August 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
Tech companies pledge billions to bolster cybersecurity investments
Some of the country’s leading technology companies have committed to investing billions of dollars in strengthening cybersecurity defenses and in training skilled workers, the White House announced, following President Joe Biden’s private meeting with top executives.
Google announced it would invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.
Microsoft announced it would invest $20 billion over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.
Apple announced it would establish a new program to drive continuous security improvements throughout the technology supply chain.
As the battle between organizations and cyber security hackers intensifies, more and more organizations are beefing up their cybersecurity investments. Today most organizations have substantial assets in the digital form especially their Intellectual Property (IP) data, and they also collaborate extensively.
Most CEOs and CISOs acknowledge the fact that cyber threats have increased in recent times and it is a serious threat that needs attention. Therefore, they are investing huge amounts of money in strengthening their cyber defenses against malicious outside and inside attacks.
In our decades of experience, we have noticed that organizations are under the assumption that every asset in the organization has to be equally protected.
This is not the case. Organizations must provide differentiated protection of the company’s most important assets, “their crown jewels – data” using a tiered collection of security measures.
This is where data-centric specialists like SECUDE play an important role especially for data from SAP systems.
80% of global businesses expect a breach of customer records in the next year
According to a new survey, 80% of global organizations report they will experience a data breach that impacts customer data in the next 12 months.
The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked.
Organizations ranked the top three negative consequences of an attack: customer churn, lost IP, and critical infrastructure damage/disruption.
Every organization either big, medium, or small is at risk of a data breach, system hack, malware, or ransomware attack. The cost of a data breach is also higher. According to an IBM security report, the average total cost of a data breach increased by nearly 10% to $4.24 million, the highest ever recorded.
The study also showed that a zero-trust approach helped reduce the average cost of a data breach. However, only 35% of organizations use a zero-trust approach, which aims to wrap security around every user, device, and connection. Organizations must adopt a zero-trust security model to prevent unauthorized access to sensitive data.
Organizations can no longer rely on out-of-the-box cybersecurity solutions as cybercriminals are getting smarter. Moreover, cybersecurity laws also mean that organizations can no longer ignore their cybersecurity. Therefore, they must adopt a zero-trust approach to protect their prized assets.
How prepared are you to meet the cybersecurity threats? With more than two decades of experience in data security, we can help you with a solid data protection strategy to protect your prized assets by combining our expertise, processes, and solutions.
More than a third of organizations have experienced a ransomware attack or breach
A recent International Data Corporation (IDC) survey found that more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months.
Organizations of all sizes must take ransomware extremely seriously as it will continue to be the largest of cyber threats. Ransomware continues to be very costly for many organizations – the price you pay for not being prepared is growing.
Ransomware is a nefarious malware that blocks access to files and holds the data hostage until the ransom is paid.
The recent Colonial Pipeline attack is a good example of a typical ransomware attack. In the 2021 cost of a data breach report, ransomware attacks have grown more common and have a greater average cost of a breach than the overall average.
While there is no one perfect solution available in the market today for ransomware, data encryption with zero trust principles is a better approach than most others.
Data encryption protects data wherever it resides. Once data is encrypted and the encryption key secured, that data becomes useless to cybercriminals. It is time to take cybersecurity seriously and train/equip your employees as well.
SECUDE, a data-centric specialist and Microsoft Partner extends Microsoft Information Protection (MIP) to protect sensitive SAP and CAD/PLM data even in the hands of unauthorized users.
Enterprises struggle to identify insider attacks
A new report, The State of Insider Threats 2021: Behavioral Awareness & Visibility Remains Elusive, revealed that organizations struggle to identify the indicators of insider attacks.
53% of Companies Find it Impossible or Very Difficult to Prevent an Insider Attack When Data is Being Aggregated, a Key Indicator of Intent of an Attack.
The findings of this report reveal that enterprises are missing the warning signs of insider threats and the intent of perpetrators. Key findings include:
- Nearly half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages of the Insider Threat Kill Chain
- Only 32% of companies say their organizations are very or highly effective in preventing the leakage of sensitive information
- 15% of organizations state that no one has ultimate authority and responsibility for controlling and mitigating workforce risks
Insider threats cost dearly for organizations. According to IBMs “2020 IBM-X-Force Threat Intelligence Index”, inadvertent insider threats are the primary reason for the greater rise in the number of records breached in 2019 from 2018.
Insiders constitute current employees, former employees, contractors, business partners or business associates, and their motivation, awareness, access level, and intent.
Gartner classifies insiders into four categories – The Pawn, The Goof, The Collaborator, and the Loan Wolf. The Pawn is employees who, unaware, are manipulated into performing malicious activities. The Goof is ignorant and arrogant users who believe they are exempt from security policies. Out of convenience or incompetence, they actively try to bypass security controls. The Collaborators cooperate with the outsiders, like a company’s competitor, to commit a crime. The Loan Wolf acts independently and maliciously for financial gain, without external influence or manipulation. They can be extremely dangerous when they have elevated levels of privilege like system administrators.
Recent our latest blog on how HALOCHAIN can protect from insider threats especially system administrators.
Even the US president wants zero trust: Here’s how to make it a reality
President Biden’s executive order on improving the nation’s cybersecurity requires agency heads to develop a plan to implement a zero-trust architecture to effectively mitigate cyber risk.
The incentive for a business to implement a zero-trust architecture should be based on internal mandates, with consideration for how a security breach might impact others outside of the organization. If organizations don’t enact effective security controls internally, they could have them imposed as a regulatory requirement or through legislation.
The White House’s cybersecurity executive order will directly impact federal agencies and government contractors but will also likely influence private businesses.
The new executive order by Biden’s administration will cause an increase in organizations moving towards a zero-trust architecture for their cybersecurity.
In the new order, agencies are ordered to adopt multi-factor authentication and data encryption, whether in rest or transit. Cloud data protection also gets important and vendor compliance becomes more transparent. The executive order lays out clear directions on where the US wants to improve and how outside companies can help it get there.
Zero trust strategy isn’t accomplished by deploying a single tool or platform, rather, the approach involves technologies from all these categories – device security, network security, workload security, identity, and access management, visibility tools, and orchestration platforms.
Microsoft has been at the forefront of ensuring zero trust security and SECUDE, a trusted partner of Microsoft enables to automatically label and protect any data exported out of SAP and CAD/PLM using Microsoft Information Protection (MIP).