Cybersecurity Roundup: Risk Based Security, Palo Alto Networks, Zix-AppRiver and More
General business remains the most breached organization type.
We’re quickly approaching the “most wonderful time of the year,” and soon after we’ll be capping off what officially will be the worst year ever for data breaches.
Breach activity in 2019 is living up to being “the worst year on record,” according to Risk Based Security. Its Q3 2019 Data Breach QuickView Report shows the total number of breaches was up 33.3% compared to Q3 2018, with 5,183 breaches reported in the first nine months of 2019.
Although the total number of breaches is on track to break previous year records, the total number of records exposed has already surpassed the 2017 year-end total. The report shows 7.9 billion records already have been exposed and we are on track to reach as high as 8.5 billion.
By North American Industry Classification System (NAICS) economic sector, medical services, retailers and public entities experienced the most breaches, but when all business-related sectors are combined, general business remains the most breached organization type. Looking further into the data breach landscape, hacking remains the top breach type for number of incidents while web has exposed the most records this year.
Risk Based Security’s Inga Goddijn
To find out more about what’s making this the best year ever for cybercriminals, we spoke with Inga Goddijn, Risk Based Security‘s executive vice president.
Channel Futures: What are organizations not doing that they should be doing to protect themselves from cyber crime?
Inga Goddijn: The security posture of organizations is all over the map, so there really isn’t a one-size-fits-all answer to the question. That said, the foundation of any robust and resilient security management system is performing regular risk assessments. There is no substitute for working through that process and it’s the best bet for ensuring that resources are focused where there is the greatest need.
CF: What are the most surprising findings in the report?
IG: It’s most surprising to see more breaches and more records lost year after year, after year. We’ve been tracking data breach activity going back for over a decade and the picture has yet to improve.
CF: Does the report point to any progress being made?
IG: On the surface, it is difficult to see many bright spots, but it is worth keeping in mind that disclosure requirements are becoming more —not less — stringent. While no organization is excited to announce news like a data breach, it does appear organizations are taking their reporting responsibilities serious and making an effort to disclose events that might otherwise have gone unreported in the past.
CF: What tactics are proving the most successful for cybercriminals? Are their methods becoming more sophisticated and harder to detect?
IG: It is interesting to follow the tactics used against defenses. What is most striking is while we do see some very sophisticated attacks, tried-and-true social engineering techniques remain popular and effective, as does targeting poorly…
…patched systems using well-known exploit techniques.
CF: What are some examples of how organizations have been damaged by breaches?
IG: The effect of any given breach can vary widely depending on the circumstances of the event and how the organization responds to it. This past quarter, we saw organizations such as Demant A/S announce they had incurred significant losses in the form of lost revenue, investigation and recovery expenses due to an attack. As a consequence, the company was put in the unenviable position of revising their operating profit for 2019.
CF: Is there any reason to think next year will be a better year in terms of cyber defense?
IG: There’s always reason to be hopeful. Information security risk is top of mind for many people in leadership positions. That typically leads to better resourced security teams and an organizational commitment to good security practices. Even if this doesn’t eliminate breaches, it certainly can go a long way to reducing the impact of such events.
Palo Alto Networks Updates Prisma Access, Cortex XDR
At its Ignite Europe ’19 Conference this week, Palo Alto Networks unveiled updates to its product suite, including the addition of cloud-delivered SD WAN and data loss prevention (DLP) capabilities in Prisma Access and new third-party data sources and a new unified platform experience in its Cortex XDR 2.0.
As a complete secure access service edge (SASE) solution, Prisma Access delivers end-to-end networking and security services from a globally distributed cloud platform. Cortex XDR has enabled enterprises to reduce alert volumes by 50x and speed investigations by 8x.
Palo Alto Networks’ Karl Soderlund
Karl Soderlund, Palo Alto‘s senior vice president of worldwide channel sales, tells us both Cortex XDR 2.0 and the new capabilities in Prisma Access represent a significant opportunity for his company’s partners.
“The introduction of Cortex XDR 2.0 opens the door for our partners to have strategic conversations with customers on how they design, deploy and manage detection and response across the enterprise,” he said. “There is a clear need and market demand, as nearly every organization is looking for a better approach to reduce the number of alerts they receive, detect the most sophisticated threats and unlock faster and more efficient investigation and response efforts. The innovations introduced with Cortex XDR 2.0 give our partners a powerful tool to advise in these critical conversations, helping educate their customers on the overall XDR category and how Palo Alto Networks continues to define and raise the bar with the leading product in this space.”
The newly announced features in Prisma Access will strengthen Palo Alto’s partners’ service offerings as they continue to guide the customer journey to the cloud, Soderlund said.
“In addition to the new opportunities created by these product updates, partners will also have the ability to boost their profitability with Palo Alto Networks as both Cortex XDR and Prisma Access qualify for…
…our partner value and deal registration incentives within the NextWave Partner Program,” he said. “Our partner value incentive allows partners to earn additional discounts when adding specific technologies to an opportunity, while our deal registration incentive allows partners to earn additional discounts for all approved deal registered opportunities. Both Cortex XDR and Prisma Access qualify for these incentives.”
Holiday Shopping Via Company Device Can Be Dangerous
Zix-AppRiver this week published a new report that reveals how SMBs are handling the security vulnerabilities created by employees who are shopping online at work.
In short, they’re not doing much, leading to a potential field day for cybercriminals.
Key findings include:
82% of all SMB executives estimate that many employees will use their work devices to shop this holiday season.
Among them, 61% admit they know it poses risks to their business, but believe it’s just a fact of life and there isn’t much they can or plan to do about it.
Nearly half of all surveyed estimate most employees would not be able to spot an illegitimate link from a bad actor posing as an online retailer.
In the financial services, insurance and health care industries, where sensitive data is heavily stored on company devices, more than half of executives surveyed believe their employees wouldn’t be able to distinguish a fake link from a legitimate one.
Zix-AppRiver’s Troy Gill
Troy Gill, Zix-AppRiver’s manager of security research, tells us that for a lot of people, holiday shopping means hurry, scurry and worry. and “so many will be anxious about the status of their orders and less diligent about making sure a message is legit.”
“Of course, that assumes they can identify a malicious email,” he said.
To minimize/eliminate risk, SMBs should start with the employees themselves, Gill said.
“Prohibiting personal use or blocking sites may be appropriate, depending on the nature of the business,” he said. “However, educating workers about the risks and teaching them what to look for is something that every business should be doing already.”
The holiday season offers another relevant reason for MSPs, MSSPs and other providers to discuss it with their customers, Gill said.
“From a technology perspective, effective email protection and secure backup are essential security layers that every business needs to have in place,” he said. “Again, this isn’t a seasonal need, it is now a fundamental necessity.”
The “naughty list” of potential incidents is pretty long and interrelated, Gill said. It includes everything from malware infections to stolen banking data, ransomware, phishing that leads to credentials theft, fraudulent transfers of funds and many, many more, he said.
Netwrix Unleashes Auditor 9.9
Netwrix has unveiled its new Auditor 9.9, which allows organizations to strengthen control over access to minimize the risk of data leaks while enforcing a model of least-privilege across the enterprise.
The new release also features extended data access security for users…
…of Office 365, VMware and Active Directory. Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location.
New features available in Auditor 9.9 allow organizations to: secure data stored in Office 365; detect unauthorized attempts to log on to VMware; and protect cloud applications against unauthorized access attempts
Netwrix’s Ken Tripp
Ken Tripp, Netwrix’s director of channel accounts, tells us Auditor 9.9 will benefit his company’s partners, both in direct resell and the managed services market.
“Many of the updates and new features/functionality introduced in 9.9 are requests that have come straight from our partner community,” he said. “The 9.9 release will provide our partners with the ability to create cross-sell opportunities or lead with the increased functionality and feature sets in the Office 365 and VMware applications. This will enable our partners to provide enhanced solutions for their end clients, provide further visibility into anomalous behaviors, gain even more control of permissions and spread security best practices across the client’s hybrid infrastructure.”
Auditor 9.9 also includes an add-on integration with CyberArk, Tripp said.
“A high percentage of our partner base includes the CyberArk technology in their security portfolio,” he said. “Our partners understand that a cybersecurity solution for their end clients requires multiple technologies — that there is no one technology that is a sliver bullet in securing an organization. By integrating with a market leader such as CyberArk, our partners now have a more complete solution when looking to strengthen the security posture of their client’s organization.”
And Finally, a Not-So-Happy Anniversary
December will mark the 30th anniversary of ransomware, and the threat has come a long way since the first 1989 attack that was spread by floppy disks delivered via snail mail, according to Sophos.
Sophos’s Mark Loman
“The creators of ransomware have a pretty good grasp of how security software works and adapt their attacks accordingly,” said Mark Loman, director of engineering for threat mitigation technology at Sophos. “Everything is designed to avoid detection while the malware encrypts as many documents as possible as quickly as possible and makes it hard, if not impossible, to recover the data. In some cases, the main body of the attack takes place at night when the IT team is at home asleep. By the time the victim spots what’s going on, it is too late. It is vital to have robust security controls, monitoring and response in place covering all endpoints, networks and systems, and to install software updates whenever they are issued.”
Sophos has released a new report detailing everything you need to know about the threat.
New ransomware variants are created and released every day and the job of security software is to detect and block them before they do any harm, according to Sophos. The result…
…is a continuous struggle between defenders, with their security controls and detection systems finely tuned to spot suspicious code and behavior, and adversaries, with their ever-evolving bag of tricks designed to outfox these controls – or to get the job done before the controls catch up with them, it said.
The keys to protecting against ransomware include:
Check that you have a full inventory of all devices connected to your network and that any security software you use on them is up to date;
Always install the latest security updates, as soon as practicable, on all the devices on your network;
Verify that your computers are patched against the EternalBlue exploit used in WannaCry;
Keep regular backups of your most important and current data on an offline storage device as this is the best way to avoid having to pay a ransom when affected by ransomware;
Administrators should enable multifactor authentication (MFA) on all management systems that support it to prevent attackers from disabling security products during an attack; and
A layered security model is the best practice all businesses need to implement.
Read more about:
MSPsAbout the Author
You May Also Like