Security Roundup: BYOD, Wipro Attack, Okta-Evident ID, IoT Security

The number of devices per person far exceeds the number of employees to monitor.

Edward Gately, Senior News Editor

April 18, 2019

8 Min Read
Security Roundup
Shutterstock

A decade ago, the bring-your-own-device (BYOD) movement, where employees insisted on using their personal devices in the workplace, was in its early stages.

Today, that movement is realized as employees rely on their personal laptops and mobile devices to carry them between work and home — bringing to light the increased attack surface CIOs and CISOs most feared.

The number of devices per person (3.5) far exceeds the number of employees to monitor, leaving security to pick up the vulnerability pieces.

We spoke with Akshay Bhargava, Malwarebytes‘ senior vice president of innovation, to dive deeper into the BYOD phenomenon and how cybercriminals are taking advantage of it.

BYOD represents both a technology and cultural shift, he said. The technology shift was driven by the emergence of mobile devices, while from a cultural perspective, the way people work has “fundamentally changed,” he said.

Bhargava-Akshay_Malwarebytes.jpg

Malwarebytes’ Akshay Bhargava

“While people are at home on personal time, they’re doing office work and sometimes when they’re on vacation they’re doing office work, so the line between what’s working time and personal time has also blurred,” Bhargava said. “And then the device piece, users use that same personal device for both purposes, for corporate work as well as personal work. Those are some of the historical things that we’ve seen that have kind of moved BYOD to become more prevalent, and also … to have it more of a contention point around security and privacy.”

The prevalence of attacks on BYOD devices is increasing, as is the data that can be accessed through a BYOD device, he said. And many of the “flavors” of malware are targeting BYOD devices in particular, he said.

“For example, the way that email appears on your laptop when you open Microsoft Exchange versus when you look at it on an iPhone are different, and some of the hackers have been really sophisticated to obfuscate the email address in a way that a lot of users don’t recognize that is a potentially suspicious email address because they only look at the name,” Bhargava said. “From an access point of view, when attackers are able to compromise BYOD, now they have access to often a very rich set of data.”

For example, Bhargava said his cellphone includes SaaS apps that connect to Malwarebytes’ Salesforce data and business operations data, as well as his personal photos, “so if an attacker is able to compromise my BYOD device, they’re also able to get access to a lot of corporate assets, as well as personal information.”

Organizations are making significant investments to try to get ahead of this problem, he said. In addition, users are becoming more sophisticated with the rise of bring your own security (BYOS), he said. And regulatory mandates like the General Data Protection Regulation (GDPR) also are emerging.

“One of the biggest things that we’re seeing as an endpoint security vendor is significant investment in endpoint security solutions, and basically part of that is organizations are looking to both detect when there are bad things that happen on devices and then being able to investigate when bad things happen,” Bhargava said. “Oftentimes there [are] a lot of interesting forensics data that they want to capture, and then … they want to be able to remediate.”

Organizations also are investing from a people and process standpoint, beefing up their operational practices around how you handle …

… an incident if it’s on a BYOD device and what the playbooks for those types of incidents should be, he said. They’re training some of their staff to use these new technologies and be able to integrate them across their broader security ecosystem.

Meanwhile, the number of BYOD devices at any organization is constantly shifting. So how do you keep up?

“There are a few different types of tools that help give you asset visibility into the specific devices that are in your environment or that are accessing your resources,” Bhargava said. “Fundamentally, we have invested in some different technologies that help give visibility into those assets.”

Education and technology together are critical to make progress in securing BYOD, he said. It’s important to train users on what happens if you click on an email that looks suspicious, how an attacker can compromise your environment and how they can access your data, he said.

“We’re getting more and more requests from a lot of our customers who want to educate their end users about how to become more security-proficient and security-aware,” Bhargava said.

BYOD increasingly is becoming an entry point to access any type of “crown jewels” an organization has, Bhargava said.

“If you look at the ‘kill chain‘ process, one of the things that we increasingly see is the first stage of any sophisticated attack is around reconnaissance and exploit,” he said. “And a lot of that exploit is actually at the BYOD level … they’re using BYOD as an entry point into an organization to compromise it.”

Cybersecurity Expert: Wipro Attack Lesson for MSSPs

News surfaced this week that Indian MSP Wipro is investigating reports that its IT systems have been hacked and are being used to launch attacks against some of the company’s customers.

Earlier this month, KrebsOnSecurity heard independently from two sources that Wipro was dealing with a multimonth intrusion from an assumed state-sponsored attacker.

Saryu Nayyar, founder and CEO of global cybersecurity company Gurucul, tells us this breach illustrates two important challenges for MSSPs and other security providers.

Nayyar-Saryu_Gurucul.jpg

Gurucul’s Saryu Nayyar

“First, managed security providers are just as vulnerable and likely targets of cyberattacks as the companies they are protecting,” she said. “Second, the risk associated with a security breach of an MSSP’s infrastructure can affect untold numbers of companies down stream. This represents a huge liability for MSSPs if their customers are victimized by a lateral supply chain breach that they are responsible for.”

This type of attack, which is essentially a supply-chain breach designed to enable the malicious hackers to easily move laterally from the MSSP’s infrastructure to compromise their customers’ networks, is becoming more and more common, Nayyar said.

“It makes a lot of sense for attackers to target one company, that if compromised, will give them unfettered access to hundreds or more companies down stream,” she said. “We can expect more of these attacks moving forward.”

Unless an organization is monitoring the entire system stack, they won’t be able to identify …

… subtle behavior anomalies that are indicators of account compromise, Nayyar said.

“Since [malicious] hackers will exploit whatever accounts they can successfully compromise to break into the organization, including user accounts, system accounts, service accounts [and so on], it’s critical to actively monitor not just user activity, but also device and identity behavior,” she said. “For an MSP like Wipro that has trusted access to their customers’ IT infrastructure, this can cascade to impact tens, hundreds or even thousands of companies that use their services,” she said.

Okta Unveils Partnership with Identity Verification Startup Evident ID

Okta has partnered with Evident ID on an integrated offering that allows businesses across industries to access and move between multiple identity verification methods while reducing their exposure to sensitive or regulated information.

Evident’s platform provides identity and credential verification for many of the world’s fastest-growing companies.

Eric Souder, Okta’s senior management of business development, tells us his company is focused on building a customer identity partner ecosystem to “enable our customers to best utilize their identity investment.”

Souder-Eric_Okta.jpg

Okta’s Eric Souder

“With Evident, we enable customers to add ID proofing and verification as part of the consumer journey,” he said. “Like with all of our advanced partner integrations, our SI and service partners now have additional solutions to enable our customer’s success.”

All of Okta’s advanced integration partners, including Evident, provide SIs and service partners the ability to expand on the capabilities of the Okta Identity Cloud and “enable us to work together to provide for our client’s needs and make them more secure and successful,” Souder said.

IoT Security Market Set to Skyrocket Through 2023

To say IoT security is hot is a massive understatement. The market is set to more than quadruple by 2023, accelerating from $8.2 billion last year to $35.2 billion.

That’s according to a new report by MarketsandMarkets, which expects a compound annual growth rate (CAGR) of nearly 34 percent during the period. The major vendors in the global market include such giants as Cisco, IBM, Intel, Symantec and Fortinet.

Major factors driving the market are the increasing number of ransomware attacks on IoT devices globally, growing IoT security regulations and rising security concerns over critical infrastructures.

Network security, a technique for securing networks from advanced threats by collecting and analyzing the different types of network security event information, is expected to account for the largest market share through 2023. It combines the multiple layers of defenses at the edge and in networks, and is one of the important aspects when it comes to securing the IoT ecosystem.

Among market segments, device authentication management is expected to account for the highest market share through 2023. The identity access management solution plays a vital role in managing enterprises’ electronic or digital identities. These solutions can be quickly and cost-effectively integrated with identity access management policies across on-premises, cloud and hybrid environments.

The United States is expected to lead market share in IoT security. The United States and Canada are the early adopters of trending technologies, such as IoT, big data and mobility, and would provide significant growth opportunities for IoT security vendors, according to MarketsandMarkets.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like