February 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
Insider Cloud Data Theft Plagues Healthcare Sector
Over a third (35%) of global healthcare organizations suffered cloud data theft by malicious insiders last year, according to data from Netwrix.
The findings come from the security vendor’s 2021 Netwrix Cloud Data Security Report, based on interviews with 937 IT professionals around the world.
As enterprises especially in the healthcare sector go in for more cloud services, the complexity grows because of the vast amount of data that is stored and used by these organizations. Cloud infrastructure being dynamic and in-demand, users and applications often provide permissions beyond what is necessary for their legitimate needs.
Excessive permissions are often unnoticed because they add the new user by default without proper verification. As complexity increases, the attack surface also grows, and there is a greater potential for misconfigurations that hackers take undue advantage of.
Organizations can mitigate such data breaches by continuous monitoring to identify misconfigured services. They need to proactively manage cloud access. Proper encryption and authorization have to be ensured.
Permission management and security configurations have to be given high priority. Enterprises, especially the healthcare sector needs to have reliable data security specialist to take care of its security needs
Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks
Half of organizations are concerned that the shift to remote work is putting them a greater risk of cyber-attacks, according to a new study by LogMeIn in collaboration with IDG.
A survey of UK CIOs, CTOs and IT decision makers revealed that insecure practices are regularly taking place among remote workers, providing more opportunities for cyber-criminals to strike.
A large majority (80%) of organizations admitted that a portion of their workforce use personal computers to work from home, while two in five said that over 50% of their staff rely on at-home Wi-Fi networks to operate.
There is no doubt that the recent pandemic has pushed organizations to move to a remote working style. However, employees must work with caution while working remotely than they would if they work from an office set-up.
The reason being a type of callousness sets in when working from home leading to increased risks of employees falling prey to cyberattacks. Therefore, it is important that business leaders take this issue seriously and they must leverage new policies and technologies to keep their information safe, especially their sensitive data.
As work is no longer done under a closed network or perimeter, and most of the employees have their own devices and connect to the corporate network, there is a high probability of logging into a rogue network.
Employees have to be diligent while at the same it is important to streamline access and rights management, ensure proper data encryption, and adopt a Zero Trust model to ensure safety against such unwarranted attacks.
Breaches Cost US Healthcare Organizations $13bn in 2020
Last year saw a double-digit surge in the volume of healthcare data breach incidents in the US, with over 26 million people affected, according to Bitglass.
The cloud security firm’s seventh annual Healthcare Breach Report was compiled from US Department of Health and Human Services records of breached protected health information (PHI).
It revealed that incidents increased by over 55% on 2019 figures to reach 599 breaches in the sector, impacting over 26.4 million people.
It is evident from the increasing number of healthcare cyberattacks that the healthcare industry is turning to be a favorite target. While most healthcare institutions are concerned about maintaining the privacy of their patients, they are still way behind when it comes to cybersecurity policies and procedures or investing in new and updated security technologies.
Most systems are outdated and not robust. This industry stores valuable and sensitive patient information that hackers can easily steal and sell for personal gain.
Effective cybersecurity solutions have become a must for this industry, and it is time that the leadership team in this industry realize the importance of installing cybersecurity measures and allocate sufficient funds to protect their valuable patient data.
How Zero Trust in Healthcare Can Keep Pace with the Threat Landscape
Hackers are outpacing healthcare in the overall cybersecurity race. Zero trust in healthcare can help stop attack proliferation, but it will be an uphill battle.
Healthcare has and will likely always be a prime target for cyberattacks, given its valuable data and the need for constant data access to ensure continuity of care. While awareness around these issues has drastically improved, the need for a zero trust in healthcare will be crucial moving forward given the sector’s staffing gaps, limited resources, and other challenges.
The recent surge in cyberattacks in the healthcare industry has shown that cybercriminals use more sophisticated techniques and tools to hack into networks and infiltrate data. Insider threats are also a major concern for this industry.
There are numerous stringent rules that recommend a set of guidelines to be followed for restricting access to the physical network and process security. However, it is increasingly becoming evident that these measures are not enough and calls for more stringent access control.
Zero Trust is an approach to security where there is no assumed trust of corporate devices or networks and access policies are applied wherever data is present and accessed by all systems.
It includes security at multiple levels and ensures that patient records and details can be approached only with proper permissions. Controls can be ensured around the data and users who access the data can be audited.
NSA issues guidance on Zero Trust Security Model
Recently, the National Security Agency (NSA) published a cybersecurity guidance, “Embracing a Zero Trust Security Model.” This guidance shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data.
The guidance aims to provide users with a foundational understanding of Zero Trust and discusses its benefits along with potential challenges and makes recommendations for implementing Zero Trust within their networks.
In this digital era, data is the backbone for all businesses. It is an important tool and corporate weapon for businesses to capture large market shares. Given its importance, properly protecting and securing the data has become an important task for businesses.
Data theft has emerged as one of the top crimes worldwide and businesses are spending millions of dollars in keeping their data secure.
Data itself has no borders and can be accessed from anywhere through any network by innumerable persons, some legitimate while others may not be so. As such it is very difficult to keep track of the data and how it is being accessed and used. This calls for stringent laws and enforcement.
When there is a lack of specific laws or slack in enforcement it paves way for easy data theft and data loss. In addition to the laws, Zero Trust is emerging as the most secure way of dealing with data transactions. And it is good for all types of businesses when guidelines are laid for having a secure Zero Trust Model. This will help in gaining the trust of the customers and greater reliability in the organization when standards are met.
More Than 9 In 10 IT Leaders Say That Client & Company Data Is At Risk On Email: Study
95% of IT leaders say that client and company data is at risk on email, according to Egress’ 2021 Data Loss Prevention Report. In addition, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months.
Human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error – for example, sending an email containing sensitive data to the wrong recipient or attaching the wrong file.
Email is the most popular vehicle of communication. However, it is also the popular medium for cyberattacks. Using deceptive messages, hackers are able to get into the system or they are able to make the user divulge important information.
Therefore, Email security plays a very important role in business communications. Malware or phishing emails make users an easy target.
Therefore, it is important to secure Email accounts with comprehensive security protocols. Email encryption and various data protection solution need to be used to identify sensitive data and apply adequate protection to prevent its loss. Monitoring and scanning can be used to block unwanted emails reaching the intended users.
Supply chain attacks show why you should be wary of third-party providers
The weak link in your enterprise security might lie with partners and suppliers. The risks associated with a supply chain attack have never been higher, due to new types of attacks, growing public awareness of the threats, and increased oversight from regulators.
Meanwhile, attackers have more resources and tools at their disposal than ever before, creating a perfect storm. The recent SolarWinds attack is a prime example.
Many enterprises today are providing valuable information including financial data and customer sensitive information to their third-party providers. These third-party providers may not have an adequate level of data security. In most cases, enterprises overlook supply chain security and third-party risks.
At the same time, hackers are realizing that it is much easier to compromise the third-party provider to gain access to an enterprise rather than trying to gain direct access to the larger enterprise. Therefore, it is critical that enterprises realize the importance of supply chain security and ensure that these third-party providers have stringent security measures.
Third-party providers must ensure that security best practices are followed, and all information is properly protected. An organization must take a data-centric perspective while dealing with third-party providers.
While there are many products in the market that talk about securing CAD files, when you have invested in Microsoft Office 365 you can leverage MIP for your CAD files using a simple cost-effective connector HALOCAD from SECUDE.
SECUDE has been in the data security business for more than two decades and has gained the trust of most fortune 500 companies using SAP data.