security Archives - Page 3 of 4 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

security

‘Simplicity is the ultimate sophistication’ for Access Control

 960 640 Guest Post
By:
0
0

By Tim Boivin (pictured), Marketing Director, PortSys

Leonardo DaVinci’s philosophy in the headline has never rung so true as it does today in IT – especially when we’re talking about providing users secure access in our perimeterless world.

If your access approach is wrong, your risk of being hacked ramps up exponentially. Counterintuitively, installing more security solutions can make access less – not more – secure. Each different access solution, each port opened to the outside world, increases your attack surface.

That’s where a Zero Trust Access Control approach helps paint your own sophisticated, yet simple, security masterpiece. For instance, Total Access Control (TAC) offers single sign-on to a central portal that gives users seamless, secure access to resources they need to do their jobs – and only those resources.

With TAC, you can inspect every connection to evaluate a user’s full context – including robust endpoint inspection, credentials verification, device validation, location of the user and more – prior to granting access to any resources, local or cloud. In addition, each connection to each resource through TAC must first pass the security policies you set – and not those set by some third party such as a cloud provider – before that access is granted.

With TAC’s microsegmentation, users are granted access only to the specific resources they are authorized to access, effectively making users captive within the application resources – rather than gaining access to your entire network infrastructure. Each resource can also have its own rules for access – an advanced level of microsegmentation that allows for variable or even partial secure access to resources, based on the user’s context of access for each request.

TAC makes the lives of end users and administrators alike much simpler, so they can focus on doing their jobs instead of trying to remember what password works where for which application. Along the way, your security becomes much more sophisticated in its ability to close the gaps across your infrastructure and keep hackers out.

That’s an IT security masterpiece Leonardo DaVinci would be proud to paint.

To learn more about TAC, watch our video.

What an Endpoint is, and how EDR can benefit business

 960 640 Stuart O'Brien
By:
0
0

By Eleanor Barlow, Content Manager, SecurityHQ

An endpoint, in its simplest form, is any device that can be connected to a given network, including, and not limited to laptops, computers, mobiles, servers, IoT devices, switches, cameras, digital printers, smart watches, and more. What constitutes as an endpoint is growing by the day. Be it in the form of health trackers or navigation systems, with any advancement in technology, the number of endpoints and, with it, the number of vulnerabilities grows.

What is Endpoint Detection & Response and How is it Used?

Endpoint Detection & Response (EDR) is a service usually provided by a Managed Security Services Provider (MSSP) that is used to continually monitor endpoints, gain full visibility of the clients IT environment, detect incidents, receive instant notifications and advice on how to contain and mitigate a threat and stop breaches

The challenge most organisations have within their security teams is that responses to cyber attacks are simply not fast enough. This is primarily due to the fact that organisations do not often have the right processes, systems, experts in place who can monitor, action and respond to threats effectively and in rapid time.

EDR is designed to speed up this response time by identifying the root cause of a threat and make blind spots instantly visible. With this visibility of their threat landscape, businesses can then understand and prioritise threats, as well as respond to what needs to be responded to first.

How Does EDR Work?

EDR can be used to monitor all potential threats and behaviours, through this, security teams can understand how a threat appeared, what created it, if it made a connection, if the registry setting was modified, what eff­ects this had, and more.

As this service is usually ran by a dedicated team, 24/7 SOC monitoring means that attacks already in progress are contained, and the infected systems are then isolated. The system processes are then terminated, and the hashes banned across the entire enterprise to ensure effective containment of a threat

Real-time response means that you can proactively locate the most advanced threats, that make it past your usual defences. This is often achieved by a combination of ML and human intelligence, to identify anomalous endpoint behaviour.

What Next?

To find out more on how to gain full visibility of your whole IT environment, detect incidents, and stop breaches, download this EDR data sheet here, for a comprehensive view of the features and benefits available.

Or, if you are experiencing a current security breach or possible incident and require immediate assistance, please complete this form and a member of our Security Operations Team will aim to be in contact within 15 minute.

About The Author

Based in London, Eleanor specialises in researching and reporting on the latest in cyber security intelligence, developing trends and security insights. As a skilled Content Manager and experienced named author and ghost writer, she is responsible for SecurityHQ’s content strategy. This includes generating content for the latest articles, press releases, whitepapers, case studies, website copy, socials, newsletters, threat intelligence and more. Eleanor holds a first-class degree in English Literature, and an MA from the University of Bristol. She has strong experience writing in B2B environments, as well as for wider technology-based research projects.

How hackers get caught

 960 640 Guest Post
By:
0
0

Cyber criminals are intelligent, elusive individuals, making it difficult for law enforcement to track them down. Not all hackers manage to escape retribution, however. Here, Joanne Newton, deputy head of the school of computing at Arden University, explores the traps they fall in to, and how they get caught…

Cyber criminals go to many lengths to hide their identity and cover their tracks. The use of proxy servers, VPNs and encryption can mean it is incredibly difficult to track down and bring a hacker to justice. Because of this, according to industry data only four to five percent of hackers are actually caught, but high-profile cases showcase how even the most skilled can make simple mistakes which lead to them being apprehended.

In 2016, for example the capture of Guccifer 2.0, a hacking persona who became famous for leaking data from the Democratic National Committee, was possible because the hacker failed to activate a VPN before logging on, allowing investigators to trace the IP address back directly.

There was also the high-profile case of Hector Monsegur, leader of the Lulzsec Group that hit organisations such as Playstation, Fox News and the FBI. He was caught after forgetting to use the Tor system to hide his location when accessing a chat room.

There are a number of human flaws and traits that can lead to arrest, from the need to show off and gain credit for crimes – which is more common than you might think – to the inherent ability of humans to make the most basic errors and mistakes.

In July 2019 Paige A. Thompson, a former Amazon employee, was arrested and accused of stealing personal data of millions of Capital One customers.

She was tracked down after she posted online about possessing knowledge of multiple companies and was found to have files and information on Capitol One and Amazon, as well as social security numbers and bank account details from more than 30 different organisations on multiple devices in her bedroom.

There are many types of hackers carrying a range of different risk levels, from hacktivists – who look to raise awareness of a specific issue – to full-scale cyber terrorists. Of those operating, script kiddies tend to be the least experienced, leaving them most likely to face capture. This type of hacker typically tends to rely on tools developed by other attackers to penetrate a network or system, using these tools to target easy-to-penetrate systems which are vulnerable to widely-known threats.

According to industry data, ransomware attacks almost doubled in 2021. The market for ransomware is becoming increasingly professional – with cybercriminal services-for-hire creating an environment in which ransomware is offered as a service.

There is also a diversification of approaches when it comes to extorting money – with threats to publicly release data, or inform their victims’ families about an incident, all of which adds to the danger levels and increases the risks of being caught.

Much can be learned from hackers’ previous mistakes, and organisations globally should consider how they can take real-world observations and apply them to their own business to reduce the threat level.

Knowledge bases of adversary tactics and techniques exist, which can help organisations to plan for all eventualities using real-world observations. The aim of these frameworks is to improve detection by identifying the actions the cyber-criminal may take allowing the organisation to identify gaps in defences.

Forward-thinking organisations should be using this kind of system to help develop a framework for defence developing, penetration testing and threat modelling, to ensure their businesses are as protected as they can be from these threats.

Joanne Newton is Deputy Head of the School of Computing at Arden University.

Five top tips for improving your cyber security visibility and control 

 960 640 Guest Post
By:
0
0

By Leyton Jefferies, Head of Security Services, CSI

With an increasing number of high-profile security breaches splashed across the media, companies are now looking to improve their cyber security. As the world has become more digitally connected and working from home continues to be part of the way we work, there has become more opportunity for attack.

What are the threats? 

Ransomware has become increasingly sophisticated, and the number of phishing emails has risen exponentially. This has left many businesses vulnerable. The Government’s Cyber Security Breaches Survey found that four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the year March 2020-21, and phishing remains the most common threat vector.

The cost of these attacks is serious too. Around 21% of businesses end up losing money, data or other assets. A third of companies’ report being negatively impacted; for example, they require new post-breach measures, have staff time diverted or suffer broader business disruption.

How have hybrid working models increased cyber risks? 

Working from home and other out of office venues is leaving corporate networks vulnerable as the protection you would normally have behind the perimeter in the office is not in place on home and external networks. To further complicate the situation, users work from several locations with multiple devices and apps.

Company devices that had never moved beyond the organisation’s walls and were kept safely behind firewalls, IDS, DMZs and set up with security solutions that kept cybercriminals from attacking them, are now outside those protected networks. These remote devices are vulnerable to cyber-attacks if existing on-site security solutions are no longer fully effective.

So, what are the key things that businesses should focus on to improve visibility and control? Here are my five top tips:

1.     Make your employees your first line of defence 

Keeping security front of mind while employees are out of the office is an essential step in protecting your organisation. Strong cybersecurity awareness training is critical to prepare an employee to be the first line of defence.

With the lines of home and workspace blurred in a hybrid working world, phishing attacks, unfortunately, are here to stay. Therefore, reducing user risk by helping to identify email scams and malware should become part of bolstering an employee’s security awareness. Organisations can ‘test’ levels of awareness by conducting a custom phishing campaign to see how easily employees can spot a phishing email and how they respond. This can then be measured over time.

Educating about password security and safe internet habits should also be a vital part of staff training.

2.     Protect the endpoint 

Where endpoints are concerned, it’s wise to take a proactive approach to limit what activities can be carried out on the device. Privileged access security is critical to protect access to data, applications and systems. This allows the organisation to keep control of its most valuable data. Each online identity can be set with special access, or specific capabilities and access can be reduced where necessary.

With the high number of endpoints connected to the network, these become easy targets for cybercriminals. Endpoint Detection and Response (EDR) solutions can be deployed that involve continuous real-time monitoring of malicious activity. The solution can disconnect endpoints and shadow IT to respond to threats by utilising rules-based automated response and analysis capabilities.

3.     Using best of breed detection and response services 

Managed Detection and Response (MDR) is a combination of both technology and human expertise to provide security monitoring across an organisation’s entire IT environment. These services can rapidly respond to and eliminate threats. Taking it a step further, Extended Detection and Response (XDR) provides threat detection and incident response by collecting data across multiple security layers. For example, across email, endpoints, cloud workloads, servers and networks to provide a holistic view that allows for faster detection of threats and response times.

4.     Secure your organisation in the cloud 

Business needs are driving more organisations to the cloud than ever before. Cloud technology improves productivity, efficiency and cost savings and offers greater flexibility. But there are particular security implications to watch out for. The public cloud can limit your access control and authentication, so it’s wise to implement Multi-Factor Authentication (MFA), manage user access and integrate compliance into daily procedures.

Next-Generation Antivirus (NGAV) takes traditional antivirus software to a new, advanced level of endpoint security protection. It’s a cloud-based response to detect and prevent malware, identify malicious activity by unknown sources, collect comprehensive data from all endpoint devices to understand better what is going on in the IT environment. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence which goes beyond known file-based malware signatures.

5.     Prevention is best 

Today’s attackers know precisely where to find gaps and weaknesses in an organisation’s security posture. Companies, therefore, need to take actions into their own hands to become better protected. And thankfully, there are many ways in which this can be achieved.

Reducing your organisation’s risk of a cyberattack is the best stance – both from a cost and reputation perspective. Re-evaluate your cyber security strategy, have the right tools and services in place and integrate with effective employee education and testing.

Leyton Jefferies, Head of Security Services, CSI

Leyton has been with CSI since 2014 and is responsible for the firm’s security proposition and go to market service strategy, vendor and partner management development and design of CSI’s security solutions portfolio.

Salesforce security: 5 ways your data could be exposed

 960 640 Guest Post
By:
0
0

By Varonis

Salesforce is the lifeblood of many organizations. One of its most valuable assets-the data inside-is also its most vulnerable. With countless permission and configuration possibilities, it’s easy to leave valuable data exposed.

That, coupled with the fact that most security organizations aren’t very familiar or involved with Salesforce’s administration, opens organizations up to massive risk.

Here are five things every security team should know about their Salesforce security practices to effectively gauge and reduce risk to data. 

5 Questions You Should Ask:

  1. How many profiles have “export” permissions enabled? 

Exporting data from Salesforce makes it a lot easier for someone to steal information like leads or customer lists. To protect against insider threats and data leaks, export capabilities should be limited to only the users who require it.

  1. How many apps are connected to Salesforce via API? 

Connected apps can bring added efficiency to Salesforce, but they can also introduce added risk to your Salesforce security.

If a third-party app is compromised, it could expose internal Salesforce data. You should know exactly what’s connected to your Salesforce instance and how to ensure that connection doesn’t expose valuable information.

  1. How many external users have access to Salesforce? 

External users, like contractors, are often granted access to Salesforce. Surprisingly, 3 out of 4 cloud identities that belong to external contractors remain active after they leave the organization.

Salesforce security teams should ensure all contractors are properly offboarded from all SaaS apps to prevent data from being exposed.

  1. How many privileged users do you have? 

Privileged users have a lot of power within Salesforce. They can make configuration changes that have dramatic effects on how information can be accessed and shared.

Salesforce security teams need the ability to audit privileged users, be notified when changes are made, and understand exactly what changed to assess risk.

  1. Are your Salesforce Communities exposing internal data publicly? 

Misconfigurations are one of the easiest ways to unintentionally expose sensitive data. For security teams that aren’t intimately familiar with every configuration within Salesforce (of which there are many!), it’s easy to miss critical gaps.

Check to see if settings for Salesforce Communities, meant to share information with customers, are inadvertently making data accessible to anyone on the internet.

Improve your Salesforce security with DatAdvantage Cloud

With Varonis DatAdvantage Cloud, it’s easy to answer these and other critical security questions about Salesforce and other SaaS apps in your environment, like Google Drive and Box.

DatAdvantage Cloud keeps valuable data in Salesforce secure by monitoring access and activity, alerting on suspicious behavior, and identifying security posture issues or misconfiguration.

Click here to view the full article and visit the Varonis website.

WEBINAR REWIND: The next generation of secure digital communications – Why now and why it matters

 960 640 Stuart O'Brien
By:
0
0

Don’t worry if you missed December’s fantastic Zivver webinarThe next generation of secure digital communications – Why now and why it matters – You can now watch the entire session again online!

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

By watching the webinar you’ll get practical insights from Zivver’s panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. There’s discussion around how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

The panel also investigates Zivver’s perspective on this and how it is shaping our innovation today and in the future.

Panel participants include:

  • Stephen Khan: Global Head of Tech & Cyber Security Risk (former security exec HSBC)
  • Vinood Mangroelal: Executive Vice President, KPN Health
  • Brenno de Winter: Chief Security and Privacy Operations, Ministry of Health, Welfare and Sport Netherlands
  • Sarah Judge: Digital operational lead & CCIO, West Suffolk NHS Foundation Trust
  • Wouter Klinkhamer: CEO and Co-founder, Zivver
  • Robert Fleming: CMO, Zivver
  • Kelly Hall: VP, Corporate Communications & Campaigns, Zivver

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

Watch Again Now

Cybersecurity in 2022: A view from the experts

 1024 682 Stuart O'Brien
By:
0
0

There is no doubt that this year has been a year of disruption, change and opportunity within the cybersecurity industry. With 2022 on the horizon, find out what the experts have to say about the top trends impacting the industry now and what to look out for in the future…

Carlos Morales, VP Solutions, Neustar Security Solutions:

“Cybercrime has become a lucrative and mature market. We have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile, criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe-havens. This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully-fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets.

“As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer. Organisations really need to implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks and they need to partner with security providers that continually evolve their defence capabilities.  These new best practices offer far, far more cost-effective in the long run and provide peace of mind for organisations.”

Jim Hietala, Vice President of Business Development and Security, The Open Group

“2021 saw the emergence of Zero Trust security architecture as the forward-looking security architecture, and as a consequence, we also saw vendors using and abusing Zero Trust in their messaging. In 2022, we expect to see Zero Trust move from concept to practical implementation, with the availability of more vendor-neutral industry standards and best practices, including reference models and architectures that will help end users to build viable, multi-vendor security architectures based on Zero Trust principles. Open standards will be key to this development.”

Stephan Jou, CTO Security Analytics, Interset at CyberRes, a Micro Focus Line of Business

“All indications are that AI technologies will be increasingly prevalent in cybersecurity. This includes everything from the increasing adoption of technologies like UEBA by enterprises, surveys that show investment in AI by SOC teams, and the adoption of ML and other AI methods by SIEM, IAM and other systems.

“However, the types of AI that will be adopted in 2022 will be focused on specific, battle-tested techniques such as statistical learning, anomaly detection, and (in a more limited capacity) NLP. Certain areas of AI research, such as large language models (like GPT-3), will not be heavily adopted in 2022 for cybersecurity. This is because there is not yet a good use case match within cybersecurity for those technologies, and also because the computationally expensive and non-transparent nature of these approaches do not lend themselves well to the SOC needs at present.”

Kai Waehner, Field CTO and Global Technology Advisor, Confluent

“Cyber threats are not new. However, our more and more connected world increases the risks. Successful ransomware attacks across the globe enforce enterprises to take action by implementing situational awareness and threat intelligence in real-time at scale to act proactively against cyberattacks.”

Fabien Rech, EMEA Vice President, McAfee Enterprise

“Our reliance on API-based services is rising, as they quickly become the foundations of most modern applications. This is only set to rise further in 2022, as global use of the internet, 5G, and connected devices continues to boom – this year alone, we saw a 57% increase in online activity.

“Often business-critical data and capabilities lie behind these APIs, and cybercriminals have been quick to take note of this and exploit the increase in API usage. However, attacks targeting APIs go undetected in many cases, as they are generally considered trusted paths and lack the same level of governance and security controls.

“It’s therefore critical that enterprises make API security a priority next year. Organisations must ensure they have visibility of all application usage across their systems, with the ability to look at consumed APIs. Adopting a Zero Trust mindset will support this. It allows enterprises to maintain control over access to the network and all its instances, including applications and APIs, and restrict them if necessary.

“Shoring up on API security is particularly crucial amidst the current supply chain crisis, as APIs are often used as an entry vector for wider supply chain attacks due to their interconnected nature. Next year, supply chains will continue to be a prime target for hackers, and so enterprises should look one step ahead and use threat intelligence solutions to predict and prevent API attacks before they take place.”

Rory Duncan, Security Go To Market Leader UK at NTT

“This year, as we’ve started to recover from the pandemic, demonstrating effective cyber-resilience has become more crucial than ever. This will continue to be a priority for organisations as we move into 2022, as the shift towards permanent hybrid working models for many enterprises will put continued pressure on their ability to detect threats. It’s essential that businesses leaders prioritise security, especially as the trusted perimeter expands to encompass remote users.

“As businesses consider their 2022 hybrid workplace strategies, they need to revisit and re-evaluate security from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7% of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental in 2022.

“The ability to respond quickly and effectively across the distributed IT environment will be paramount next year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.”

Pritesh Parekh, VP of Engineering and Chief Trust & Security Officer at Delphix

“With intense scrutiny on how businesses prepare for and respond to breaches next year, it’s clear that security and compliance concerns will be the key determinant for any interactions with third parties – whether customers, partners, or vendors. Following the pandemic, digital guides every third party interaction – potentially exposing data as soon it moves outside of the business’s digital walls. Endpoints have become beyond critical when it comes to securing data, but you can’t always control your endpoints if they exist within another organization, right? The answer is, you must, meaning that technology vendors who don’t rise to the occasion and implement the same standards as their enterprise customers will lose business, big time.”

Keith Glancey, Director of Technology Western Europe, Infoblox

“Cybercrime is getting organised. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses, using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. With bigger businesses behind attacks, the stakes are significantly higher for organisations under fire. It’s not just businesses, either – we’re seeing an increasing number of nation state-led attacks from major players like Russia, China and the US. Their target? Personal data.”

“This systematic approach to cybercrime is a continuation of a broader trend towards “as-a-service” business models. Cybercrime-as-a-Service (CaaS) brings together malware developers, hackers, and other threat actors selling out or loaning their hacking tools and services to people on the dark web. Ultimately, CaaS makes these tools and services accessible to anyone who wants to launch a cyberattack, even those without the technical knowledge to do so.”

Forrester Consulting research shows Human Layer Security is the solution security leaders have been looking for

 960 640 Stuart O'Brien
By:
0
0

A commissioned study conducted by Forrester Consulting on behalf of Tessian  shows that Security and Risk leaders feel little control over risks posed by employees.

On the other hand, organisations that deploy Human Layer Security technology feel more prepared to face email security threats and data breaches, demonstrating a higher level of security maturity.

Key insights from the study include:

  • Nearly 40% of organisations report 10+ employee-related email security incidents per month
  • 61% of our survey respondents think an employee will cause their next data breach
  • Over 75% of  firms report that 20% or more email security incidents get past their existing security controls
  • One-third say they lack visibility into threats and risky behaviours
  • Organisations spend up to 600 hours per month resolving employee-related email security incidents
  • 42% of security and risk leaders are looking to improve their email security postures

Read the complimentary Forrester Consulting study to understand why Human Layer Security solutions are necessary to achieve the full value of your existing security tech stacks in a way that empowers employees while achieving maximum protection.

WHAT IS HUMAN LAYER SECURITY? 

Human Layer Security (HLS) automatically detects and prevents threats by understanding human communication patterns and behaviour, building a unique security identity for each and every employee, and continuously improving their security reflexes over time.

Security and risk leaders who take a Human Layer believe their email security posture is extremely effective at alerting the organisation to potential attacks/threats from users’ risky behaviours or poor security decisions. Meanwhile, those who don’t take a Human Layer approach feel less control over business disruptions.

Want to learn more about the impact of Human Layer Security? Download the full study.

You can also book a demo to see Tessian’s Human Layer Security platform in action.

Cloud applications put your data at risk — Here’s how to regain control

 961 639 Guest Post
By:
0
0

By Yaki Faitelson, Co-Founder and CEO of Varonis

Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organisation safe from cyberattacks, they’re also a big, growing risk.

Your data is in more places than ever before. It lives in sanctioned data stores on premises and in the cloud, in online collaboration platforms like Microsoft 365 and in software-as-a-service (SaaS) applications like Salesforce.

This digital transformation means traditional security focused on shoring up perimeter defenses and protecting endpoints (e.g., phones and laptops) can leave your company dangerously exposed. When you have hundreds or thousands of endpoints accessing enterprise data virtually anywhere, your perimeter is difficult to define and harder to watch. If a cyberattack hits your company, an attacker could use just one endpoint as a gateway to access vast amounts of enterprise data.

Businesses rely on dozens of SaaS applications — and these apps can house some of your organisation’s most valuable data. Unfortunately, gaining visibility into these applications can be challenging. As a result, we see several types of risk accumulating more quickly than executives often realise.

Three SaaS Security Risks To Discuss With Your IT Team Right Now

Unprotected sensitive data. SaaS applications make collaboration faster and easier by giving more power to end users. They can share data with other employees and external business partners without IT’s help. With productivity gains, we, unfortunately, see added risk and complexity.

On average, employees can access millions of files (even sensitive ones) that aren’t relevant to their jobs. The damage that an attacker could do using just one person’s compromised credentials — without doing anything sophisticated — is tremendous.

With cloud apps and services, the application’s infrastructure is secured by the provider, but data protection is up to you. Most organisations can’t tell you where their sensitive data lives, who has access to it or who is using it, and SaaS applications are becoming a problematic blind spot for CISOs.

Let’s look at an example. Salesforce holds critical data — from customer lists to pricing information and sales opportunities. It’s a goldmine for attackers. Salesforce does a lot to secure its software, but ultimately, it’s the customer’s responsibility to secure the data housed inside it. Most companies wouldn’t know if someone accessed an abnormal number of account records before leaving to work for a competitor.

Cloud misconfigurations. SaaS application providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications — and data — to risk. And not just to anyone in your organisation but to anyone on the internet.

It only takes one misconfiguration to expose sensitive data. As the CEO of a company that has helped businesses identify misconfigured Salesforce Communities (websites that allow Salesforce customers to connect with and collaborate with their partners and customers), I’ve seen firsthand how, if not set up correctly, these Communities can also let malicious actors access customer lists, support cases, employee email addresses and more sensitive information.

App interconnectivity risk. SaaS applications are more valuable when they’re interconnected. For example, many organisations connect Salesforce to their email and calendaring system to automatically log customer communication and meetings. Application program interfaces (APIs) allow SaaS apps to connect and access each other’s information.

While APIs help companies get more value from their SaaS applications, they also increase risk. If an attacker gains access to one service, they can use these APIs to move laterally and access other cloud services.

Balancing Productivity And Security In The Cloud

When it comes to cloud applications and services, you must balance the tension between productivity and security. Think of it as a broad, interconnected attack surface that can be compromised in new ways. The perimeter we used to defend has disappeared. Endpoints are access points.

Now consider what you’re up against. Cybercrime — whether it’s malicious insiders or external actors — is omnipresent. If you store sensitive data, someone wants to steal it. Tactics created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.

Defending against attacks on your data in the cloud demands a different approach. It’s time for cybersecurity to focus relentlessly on protecting data.

Data protection starts with understanding your digital assets and knowing what’s important. I’ve met with large companies that guess between 5-10% of their data is critical. When ransomware hits, however, somehow all of it becomes critical, and many times they end up paying.

Next, you must understand and reduce your SaaS blast radius — what an attacker can access with a compromised account or system.

An attacker’s job is much easier if they only need to compromise one account to get access to your sensitive data. Do everything you can to limit access to important and sensitive data so that employees can only access what they need to do their jobs. This is one of the best defenses, if not the best defense against data-related attacks like ransomware.

Once you’ve locked down critical data, monitor and profile usage so you can alert on abuse and investigate quickly. Attackers are more likely to trigger alarms if they have to jump through more hoops to access sensitive data.

If you can’t visualize your cloud data risk or know when an attack could be underway, you’re flying blind.

If you can find and lock down important data in cloud applications, monitor how it’s used and detect abuse, you can solve the lion’s share of the problem.

This is the essence of zero trust— restrict and monitor access, because no account or device should be implicitly trusted, no matter where they are or who they say they are. This makes even more sense in the cloud, where users and devices — each one a gateway to your critical information — are everywhere.

This article first appeared on Forbes.

YAKI FAITELSON

Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction, and execution of the company.

International Fraud Awareness Week – Hear from the experts

 960 640 Stuart O'Brien
By:
0
0

Fraud is not a new concept – far from it. Since the dawn of time, fraudsters have looked to take advantage of circumstance and innocent people have fallen victim as a result. But, in our digital age, fraud is more prevalent than ever before. That’s why this International Fraud Awareness Week, we spoke to three experts in the field; to find out more about how organisations can protect themselves and their customers. Here’s what they had to say:

Ben Fraser, Global Head of Business Development, Insurance at Endava  

“As we enter International Fraud Awareness Week this year, it’s a startling realisation that fraud continues to plague consumers despite leaps and bounds in cybersecurity. Last year alone, scam attempts rose by 33%, resulting in £2.3bn in losses for consumers. As fraud continues to rise, the question needs to refocus not just on how we can prevent fraud, but also how consumers can take matters into their own hands.

“Part of the answer the answer may lie within embedded insurance, which allows insurers to reach consumers where they live and work: through offering solutions when they’re needed most, whether that’s while consumers are shopping online, checking their bank details, comparing cars for purchase, or looking for vets. 

“The concept of embedded insurance exists in a limited form today. There is, however, plenty of opportunity for insurers to better integrate solutions to eliminate the effort in consumers having to seek out support themselves, making it easier than ever to protect themselves from bad actors across their digital footprints. 

“As we head into International Fraud Awareness Week, hopefully we will see more of just that: better awareness of how technology can accelerate and combat the multiple threats we’ve see escalate as we all move toward a digital-first lifestyle. Making sure consumers have easy access to insurance is one – but one critical – element of that, and will go a long way in making sure consumers feel safe when heading online, flashing some cash, or hitting the road.”

Raj Samani, Chief Scientist and McAfee Enterprise fellow:

“International Fraud Awareness Week comes as a timely reminder that enterprises and individuals should all take time to shore up their cyber defences. The threat landscape is constantly evolving, and cybercriminals are expanding their tactics and target groups. As well as posing a threat to individuals across the country, fraud and scams intensify the threat for businesses. Today, many employees are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the end goal could be accessing sensitive enterprise information. Unfortunately, this threat has continued to increase due to the pandemic, with our research finding that 57% of UK organisations experienced increased cyber threats during COVID-19.

“To tackle rising fraud threats, businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of and vigilant against threats to avoid making it too easy for criminals to cash in on both personal and company data.   

“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications

“Fraud Awareness Week acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new research from Nuance has found that on average victims of fraud lost over £3,300 each in the last 12 months – three times higher than in 2019.”  

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. 

“Biometric technologies authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.”