Topics

406

Cyber Security / Study Finds 87 Percent of Focused Cyberattacks are Prevented

« on: May 01, 2018, 07:56:09 PM »

With ransomware and distributed denial of service (DDoS) attacks on the rise, the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months. In the face of these growing cyber threats, organizations are demonstrating far more success in detecting and blocking them, according to a new study from Accenture.

Yet, despite making significant progress, only two out of five organizations are currently investing in breakthrough technologies like machine learning, artificial intelligence (AI) and automation, indicating there is even more ground to be gained by increasing investment in cyber resilient innovations and solutions.

The study was conducted from January to mid-March 2018 and investigated focused attacks defined as having the potential to both penetrate network defenses and cause damage, or extract high-value assets and processes from within organizations. Despite the increased pressure of ransomware attacks, which more than doubled in frequency last year, the study found organizations are upping their game and now preventing 87 percent of all focused attacks compared to 70 percent in 2017. However, with 13 percent of focused attacks penetrating defenses, organizations are still facing an average of 30 successful security breaches per year which cause damage or result in the loss of high-value assets.

“Only one in eight focused cyberattacks are getting through versus one in three last year, indicating that organizations are doing a better job of preventing data from being hacked, stolen or leaked,” said Kelly Bissell, managing director of Accenture Security. “While the findings of this study demonstrate that organizations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organizations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organizations in the next two to three years. That’s an encouraging projection.”

Security Teams Find Breaches Faster

It’s also taking less time to detect a security breach; from months and years to now days and weeks. On average, 89 percent of respondents said their internal security teams detected breaches within one month compared to only 32 percent of teams last year. This year, 55 percent of organizations took one week or less to detect a breach compared to 10 percent last year.

Although companies are detecting breaches faster, security teams are still only finding 64 percent of them, which is similar to last year, and they’re collaborating with others outside their organizations to find the remaining breaches. This underscores the importance of collaborative efforts among business and government sectors to stop cyberattacks. When asked how they learn about attacks that the security team has been unable to detect, respondents indicated that more than one-third (38 percent) are found by white-hat hackers or through a peer or competitor (up from 15 percent, comparatively, in 2017). Interestingly, only 15 percent of undetected breaches are found through law enforcement, which is down from 32 percent the previous year.

Addressing Cybersecurity from the Inside Out

On average, respondents said only two-thirds (67 percent) of their organization is actively protected by their cybersecurity program. And, while external incidents continue to pose a serious threat, the survey reveals that organizations should not forget about the enemy from within. Two of the top three cyberattacks with the highest frequency and greatest impact are internal attacks and accidentally published information.

When asked which capabilities were most needed to fill gaps in their cybersecurity solutions, the top two responses were cyber threat analytics and security monitoring (46 percent each). Organizations realize the benefits derived from investing in emerging technologies. A large majority of respondents (83 percent) agree that new technologies such as artificial intelligence, machine or deep learning, user behavior analytics, and blockchain are essential to securing the future of organizations.

Five steps organizations can take to achieve cyber resilience include:

1. Build a strong foundation. Identify high value assets and harden them. Ensure controls are deployed across the organizational value chain, not just the corporate function.

2. Pressure test resilience like an attacker. Enhance red defense and blue defense teams with player-coaches that move between them and provide analysis on where improvements need to be made.

3. Employ breakthrough technologies. Free up investment capacity to invest in technologies that can automate your defenses. Utilize automated orchestration capabilities and advanced behavioral analytics.

4. Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.

5. Evolve the role of CISO. Develop the next generation CISO - steeped in the business and balancing security based on business risk tolerance.

407

Cyber Security / Security Budgets Increasing, But Qualified Cybertalent Remains Hard to Find

« on: May 01, 2018, 07:55:18 PM »

The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 percent of information security professionals reporting unfilled cyber/information security positions within their organization, according to ISACA’s cybersecurity workforce research.

According to the report,

High likelihood of cyberattack continues. Four in five security professionals (81 percent) surveyed indicated that their enterprise is likely or very likely to experience a cyberattack this year, while 50 percent of respondents indicate that their organization has already experienced an increase in attacks over the previous 12 months.;
Nearly 1 in 3 organizations (31 percent) say their board has not adequately prioritized enterprise security.
Men tend to think women have equal career advancement in security, while women say that’s not the case. A 31-point perception gap exists between male and female respondents, with 82 percent of male respondents saying men and women are offered the same opportunities for career advancement in cybersecurity, compared to just 51 percent of female respondents. Of those surveyed, about half (51 percent) of respondents report having diversity programs in place to support women cybersecurity professionals.
Individual contributors with strong technical skills continue to be in high demand and short supply. More than 7 in 10 respondents say their organizations are seeking this kind of candidate.
Yet, there are several positive and promising insights in the ISACA data:

Time to fill open cybersecurity positions has decreased slightly. This year, 54 percent of respondents say filling open positions takes at least three months, compared to last year’s 62 percent.
Gender disparity exists but can be mitigated through effective diversity programs. Diversity programs clearly have an impact. In organizations that have one, men and women are much more likely to agree that men and women have the same career advancement opportunities. Eighty-seven percent of men say they have the same opportunities, as compared to 77 percent of women. While a perception gap remains, it is significantly smaller than the 37-point gap among men and women in organizations without diversity programs (73 percent of men in organizations without diversity programs say advancement opportunities are equal, compared to 36 percent of women).
Security managers are seeing a slight improvement in number of qualified candidates. Last year, 37 percent of security professionals said fewer than 25 percent of candidates for security positions were sufficiently qualified. This year, that number dropped to 30 percent.
Budgets are increasing. Sixty-four percent of respondents indicate that security budgets will increase this year, compared to 50 percent last year.
“This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need,” said ISACA CEO Matt Loeb, CGEIT, CAE. “More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs. Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”

408

Cyber Security / What's the Average Cost of an Insider Threat?

« on: May 01, 2018, 07:54:39 PM »

A Ponemon Institute study of more than 700 IT and security practitioners around the world found that the risk posed by insider threats is growing year-over-year, costing organizations significant money and resources as the threats continue to be difficult to detect, identify and manage.

The average cost of an insider-related incident over a 12-month period is $8.76 million, and it takes more than two months, on average, to contain an insider incident, the report said.

“This research reveals that ignoring the growing threat posed by insiders can be costly for businesses of all sizes and in all industries,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “The increasing cost of insider threats – whether caused by negligent or malicious actors – is extremely detrimental for organizations, potentially costing them millions of dollars annually.”

Key findings from the Ponemon Institute and ObserveIT survey include:

Types of Insider Threats: All types of insider threats are increasing. Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders. The average number of credential theft incidents has more than doubled over the past two years, increasing by 170 percent.
Negligent Insiders: The majority of respondents (64 percent) cited that the negligent insider is the root of most incidents, followed by criminal and malicious insiders (23 percent) and employee and contractor negligence (13 percent).
Costly Credential Risk: Credential risk (or imposter risk) is the costliest type of insider incident at an average of $648,846 per event. This type of incident is 2.5 times more costly than incidents involving employee or contractor negligence at $283,281 per incident. Criminal and malicious insider incidents cost an average of $607,745 per incident.
Organizational Risk by Size and Industry: The cost of incidents varies per organizational size and industry. Large organizations with a headcount of more than 75,000 spent an average of $20 million over the past year to resolve insider-related incidents while smaller organizations with a headcount below 500 spent an average of $1.8 million. Companies in financial services, energy and utilities and retail incurred average costs of $12.05 million, $10.23 million and $8.86 million, respectively.
Risk by Region: Organizations in North America experienced the highest total cost to contain insider-related incidents at $11.01 million. Asia-Pacific and European and Middle Eastern (EMEA) companies annualized costs to contain insider-related incidents were $5.88 and $7.04 million, respectively.
Time to Contain Threats: Insights from the research reinforce that insider threats continue to be difficult to detect, identify and management as it takes an average of more than two months to contain an insider incident. The results also found that only 16 percent of incidents were contained in fewer than 30 days.
https://www.businesswire.com/news/home/20180424005342/en/Research-Ponemon-Institute-ObserveIT-Reveals-Insider-Threat

409

Cyber Security / RSA 2018: In the Golden Age of Cyber Crime we have a People Problem

« on: May 01, 2018, 07:26:58 PM »

Reading the title above your first thought might be a cyber-attack resulting from a deliberate insider or an unintentional, well-meaning employee. After all, people are the problem, right? However, our people issue today in the cyber industry is simple: lack of qualified human capital. It is estimated by Ponemon Institute that by 2020, we will have 1.8 million cyber jobs left unfilled. It is bad enough we are living in the Golden Age of Cyber Crime, where deterrence is lacking, the threat surface is expanding exponentially, and the technical talent to hire is way too limited. Unfortunately, this confluence of events is a cyber criminal’s perfect storm.

Our industry has to change how it hires, and what it expects from an employee prospect pool that is diversified in age, experience, race, religion and gender. Speaking of gender, at RSA 2018 McAfee presented a session titled, Building the Cybersecurity Innovation Pipeline, where Chief Human Resources Officer, Chatelle Lynch, pointed out a shocking statistic: “In 1990 32% of the IT workforce was women, and in 2017 is was 25%! This during a time when the industry growth exceeded 338%. The Good Old Boys Club is alive and well in technology circles.

Mc Afee CISO, Grant Bourzikas, part of the same RSA session, profiled the differences between a prospective employees based on age and diversity, from the experienced, highly paid and short term 50 something male, to the inexperienced “slightly career direction challenged” millennial. Additional research was very interesting based on recent college interns and graduates that had various non-technical education backgrounds but could be placed into technology roles and taught cybersecurity. CISO Bourzekas being a good example, as a college graduate with an accounting degree that found his way into high tech. Hint: the same attention to accounting details pays off in the cyber governance and regulatory environment businesses find themselves in today. The take away message was that the industry answer to this shortage lies in talent efficiency. McAfee provided an innovative and unconventional way to view and address the cybersecurity talent gap problem.

I was reminded of a conversation I had in 2014 with Lynn Dugle, then President of Raytheon’s Intelligence & Information Services Division, upon their $420 million purchase of cyber start up Blackbird, who provided surveillance and secure communications to spy agencies. Lynn mentioned that one particular individual, a developer/hacker with exceptional skills, was a self-taught gamer with a high school equivalency degree. This education background, together with the body piercings, tattoos, and hair to mid back, made his chances for a traditional interview path with Raytheon non-existent. Suffice it to say, this gentleman quickly established himself as an elite cyber warrior within the entire company, not just IIS. She told me with that lesson she realized just how much Raytheon had to change the way they not only hired, but managed, the highly skilled and unique cyber resources they would need in the future. Old stereotypes on employee profiles, and standard performance review models, needed to be shattered.

McAfee has the right formula, stress the “Gamification of Cyber”. Bourzikas cited research that “More than half (54 percent) of respondents who are extremely satisfied in their roles say they use “capture the flag” gaming once or more a year, compared to just 14 percent of those employees who are dissatisfied in their roles. (At McAfee, they run table-top exercises every two weeks, and red team exercises monthly.) Given the fact the cyber challenge has been described as sports strategy (basketball / football / soccer), a game of chess, and even war, this gamification focus resonates.

https://securingtomorrow.mcafee.com/business/building-sustainable-model-cybersecurity-talent/

One theme at RSA 2018 was that our industry suffers from a lack of cyber talent today, and into the foreseeable future. We need more thoughtful innovation in hiring if we are to meet this challenge during the “Golden Age of Cyber Crime”.

410

Cyber Security / Strong Cybersecurity: The Critical Role of Lifecycle Management

« on: May 01, 2018, 07:25:31 PM »

Cybersecurity has become a top priority for everyone—each data breach only underscores the need to protect networks and systems from unauthorized and unwanted intrusion. If you’re not vigilant, the results can be catastrophic, ranging from loss of customer confidence to business closure.

 

The truth is that in our connected world, all networked devices and systems can be vulnerable. Organizations today are well aware of the critical need to secure their networks, and many have deployed the most cutting-edge software technologies to do just that. These measures have proven effective and have certainly made it harder for the bad guys to access networks and the sensitive data they contain. But they represent only part of the story.

When it comes to cybersecurity, there’s an equally important and often overlooked component that can go a long way toward ensuring networks and the critical data they contain are protected from threats and vulnerabilities. It’s called lifecycle management.

At first glance, managing the lifecycle of physical assets may seem to be completely unrelated to protecting digital assets, but nothing could be farther from the truth. The reality is that cybersecurity challenges have become a primary driver for lifecycle management, and vice versa.

When we talk about lifecycle management, we are talking about two types of lifetimes that are associated with each device. The longer of the two is functional lifetime, meaning how long a device will operate and function.

The second factor is a device’s economic lifecycle. As better capabilities become available, there eventually comes a time when it makes financial sense to adopt new, more efficient technology.

“The idea is that all devices have a functional lifetime—how long they will run and function—which is typically longer than their economic lifetime,” said Ryan Zatolokin, Business Development Manager, Senior Technologist for Axis Communications, Inc. “With the introduction of better capabilities, features and functions, there comes a time when you get to a place where older technologies simply don’t make economic sense.”

Proactive Maintenance Equals Secure Systems

In today’s ecosystem of connected and interdependent devices and solutions, proactive maintenance leads to a more stable and secure system, and responsible manufacturers constantly release firmware updates and security patches that address vulnerabilities in a consistent manner, while also fixing any bugs and other factors that affect performance over time.

Like any other software-based technology, security devices must be patched to prevent those with less-than-admirable intentions from exploiting known vulnerabilities. Network administrators must stay on top of these threats by keeping up to date with new developments and following cybersecurity best practices. In addition, the video management system (VMS), which controls the overall system also must be regularly updated and patched, along with the operating system on which it runs.

While it is essential to update software when new firmware is available, the unfortunate reality is that many organizations fail to do so, mainly because of the time and effort involved in updating each and every device on the network. A major stumbling block in this effort is that many organizations simply don’t know what technologies are deployed on their network.

Hope is Not a Plan: How to Secure an Enterprise Network

The first step in securing an enterprise network is to have a solid understanding and comprehensive inventory of the devices that are deployed on that network. This must include documentation about every device, as any overlooked device can provide an entry point for attackers.

In particular, older technologies and devices present tremendous risk to an organization in many ways, including on the cybersecurity front. As mentioned earlier, updates and patches are the best way to ensure cybersecurity, but many older technologies have little to no update capabilities and in fact may no longer be supported by the manufacturer. Unpatched technology can leave your network vulnerable to a cyberattack. Following lifecycle management practices —knowing where your risk areas are, and keeping current on those risks—allows you to keep your business more secure.

While all technologies, regardless of their function, will eventually expire, in many cases this can be predictable if you’re engaged in a structured lifecycle management program. Security is a critically important function, and a network camera outage could potentially have dire consequences. For example, the functional lifetime of an IP camera could be upwards of 10 to 15 years. During that time, security vulnerabilities will change rapidly, making it difficult for manufacturers to keep pace with the cybersecurity threat landscape.

Implementing, monitoring and managing product lifecycles allows organizations to better plan for introducing new technology in their environment. Lifecycle management allows organizations to keep pace with the constantly evolving threat landscape while ensuring they are utilizing the appropriate and most advanced technologies while minimizing security threats and vulnerabilities in the process.

A lifecycle management program allows you keep on top of what is critical in your environment and helps you avoid the negative costs associated with cyber breaches. This type of program allows organizations to identify devices that are nearing end of life, which will likely have no firmware updates released, making them susceptible to risk. Additionally, some of these technologies may be running on outdated operating systems that are incapable of being updated or secured. In either case, these devices must be replaced with newer solutions that are supported by the manufacturer.

“You can hope your devices run forever but hope is not a plan,” Zatolokin says. “A good lifecycle management program takes away the surprise or shock that comes from suddenly—and unexpectedly—needing to replace a major system component. Instead, you’re able to plan and budget for replacing a certain number or percentage of devices each year rather than facing a very large and very expensive replacement of an entire system or major component.”

Streamlining Lifecycle Management

Effective lifecycle management can be a daunting task for organizations and network administrators. Thankfully there are device management software solutions that provide automation that alleviate and in many cases eliminate this often significant burden.

We have technology that can implement critical lifecycle management policies and practices by automatically providing a full real-time inventory of all Axis devices (cameras, encoders, access control and audio devices) connected to the network to deliver an easy, cost-effective, time-saving and secure way to manage all major installation, deployment, configuration, security and maintenance tasks.

How does it work?

First, Axis devices are automatically discovered on the network. Then these devices are imported into a program to display information about the device, including model, IP address, MAC address, current firmware loaded on the device and certificate status. This provides integrators, installers and system administrators with a highly detailed look at Axis devices, allowing them to actively engage in a variety of maintenance tasks for their customers, including user management, password changes, firmware updates and configuration changes, in an organized and efficient manner, which is a critical part of lifecycle management and cybersecurity best practices.

More so, being able to push out changes or firmware updates, rather than individually, to hundreds of devices simultaneously is crucial. This provides users with a highly efficient way to manage a large numbers of devices. A main cybersecurity component of our technology is the ability for users to easily manage the product lifecycle and set up other users and passwords. Creating security policies and applying it across multiple devices to maintain certificate and upgrade firmware has never been so easy.

For example, take managing and deploying HTTPS certificates, and uploading IEEE 802.1x certificates to multiple Axis devices. When users are notified of expiring certificates, our technology can push new certificates to Axis devices. It also manages firmware upgrades of multiple devices and automatically verifies that they are running the latest—and most secure—version.

“Users can push out security settings and configurations to all Axis devices on the network at once,” Zatolokin said. “In the past, this was time-consuming, but today, the process is not only more efficient but it ensures devices comply with the cybersecurity configurations the organization needs.”

This function can save device managers a lot of time and stress when it comes to cybersecurity risk while helping them address new vulnerabilities in a timely manner.

“When a vulnerability is announced, people panic and try to figure out whether the devices they have on their network may be at risk,” Zatolokin says. “Our technology becomes an integral component of a proactive plan that eliminates that sense of panic. Organizations know in real time where they stand from a cybersecurity perspective and what steps need to be taken. This ensures that vulnerabilities are addressed in a timely and consistent manner, which leads to a more stable and secure system.”

In addition to ensuring cybersecurity, device managers can also obtain a wide breadth of information that is helpful for planning their lifecycle management and device replacement schedule. IT departments prefer to never swap out all devices at once, but rather plan for periodic replacement. Predictable.

Cybersecurity is everyone’s concern. For protecting networks, state-of-the-art software solutions are a good starting point, but to be most effective, these must be augmented by strong lifecycle management practices. We build solutions in a way that can ensure integrators, installers and system administrators have all the necessary tools to protect businesses like yourself. They can automate lifecycle management processes to provide organizations with the real-time insight required to ensure that devices are up to date with the latest patches and updates provided by manufacturers while also making them better prepared to deal with inevitable device failures.