October 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
14% of C-suite executives say organizations have no cyber threat defense plans
Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey.
Further, COVID-19 pandemic disruption led to increased cyber threats to U.S. executives’ organizations (86%) at a considerably higher rate than non-U.S. executives experienced (63%). Yet, 14% of U.S. executives say their organizations have no cyber threat defense plans, a rate more than double that of non-U.S. executives (6%).
The bitter truth is that most organizations do not have a proper cybersecurity plan until after a major breach. Some organizations feel that they have adequate security solutions but many loopholes are not being addressed. Some organizations do not allocate enough budget for security.
According to a report by the Harvard Business Review, many decision-makers use the wrong mental modes to help them determine how much investment is necessary and where to invest. Some of the reasons given are – They think of cyber defense as a fortification process – if you build strong firewalls, you will be able to see the attacker miles away, or they assume that complying with a security framework just works fine with just checking the items in the checkboxes, or some think that they didn’t experience a cyberattack so far so why waste money in investing in security solutions.
The problem with the above mental modes is that they treat cybersecurity as a finite problem that can be solved, rather than as an ongoing process. It is time for organizations to get their act right and focus on risk management and not on risk mitigation. They have to start taking meaningful steps to help the organization become cyber secure.
Ransomware Soars 148% to Record-Breaking Levels in 2021
The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall.
The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day.
Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020.
SonicWall predicted that by the end of 2021, the ransomware total would be near 714 million, which would be a 134% year-on-year increase.
According to an Accenture report, established ransomware operators are upping their game as they continue to focus on new monetization opportunities and see no limit to the potential profits. To plan for resilience, organizations should focus on the business and operational risks presented by the threat across their unique value chain and prioritize planning and defense efforts accordingly.
Organizations should keep their security hygiene up to date and must ensure that their crown jewels are properly protected. They should implement a holistic backup and recovery strategy. Ensure adequate visibility and coverage across the attack surface.
Unstructured data growth increases risk of ransomware and data breaches
Unchecked data growth and disorganization increases cyber risk, according to Egnyte’s 2021 Data Governance Trends Report. The report is based on a survey of 400 IT executives conducted in July 2021 and examines the challenges of securing and governing unstructured content in today’s hybrid and remote work environments.
A key finding of the research is that unchecked data growth, combined with a lack of visibility, is increasing the risk of breaches, ransomware, and compliance violations dramatically. 52% of companies use more than ten sanctioned file storage repositories, and 40% report unsanctioned cloud storage in use across the organization, as well as rampant use of informal repositories like email, Slack, and DocuSign.
Unstructured data growth increases the risk of ransomware attacks and data breaches. This is because unstructured data is easy for hackers to locate and encrypt them. Typically, unstructured data includes emails, word documents, social media, text files, job applications, text messages, digital photos, audio and visual files, spreadsheets, presentations, and much more.
Most of the unstructured data is generated during an interaction and is not stored in any formal management system. Gartner estimates that over 80 percent of enterprise data is unstructured and growing at 65%.
Deleting unnecessary unstructured data is one method to curb the piling of unstructured data. But most organizations are not even aware of where their unstructured data lies. Therefore, the best possible solution is to revoke access rights. Only provide permission to those who need it to get the job done.
An Enterprise Digital Rights Management (EDRM) is a core-data-centric technology that offers uninterrupted protection to unstructured data. SECUDE is the only data-centric solution provider with capabilities to extend Microsoft Information Protection (MIP) to SAP, PLM, and CAD environments.
Our solution HALOCORE provides end-to-end protection of sensitive SAP data exports throughout their lifecycle. Similarly, HALOCAD extends the security templates provided by MIP to the complete lifecycle of CAD and PLM documents.
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Microsoft says the group has attacked more than 140 service providers and compromised 14 of them between May and October of this year.
Nobelium, the Russia-based threat actor behind the supply chain attack on SolarWinds, is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies.
Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them, according to Microsoft, which has been tracking the campaign.
Cyberattacks within the supply chain are becoming more common. Suppliers and vendors need to understand what the risk of attack they have to bear is and how it will affect their operations. While an increased level of understanding between the partners/suppliers/vendors is necessary there is also a need for a strong security solution that provides real-time visibility.
Having data stored in the cloud means that it can be accessed from a single source. However, recent reports show that cloud service providers without a robust cybersecurity plan can also become easy targets for hackers. Cloud service providers need to be aware of the risks posed by an increasingly connected environment and plan their cyber strategy accordingly.
Organizations have to get their data-centric strategy right. They need to establish which data is critical and make it difficult for adversaries to achieve their goals. They need to establish to better monitor users and block unauthorized users. They have to use multi-factor authentication and role-based access to make informed decisions about who can see which data and systems.
New CISA Tool Helps Organizations Assess Insider Threat Risks
The United States Cybersecurity and Infrastructure Security Agency (CISA) has released a tool to help organizations assess their insider threat risk posture.
Suitable for organizations in both public and private sectors, the Insider Risk Mitigation Self-Assessment Tool provides users with feedback based on responses to a series of questions.
Furthermore, the tool aims to deliver a better understanding of the nature of insider threats, to help users start their own prevention and mitigation programs.
As CISA points out, insider threats represent a major risk to any organization due to the fact that knowledge and trust are placed in the hands of the adversary, which could be an employee, a contractor, or other individuals who have inside knowledge.
Authorized users (insiders) may abuse legitimate privileges to masquerade as another user or to maliciously harvest important data. An insider attack is much more difficult to detect and potentially more dangerous. Insiders to an organization may be former employees or system administrators who use their already existing privileges to harvest data or simply sabotage attacks.
Organizations have to be more proactive and not wait for a breach to happen to take action. When proper controls are not in place organizations risk losing their sensitive data often leading to financial losses and damage to their reputation. Using persistent, granular access and usage controls along with real-time tracking and visibility can help prevent insider attacks. It is important to revoke access anytime there is a threat to your data.
SECUDE is a data-centric security solutions provider that has helped organizations protect their data for more than two decades.