Cybersecurity Roundup: Scary Stats, Vade Secure, eSentire and Forcepoint
Some 3.4 billion fake emails are sent every day.
With Halloween just around the corner, lots of people are looking for chills, whether through watching scary movies or visiting haunted attractions.
But the real terror lies in cybercrime, where cybercriminals never sleep and you never know if or when a data breach will make your life a nightmare.
Need proof? Check out these terrifying statistics:
Data breaches exposed 2.8 billion consumer records in 2018, costing U.S. organizations more than $654 billion, according to research by ForgeRock. Personally identifiable information (PII) was the most targeted data for breaches in 2018, accounting for 97% of all breaches, with unauthorized access encompassing 34% of all attacks.
Some 3.4 billion fake emails are sent every day, while 90% of large tech companies are vulnerable to email spoofing, according to Valimail.
Companies are spending an average of $18.4 million annually on cybersecurity, yet 53% of IT experts admit they don’t know how well the cybersecurity tools they’ve deployed are working, according to an Attack IQ/Ponemon Institute study. Only 41% of respondents said their IT security team is effective in determining and closing gaps in IT security infrastructure, while 75% said their IT security team is unable to respond to security incidents within one day.
Some 38% of the 2019 Fortune 500 do not have a chief information security officer (CISO), and once data breaches hit, it took an average of 46 days for the companies’ stock prices to return to their pre-breach levels, according to Bitglass research. Only 12% of enterprises are consistently able to detect insider threats stemming from personal mobile devices, including those that are off premises or lack agents, it said.
We spoke with some of these companies to find out what’s behind these scary statistics.
Ben Goodman, senior vice president of ForgeRock, said the opportunities that emerge with consumer PII are seemingly endless. Once PII is compromised, it can easily make its way to the dark web where it can be used for identity theft, synthetic identity creation and robotic account takeovers, he said.
ForgeRock’s Ben Goodman
“While enterprises continue to invest heavily in information security products and services to defend against threat actors, they are struggling to neutralize cybercriminals’ abilities to exfiltrate consumer PII,” he said. “It is essential that enterprises critically evaluate their identity and access management (IAM) strategies, practices and solutions to ensure they are adequately protecting their users’ PII.”
At a minimum, enterprises need to consider MSSPs and cybersecurity providers that provide modern, intelligent authentication methods that move beyond simple username and password, and provide fine-grained authentication to protect and secure resources, Goodman said. This needs to be a top priority for enterprises of all types and industry sectors as cybercriminals show no sign of slowing down, he said.
Stephan Chenette, Attack IQ’s co-founder and CTO, tells us organizations must have in place a solution that continuously assesses the viability of their security controls to make sure that they are enabled, configured correctly and operating effectively to thwart attacks and prevent data leakage.
AttackIQ’s Stephan Chenette
“Cybercriminals are continuously looking for gaps in security defenses and overlooked basic security misconfigurations,” he said. “Channel partners provide enormous value in offering trusted recommendations to enterprises on their security needs, and the AttackIQ platform helps these providers determine specific needs of their customers and continuously validate whether new and existing security controls in customer environments are operating as intended.”
Jacob Serpa, Bitglass‘ senior product marketing manager, tells us some organizations have a misguided belief that they are not likely to be a target for hackers and, consequently, assume that they don’t have to worry about cybersecurity as much as …
… other companies.
Bitglass’ Jacob Serpa
“There is a misconception that larger or more widely known organizations represent a more lucrative target and that hackers are more likely to focus on them,” he said. “However, companies of all sizes, both public and private, can be prime targets for hackers if they have inadequate protections in place — no matter how ‘under the radar’ they may believe themselves to be. Additionally, cybercriminals will often target organizations that they believe have large amounts of desirable information (such as health care, financial services or government entities).”
When implementing BYOD, it is essential that organizations add proper security controls at the same time, not weeks, months or years after the fact, Serpa said. It’s also important to remember that insider threats come in many forms — some are malicious, while others stem from carelessness or poor security practices exhibited by employees throughout an organization.
Security controls that can help prevent insider threats and their resulting data breaches include:
Single sign-on (SSO), which serves as a single entry point which securely authenticates users across all of an enterprise’s cloud applications.
Multifactor authentication (MFA), which requires a second method of identity verification before employees or other users are allowed to access corporate resources.
User and entity behavior analytics (UEBA), which provide a baseline for normal user activity and detect anomalous behavior and actions in real time, allowing IT departments to respond accordingly and automatically.
Data loss prevention (DLP), which allows blocking or limits data access.
Vade Secure Unleashes Computer Vision Engine
Vade Secure‘s new Computer Vision Engine, now available in all of its products, aims to enhance phishing detection accuracy.
Trained to view web pages and emails as humans see them, Computer Vision Engine identifies brand logos, machine-readable codes and text-based images, thwarting phishing attacks designed to bypass content filtering technologies and even computer vision algorithms relying on template matching or feature matching.
Adrien Gendre, Vade’s chief solution architect, tells us the core email security service his company’s partners are providing to their clients has been improved, with no additional cost and no additional effort/configuration required on their part.
Vade Secure;’s Adrien Gendre
“It just works,” he said. “The MSP has one action to define the antiphishing policy and they transparently receive periodic updates with new, innovative technologies; thus, they’re constantly offering their clients better protection. Moreover, the way the technology works addresses a common issue MSPs face with every day — complaints from end users who report a threat one day and then receive what appears to be the exact same email the next day.”
Other computer vision algorithms that rely on template matching or feature matching can only detect exact matches of images, Gendre said.
“Essentially, the original image has a signature and the algorithm will only recognize images with the same signature,” he said. “By analyzing the rendering instead of the code, Vade’s Computer Vision Engine can accurately detect logos and other images, such as …
… QR codes and text-based images, even when they’ve been modified from their original form and thus have a unique signature.”
Cybercriminals Target Google Infrastructure
A recent Office 365 phishing campaign showed that threat actors are switching tactics to include the use of Google infrastructure, according to eSentire.
On Oct. 16, both eSentire and external sources observed the use of Google storage to host phishing pages. The use of Google infrastructure has been implemented by malicious hackers in an attempt to bypass standard email protection.
Multiple phishing pages have been identified using storage.googleapis.com to host Office 365 credential phishing pages. These attacks are similar to previous phishing campaigns which exploited blob[.]core[.]windows[.]net and azurewebsites[.]net to host phishing pages, according to eSentire. Preliminary investigations show that multiple phishing campaigns are employing a similar prefabricated phishing kit.
Sean Blenkhorn, eSentire’s chief product officer, tells us this is just another example of the continuous game of cat and mouse that security providers and threat actors play. One of the biggest benefits of managed detection and response (MDR) is the around-the-clock threat hunting that is always being conducted, he said.
eSentire’s Sean Blenkhorn
“The real risk from campaigns like these come in the early hours and days they are deployed where organizations relying on traditional security vendors are left exposed while waiting for updated signatures on their email protection platforms,” he said. “Now that the details of the campaign are public, it is much easier for organizations to protect themselves, but there is no guarantee that 100% of phishing attempts using this technique will be detected. As with any phishing attack, the weakest link is always going to be the people within an organization, so the best way to defend against any attack is going to be educating your employees on ways to identify and avoid phishing emails.”
Attacks specifically targeting MFA have been identified in the wild, but employing MFA is still considered a best security practice for preventing account compromise, according to eSentire.
Forcepoint Expands Web Security Availability
Forcepoint says it now offers the industry’s most expansive global cloud footprint with the availability of Forcepoint Web Security across 160 public points of presence (PoPs) in 128 countries, representing more than 65% total global presence.
This PoP expansion brings Forcepoint services to virtually anywhere in the world while delivering optimal security and productivity enhancing capabilities including low latency, data sovereignt and content localization, according to the company.
The expansion will allow enterprises and government agencies to securely access web-based content whether they are in the office, at a remote location or on the road.
“In a cloud-first world, people are the new perimeter,” said Matthew Moynahan, Forcepoint‘s CEO. “That’s why we’re starting to see legacy security players still embracing an infrastructure-centric approach increasingly become irrelevant. If the security industry does not transform from a world of point products to cloud-native capabilities, it, too, will have this $100 trillion global digital transformation business opportunity pass it by. Utilizing modern cybersecurity from enterprise-class, cloud-first companies such as Forcepoint can in fact help enterprises leapfrog the competition by accelerating their digital transformation efforts with dynamic and proactive security designed for today’s modern threat landscape.”
About the Author
You May Also Like