September 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
Over half of business owners admit to concealing a data breach
After a year of high-profile cyberattacks, data from Arctic Wolf’s Global Survey reveals executive attitudes on a wide array of cybersecurity and business issues.
Despite recent interventions into cybersecurity issues, executives lack faith in the government’s ability to protect them from cyber threats, with 60% of organizations believing that spending on new security tools and services is the most effective way of stopping attacks.
One-third of enterprises experienced a six-figure breach last year, and more than half (61%) of business owners admitted to concealing a breach. Seventy-eight percent of C-suite executives claim that they would be willing to pay a ransom to resolve a data breach, while 56% would be willing to pay over $100,000 to resume operations.
Concealing a data breach is illegal. When an organization conceals a data breach it is an offense and can be taken up for litigation. It can also lead to criminal charges.
Data owners are accountable for data security. It is for this reason, that they can be considered liable for breaches. Even if the data owner can argue that he did everything he could to protect the data, once a breach occurs, he is held liable for charges.
There are stringent laws on how data especially personal information data has to be protected. For example, the General Data Protection Regulation (GDPR), the recent China’s Personal Information Protection Law (PIPL) etc. levy heavy penalties if the data security measures are not adequately met. Therefore, every organization should ensure that proper data security measures are provided especially when personal information of customers is involved.
With more than two decades of experience in the data-centric security with a Zero Trust approach, SECUDE helps in data protection leveraging Microsoft Information Protection (MIP).
Supply chain security is a higher priority than two years ago
A new global survey of C-level executives released by CloudBees, reveals high confidence levels in software supply chain security but a limited understanding of the essential components that make a software supply chain secure. The survey also reveals that among nearly all companies, supply chain security is a higher priority than just two years ago.
According to the CloudBees Global C-Suite Security Survey, executives overwhelmingly claim their software supply chains are secure (95%) or very secure (55%), and 93% say they are prepared to deal with an issue such as ransomware or a cyberattack on their supply chain.
However, when asked additional questions about the security of their supply chains, the responses uncover vulnerabilities. More than two in five (45%) executives admit that initiatives to secure their software supply chains are halfway complete or less, and 64% say they are not sure who they would turn to first if their supply chain was attacked.
Eastern European ATM malware, Stuxnet computer worm, Target are some of the examples of supply chain cyberattacks.
Supply chain attacks are a major concern for industries related to the financial sector, government sector, manufacturing industry, design industry, etc. Supply chain attacks usually begin with an advanced persistent threat (APT) that determines the weakest link in the supply chain to target the attack organization.
Supply chain leaders have to take the necessary steps to address major vulnerabilities that can leave their organization exposed to cyberattacks.
SECUDE’s HALOCAD leverages MIP to encrypt CAD files. It is tightly integrated with MIP and fully supports the RMS implementation of Active Directory, Office 365, and Azure Active Directory.
Cloud presents biggest vulnerability to ransomware
Veritas Technologies surveyed more than 2,000 global IT leaders whose organizations have undertaken pandemic-led digital transformation and found the majority are severely vulnerable to ransomware attacks because they’ve been unable to keep pace with the accelerated digitization.
In fact, organizations would need to spend an average of $2.47 million to close the gaps in their technology strategy within the next 12 months. Additionally, the average organization experienced nearly three ransomware attacks that led to downtime in the past 12 months, and 10% were hit with ransomware more than five times.
Today, many organizations have data security policies and procedures in place. However, it is to be noted that these approaches do not extend to the cloud. Cloud data security involves comprehensive cloud data discovery and classification, constant monitoring, and risk management. A strong data protection policy is vital for any organization that collects, handles, or stores sensitive data, especially in the cloud.
Some ways in which data in the cloud can be protected are:
Multi-factor authentication prevents credentials from being used and mitigates the impact of compromised passwords.
Access control ensures that only authorized entities can retrieve data from a data repository. When properly implemented, access controls prevent unauthorized and compromised users from accessing sensitive information.
When data transits into service from clients, it is protected using encryption.
Close to half of on-prem databases contain vulnerabilities, with many critical flaws
A five-year study has concluded with a sobering fact for businesses using on-premise servers: close to half contain vulnerabilities that may be ripe for exploitation.
Imperva released the results of the study on Tuesday, which analysed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities.
“This indicates that many organizations are not prioritizing the security of their data and neglecting routine patching exercises,” Imperva says. “Based on Imperva scans, some CVEs have gone unaddressed for three or more years.”
Traditionally, companies keep their data on physical servers. As companies grow, their data storage also needs to expand. While it is possible to configure the best possible security solution, as the data expands it is very difficult for organizations to keep up with the data security needs.
Data breaches are not limited to ransomware attacks or malware, even insider threats can result in data being lost or stolen. Therefore, it is time for companies to move their data to the cloud and also provide a strong data-centric solution.
CISA releases the cloud security technical reference architecture and zero trust maturity model for public comment
The Cybersecurity and Infrastructure Security Agency (CISA) released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public comment. As the federal government continues to expand past the traditional network perimeter, it is paramount that agencies implement data protection measures around cloud security and zero trust.
The TRA is designed to guide agencies’ secure migration to the cloud by explaining considerations for shared services, cloud migration, and cloud security posture management. CISA’s Zero Trust Maturity Model assists agencies in the development of their zero trust strategies and implementation plans and presents ways in which various CISA services can support zero trust solutions across agencies.
Zero Trust Model is the way forward as more and more companies resort to a remote working style. Users access corporate data from everywhere, forcing organizations to think of their security strategies.
The old perimeter defense model assumes that everything inside it is safe. This allows hackers to get past the corporate firewall, gaining access to systems and data with ease. However, a Zero Trust model isn’t about a particular technology.
It is a mindset that no one can be trusted. Zero Trust provides a foundational model for protecting critical systems and data wherever they are accessed. Therefore, it is high time for organizations to start embracing Zero Trust Model to achieve the business and technology objectives.
Enterprises are missing the warning signs of insider threats
The report surveyed a global pool of 1,249 IT and IT security practitioners and found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack.
“The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute.
By turning a blind eye, employees can become inadvertent insider threats as their actions can power hackers waiting to hack the systems. Even the best firewalls cannot prevent an insider attack.
Why? Because an insider is an authorized user who has turned malicious or is an innocent accomplice to hackers. To prevent an insider attack, it takes various tools and processes to combat the threat before it becomes a major risk for the organization.
The most counter-effective to insider threat is constant monitoring of user behavior in real times to predict any abnormal behavior of the employee. Secondly, organizations have to stop privilege access abuse. Thirdly, stop data exfiltration.
One frequent target for hackers is the intellectual property of an organization. This means protecting your company’s sensitive data is of prime importance. Unauthorized access can be prevented with effective monitoring of data exfiltration efforts by an employee.
SECUDE with more than two decades of expertise in digital rights management can help in ensuring data security in SAP and CAD environments leveraging Microsoft Information Protection (MIP).