Tuesday, September 26, 2017

Why CISOs Fail: The Missing Link in Security Management--and How to Fix It

Why CISOs Fail: The Missing Link in Security Management--and How to Fix It provides insight as to why and how current security management practices fail at their basic foundation, resulting in overall dissatisfaction by practitioners and lack of success in the corporate environment. Barak Engel examines the reasons and how to fix them. The resulting improvement is highly beneficial to any corporation that chooses to pursue this strategy and from a bottom-line and business operations perspective, not just in technical operations. This book transforms the understanding of the role of the CISO, the selection process for a CISO, and the financial impact that security plays in any organization.

Monday, September 25, 2017

New Release! Big Data Analytics in Cybersecurity

Big data analytics provide more accurate, timely, and actionable decisions for both cybersecurity and IT management. Big Data Analytics in Cybersecurity gives you a comprehensive coverage of state-of-the-art big data analytics in cybersecurity and IT management. The topics include threat analysis, vulnerability identification, mission analysis, network monitoring, network management, visualization, and cybertraining. Each topic is examined in detail in a case study. Written and edited by leading experts from industry, academia, and government, the book is an indespensible reference for academics and professionals.

Wednesday, September 20, 2017

Survey Reveals the "5 Deadly Sins" That Increase the Risks of a Data Breach

Despite prioritizing privileged access management, a majority of enterprises fail to prevent the abuse or misuse of privileged credentials

PHOENIX, September 20, 2017 -- BeyondTrust today announced its annual Privileged Access Management survey which identified "The Five Deadly Sins of Privileged Access Management," and how they prevent organizations from effectively protecting sensitive information.

For years, security experts have outlined best practices for privileged access management (PAM) in an effort to reduce problems associated with the abuse of privileged credentials. Despite this, IT organizations continue to struggle with privileged access management.

To understand why, BeyondTrust recently surveyed nearly 500 IT professionals from around the world with involvement in privileged access management. Because so many attacks start with the misuse of privileged accounts, it is not surprising that respondents rated the following three security measures as somewhat to extremely important to their efforts:
  • Privileged access management (83%)
  • Privileged session management (74%)
  • Privilege elevation management (74%)
When asked what issues keep them awake at night, respondents most often cited the misuse of personally identifiable information (86%), downtime of computing systems (85%), and loss of intellectual property (80%).

Yet, despite these widespread concerns, Forrester research finds that 80 percent of data breaches are the result of the abuse or misuse of privileged credentials[1]. The BeyondTrust survey finds "The Five Deadly Sins of Privileged Access Management" are to blame for this contradiction between the fact that so many IT organizations struggle to secure sensitive information despite their high levels of awareness and commitment to PAM:

Apathy: When asked to list the top threats associated with passwords, respondents listed employees sharing passwords with colleagues (79%), employees not changing default passwords their devices ship with (76%), and using weak passwords like "12345" (75%). Despite knowing better, respondents admitted that many of these same bad practices are common within their organization. A third of the respondents report users routinely share passwords with each other, and a fourth report the use of weak passwords. Shockingly, one in five report many users don’t even change the default passwords!

Greed: Users often insist they need full administrative privileges over their devices, and that creates problems for IT. 79% of respondents cite allowing users to run as administrators on their machines as their biggest threat, followed by not having control over applications on users’ machines (68%). Yet, nearly two in five respondents admit it is common for users to run as administrators on their machines. It is no surprise that many respondents say these practices have directly caused downtime of computing systems.

Pride: As the saying goes, pride cometh before the fall. One in five respondents say attacks combining privileged access with exploitation of an unpatched vulnerability are common. Simply patching known system vulnerabilities can prevent most of today’s commonly-reported attack vectors. Yet, too often, IT does not stay current on their patches.
Ignorance: Two-thirds say managing least privilege for Unix/Linux servers is somewhat to extremely important. One popular option is Sudo. However, just 29 percent say Sudo meets their needs. The most commonly cited problems with Sudo include being time-consuming to use (32%), complexity (31%) and poor version control (29%). Despite this, the typical respondent runs Sudo on 40 workstations and 25 servers.
Envy: Enterprises are rushing to embrace cloud computing. Yet, more than a third report that they are not involved in protecting SaaS applications from privileged access abuse.

There are steps any organization can take to address the Five Deadly Sins of Privileged Access Management:

1. Deploy enterprise password management globally across all data centers, virtual and cloud. A centralized password management solution that includes built-in session monitoring will ensure that both important capabilities are met with strong workflow and ease of use.
2. Remove local admin rights from ALL Windows and MacOS end users immediately. 94% of Microsoft system vulnerabilities in 2016 can be attributed to users with admin rights. Once all users are standard users, IT teams can elevate a user’s access to specific applications to perform whatever action is necessary as part of their role without elevating the entire user on the machine.
3. Prioritize and patch vulnerabilities. Better prioritization and patching of vulnerabilities provides IT with better insight into whether to delegate privileges to an asset or application. The result is better intelligence and less risk of unknowns.
4. Replace Sudo for complete protection of Unix/Linux servers. With pressure on budgets, organizations may have to use Sudo, but it doesn’t offer the industrial-strength capabilities that today's security needs.
5. Unify privileged access management--on-premise, in the cloud--into a single console for management, policy, reporting and analytics.

As organizations race to adopt SaaS/PaaS/IaaS to keep pace with business demands, IT must provide the same level of protection to cloud-based systems as for on-premise systems. This includes capabilities such as enabling automation for DevOps; finding, grouping and scanning cloud assets; protecting virtual and cloud management consoles and instances; using a cloud access service broker to enable third-party access; and performing vulnerability assessments for hybrid and public cloud infrastructures.

Download the full report from the BeyondTrust web site.

Tuesday, September 19, 2017

GDPR: The Pandora’s Box Is Open for Enterprise Websites

According to this article in Website Magazine, 

"Compliance officers need to rein in the regulatory risks associated with their digital properties. The European Union's General Data Protection Regulation (GDPR) is a conversation starter for most companies looking to control compliance, reputational and revenue risks. However, while focus has been on identifying data elements--customer, partner and employee--held by the organization, most have overlooked the data collection activities occurring via the company’s websites and mobile apps. Just as with Pandora's box, there's a slew of GDPR-driven evil emitting from your digital properties."

Here are some books by Paul Lambert that focus on The EU's General Data Protection Regulation

The Data Protection Officer: Profession, Rules, and Role

Understanding the New European Data Protection Rules

Monday, September 18, 2017

What Businesses Need to Know in the Wake of the Equifax Breach

What Businesses Need to Know in the Wake of the Equifax Breach
By Jason Tan, CEO of Sift Science

Online businesses everywhere are going to be dealing with the effects of the recent Equifax breach. It’s a tough truth to swallow, but these large-scale data breaches have become a fact of life – and it’s not just the breached business that pays the price. As fraudsters mine the valuable data that’s been compromised, all e-commerce sites and financial institutions need to be on alert.

Keep an eye out for signs of account takeover.

Last year, 48% of online businesses saw an increase in account takeover (ATO), according to the Sift Science Fraud-Fighting Trends report. And the Equifax breach is likely to exacerbate this trend, potentially flooding the dark web with names, addresses, Social Security numbers, and other personal information that fraudsters can leverage to gain access to a legitimate user’s account. They then make purchases with a stored payment method or drain value from the user’s account.

Some of the signals that could point to an ATO:

  • Login attempts from different devices and locations
  • Switching to older browsers and operating systems
  • Buying more than usual, or higher priced items
  • Changing settings, shipping address, or passwords
  • Multiple failed login attempts
  • Suspicious device configurations, like proxy or VPN setups

Keep in mind that taken individually, each of these signs may be normal behavior for a particular user. It’s only when you apply behavioral analysis on a large scale, looking at all of a user’s activity and all activity of users across the network, that you can accurately detect ATO.

Monitor for fake accounts and synthetic identity fraud.

Fraudsters can also take all of the different pieces of personal data leaked in the Equifax breach to steal someone’s identity and create new accounts. They may also pick and choose pieces from various people’s accounts – like a birthday, Social Security number, and name – and mix them together to create an entirely new ID.

To keep tabs on fake accounts, you can monitor new signups to look for risky patterns, like a sudden spike in new accounts that can’t be attributed to a specific promotion or seasonal trend. If the average time it takes a new user to sign up suddenly gets much faster, that may point to fraudsters using a script to quickly create accounts. And seeing multiple new accounts coming from the same IP address or device is a red flag for a single person creating many accounts.

Stay focused on maintaining user trust.

Even if a breach doesn’t happen on your site, any downstream fraud attacks still happen on your watch. If you don’t invest in protecting your users from the devastating effects of ATO, identity theft, and fraud, you will soon lose their trust. Trust is earned in drops, but lost in buckets.

At the same time, e-commerce businesses and financial institutions should make sure they aren’t overly cautious to the point where they’re rejecting good customers and denying legitimate accounts. Preventing fraud is a delicate balancing act, and the right technology – which looks at a range of data points to make an accurate prediction about what is and isn’t fraudulent – can help you strike the right balance.

About the Author:
Jason Tan is the CEO of Sift Science, a trust platform that offers a full suite of fraud and abuse prevention products designed to attack every vector of online fraud for industries and businesses across the world.

Monday, September 11, 2017

Information Security: The Dismal Discipline?

Read this chapter from Why CISOs Fail: The Missing Link in Security Management--and How to Fix It and understand why the author likes to call information security the "dismal discipline," and why this perception needs to change.