazon runs its entire business off of its own cloud service, AWS? 

Other benefits of using the cloud

It’s not only the increased security that comes along when you start using the cloud. Here’s a few more that you can expect for your business.

Continuity

No matter what kind of industry you are in, having a continuity plan in place is vital for protecting your sensitive data and systems. Disasters can strike at any time and for a whole multitude of reasons, ranging from the weather and natural disasters to power failures. By having your information stored off-site in the cloud, you can rest assured that it is backed up and protected in a secure and safe location. Even if you have to move office, you will be able to access and download your data from any location with internet, therefore minimising your downtime and avoiding loss of productivity.

Working flexibility

The world is getting smaller. Not literally of course but modern technology is drastically reducing businesses’ needs for a physical office with staff present 100% of the time. The cloud helps to make this even more possible by granting flexibility in staff’s working practices. Once employees are able to access their work from home, on their commute or even on holiday – anywhere with an internet connection – suddenly the whole world is your office.

Scalability

When it’s time to scale your business up, purchasing and installing upgrades to your storage needs can be both expensive and incredibly time consuming. But when you work with the cloud, everything can be done quickly to suit your exact needs. Whoever provides your cloud computer services will be able to handle all upgrades for you, leaving you free to get on with the important task of running your business.

It’s natural for any business owner to be concerned about the safety and security of their important data. Your business is your baby, and you of course want to protect it. The cloud is undoubtedly the best option and as research shows, more and more businesses will be placing their trust in this extraordinary technology, for more than its safety benefits, to further their growth and secure a strong future.

Image by Patricia Alexandre from Pixabay

Cybersecurity and Financial Services – How Can Organisations Combat the Threat?

 960 640 Guest Post
By:
0
0

By Genevra Champion, Sector Marketing Manager, IT Governance

The financial services industry is naturally a lucrative target for cyber criminals. Financial organisations trade and control vast amounts of money, as well as collect and store customers’ personal information so clearly, a data breach could be disastrous for an industry that is built on trust with its customers. 

The financial services industry is second only to retail in terms of the industries most affected by cyber crime –  the number of breaches reported by UK financial services firms to the FCA increased 480 per cent in 2018, compared to the previous year. While financial servicesorganisations are heavily regulated and cybersecurity is becoming more of a business priority, there is still much more to be accomplished when it comes to businesses understanding what measures must be taken – from the C-suite down – to effectively protect organisations against inevitable breaches.  

So how can financial services firms proactively equip themselves to respond to increased regulatory scrutiny and mitigate the impact from the growing number of threats they will face? 

Mitigating the threat

Financial institutions were able to defend against two-thirds of unauthorised fraud attempts in 2018, but the scale of attacks significantly increased. Significant market players including Tesco Bank, Metro Bank and HSBC all reported breaches in the last year. Clearly, the banks’ cybersecurity defences have not developed at a fast enough pace. Cyber criminals can and will dramatically outspend their targets with increasingly sophisticated attack methods. In addition, many of the traditional banks struggle with large, cumbersome legacy systems, which pose significant reliability issues, as well as flaws in security. 

Last year’s IT banking disaster led to thousands of TSB customers being locked out of their accounts, leading to fraudsters exploiting the situation by posing as bank staff on calls to customers in order to steal significant sums of money from customers. The breach occurred while the company was conducting an upgrade on its IT systems to migrate customer data to a new platform. This wasn’t just bad luck for TSB, but a failure to adequately plan and assess the risks that come with such a huge project. The bank has since pledged to refund all customers that are victims of fraud, a move which will likely see other banks reviewing their approach to the rise of this particular type of cyber crime. 

The industry must understand that security incidents are an ever-present risk. However, organisations can be prepared – scoping a defence strategy specific to the firm, with processes for implementation, will mean an attack can be quickly identified, isolated and resolved, minimising business impact.

Appropriate defence strategy

The FCA has set out various cybersecurity insights that show how cybersecurity practices of UK financial services firms are under the regulatory microscope, as the cyber threat continues to grow. The approach from the FCA includes practices for organisations to put into action such as those that promote governance and put cyber risk on the board agenda. The advice also covers areas such as identifying and protecting information assets, being alert to emerging threats and being ready to respond, as well as testing and refining defences. With cyber crime tools and techniques advancing at a rapid pace, and increasing regulations, it’s no wonder that many organisations struggle to keep up to ensure their defences stay ahead of the game.

In order for in-house security teams to keep up to date with current and evolving threats and data protection issues, firms must invest in regular training. Specialist skills are required to mitigate cyber risk, which for some could be cost-prohibitive.  As an alternative, an insourced model allows you to leverage a dedicated and skilled team on an ‘as you need’ basis to deliver an appropriate strategy. With a Cyber Security as a Service (CSaaS) model in place, organisations can rapidly access a dedicated team with the knowledge and skills to deliver a relevant and risk appropriate cyber security strategy. 

Crucially, in addition to completing a gap analysis and a multi-layered defence strategy, the model will also apply to people and processes. Attackers will generally aim at the weakest point of an organisation – often it’s staff. Human nature means passwords are forgotten, malware isn’t noticed, or phishing emails are opened, for example. Therefore, a blended approach of technology, processes and shared behaviour is required that promotes the need for staff awareness and education of the risks, in order to effectively combat the threat.  

Conclusion

With increased regulatory attention across security and privacy, firms must take steps to improve their defences, or risk severe financial and reputational damage. The issue of cybersecurity risk must become as embedded within business thinking as operational risk. Anyone within an organisation can be a weak link, so the importance of cybersecurity defences must be promoted at all levels – from the board all the way through to the admin departments. It’s everyone’s responsibility to keep the organisation protected against threats. 

While the threat of cyber attack is real, financial services firms do not have to take on the battle alone. With a CSaaS model in place, organisations can start to take back control of their cybersecurity strategy and embed it as a trusted, cost-effective and workable core part of the business’ process. 

Image by Jason Goh from Pixabay

Shadow IT is everywhere – are you at risk?

 960 640 Guest Post
By:
0
0

By EveryCloud

Cloud services – SaaS and IaaS – are everywhere. Businesses rely on their flexibility and the productivity they deliver.

But what about the cloud services you don’t see? Business-led cloud services, or “Shadow IT”, have sprung up in dozens of departments and project teams. In every corner of the business and outside the control of IT.

Make no mistake, the workforce relies on Shadow IT as much as it does the services provided by IT. Possibly even more so.

But it also means risk. Shared sensitive and commercial data. Undetected insider threats. Unchecked malware. Lack of compliance with privacy regulations.

What if you can have the best of both worlds? Best of breed productivity and security controls that guard data everywhere? Learn more with our infographic.

Evolving mobile device management strategies

 960 640 Guest Post
By:
0
0

By Dom Hume, VP Product & Technical Services,  Becrypt

As organisations continue to innovate to realise efficiencies through the use of increasingly sophisticated and pervasive mobile technologies, many are continually challenged by the risks associated with managing an ever growing device estate.

Successfully managing the complexity of multiple software and hardware mobile platforms necessitates a practical, secure and cost-effective way to manage, monitor and track devices.

This is best achieved through implementing an end-to-end Mobile Device Management (MDM) strategy, that can sometimes require consideration of the entire software and hardware stack, to ensure valuable time and resources are used effectively in securing and monitoring mobile devices that accesses business-critical data.

I have summarised four of the themes we believe are important for organisations to consider when implementing a robust MDM strategy, much of which is based on work we have undertaken with UK Government.

Choose a device manufacturer committed to security patching

It is important that you take into consideration that Android and iOS have fundamentally different approaches to the phone ecosystem. Apple has a closed eco-system, whereas Android is an open platform, and phone manufacturers are supported to build their own devices using  Android. Google releases updates and patches to its Pixel phones, at the same time as it releases patches to the wider Android community. It inevitably takes time for the individual manufacturers to integrate, test and release the patch to their handsets. Consequently, this can result in a period of time where publicly known vulnerabilities exist that may be exploited, for a period that depends on the responsiveness of the manufacturer. This situation is not directly mirrored in the Apple ecosystem.

It is worth also investigating the patch lifetime to which a manufacturer has committed, as this often correlates with patch responsiveness. Organisations with long-term projects may wish to consider specialist manufacturers such as Bittium that will commit to extended device lifecycles.

Plan your application lifecycle management

From an application provisioning platform perspective, the Apple App Store and Google Play Store perform the same functions. While there are some differences in approach, both no longer favour users’ side-loading applications.

Since its inception, the Apple App Store has implemented a quality and compliance gateway process, through which apps must pass before they appear on the store front. App developers can still sign their own apps and push them to devices, via some MDMs that offer private app stores. However, if an app developer’s certificate is revoked, the apps will no longer work.

A safer method is to get your developer to submit the app to the actual App Store, where apps are vetted to ensure they work and don’t affect the functionality and security of the device. For enterprise customers, Apple created the Volume Purchase Program (VPP) for businesses. This allows organisations to submit apps only for themselves or for specific customers to access.

It’s important to note that apps are not always delivered from Apple servers. They are in fact often provided by a Content Delivery Network middle man. All iOS devices have the App Store function built in; this can be switched off from an MDM server. Organisations can also push mandated apps and updates from the MDM server.

Google also has a vetting process for apps, subject to a review process that can be somewhat slow. While there is no dedicated business-only Play Store, Google offers a ‘Private Apps’ concept, allowing the user to differentiate between work and personal applications. MDM administrators can remove business apps from a managed phone. Similar to ‘Bring Your Own Device’, the organisation sets the rules and locks down the device, while allowing the user some freedom to adapt it for personal use. The user feels there is some degree of privacy afforded, but this is not a security feature per se.

Consider a ‘split proxy’ architecture for high-threat environments

Organisations that are considered high-value targets and are subject to sophisticated cyber-attacks have become increasingly concerned about the consequences of an MDM server compromise. Attackers that breach an MDM server can easily locate and unlock a device posing a serious threat to an organisation’s security. Compromised servers can also be used for subsequent lateral movement, or act as the ideal data egress point.

The data security challenges associated with managing mobile devices result from the characteristics imposed by the smartphone ecosystem. Such concerns apply regardless of whether an organisation’s MDM is on premise or consumed as a cloud service. MDM servers have complex communication protocols that interact with several internet-based services, such as push notification systems and online app stores. Usually, these communication channels are authenticated and encrypted end-to-end, preventing them from being inspected for threats.

Therefore, an organisation or its service provider can either open its firewall ports to an MDM server hosted in their most trusted network segment or host the MDM server in a less trusted segment – a ‘DMZ’ of sorts. Ultimately, this equates to either compromising a secure network, or sacrificing the MDM server.

One way to mitigate the risks of such a compromise is to choose a solution that employs a ‘split-proxy’ architecture. Utilising a series of proxy servers residing in a DMZ, these fulfil the range of encrypted communications with the smartphone ecosystem, which are required of an MDM server. MDM traffic is rendered inspectable by the proxies and is subjected to a web application firewall to test for anomalies.

The MDM server may be hosted within the secure network, with appropriately secured and managed communication with the proxy servers. This type of solution can provide a significantly improved level of defence, whilst being completely transparent to the end user.

Consider the business objectives before implementation 

Ultimately, organisations that prioritise data and employee protection as part of their MDM strategy should assess what they need from their mobile devices, and how they intend to be used. A multi-functional work device that requires access to multiple back-end systems including sensitive customer data will almost certainly demand a large budget spend, in addition to robust risk analysis capabilities.

On the other hand, a small business continuity project, that keeps employees informed of out-of-hours actions in certain circumstances, may be achievable without any MDM implementation at all.

Regardless of whether an organisation is operating in a high or low-threat environment, it needs to select an MDM solution that is resilient enough to protect its data from increasingly sophisticated and well-funded threat actors, who are intent on infiltrating the mobile ecosystem to compromise company data.

WEBINAR: 6 Critical Steps for Securing Office 365, Thursday 9th May at 10am BST

 960 640 Guest Post
By:
0
0

Microsoft Office 365 continues to be the most used cloud-based application adopted by organisations worldwide. As a popular productivity suite, its capabilities are broad and help users collaborate with people both inside and outside their organisation. 

A broad set of capabilities, however, creates challenges in accessing and protecting the data that is used across the various Office 365 applications, including SharePoint, OneDrive, Outlook, and Yammer. How can you effectively secure and govern data usage across these applications?

This webinar will highlight 6 important steps needed to better protect your data within Office 365.

Watch this webinar and learn more about:

· How to get real time visibility and control of risky activities across dozens of apps in Office 365

· How to protect your data from inside and outside threats

· How to protect your data while enabling multiple access methods (i.e. web, desktop app, managed / unmanaged device)

· How to ensure best practices and industry compliance

REGISTER HERE

Free Download – Microsoft Office 365 Security Whitepaper

Microsoft customers have options when it comes to Office 365 security controls—with varying coverage depending on their license level. But securing the Office 365 suite of cloud services is a shared responsibility between the cloud provider (Microsoft) and the customer.

If you want to find out how EveryCloud in partnership with Netskope can help Secure your Cloud Applications and help you to understand risky activity, protect and prevent against the loss of sensitive data and guard against cloud-based threats such as malware and ransomware.

Get in touch to schedule a demo.

READER OFFER: Benchmark yourself against the industry standard for vulnerability management

 960 640 Guest Post
By:
0
0

How do you currently manage vulnerabilities within your organisation?

Discover where you stand against your peers with our free self-assessment and get a relevant, actionable executive report!

Our assessment takes less than 4 minutes and the first 10 people to complete it will receive a £5 Amazon Voucher!

Click here for your free self-assessment.