Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Verizon’s infamous Data Breach Investigations Report (DBIR) came out last week. It’s a testament to the diverse data Verizon now has that this year’s report is separated out by industry. In other words, more industries are seeing attacks and it allows the data to be divided and still hold merit. A few findings stood out to me as worthy of a deeper look:
Pretexting is an emerging trend in which an attacker impersonates a CEO or CFO or corporate bigwig by spoofing an email to try and get information from employees. For example, the boss might send you an email asking you to help them transfer money or request information about how to do that from the company.
Pretexting is a very big threat that will continue to grow because it takes advantage of urgency and common cultural situations where employees will set aside procedures and policies in order to make sure the boss does not get upset. Most phishing training focuses on the content: malware and links rather than the sender, and in this case, the sender and what is being asked is the issue. People will no doubt feel under pressure to make sure the boss is happy and some of the requests will seem entirely legitimate to the right employee. Therefore, security training staff need to make these types of messages a priority.
I always feel the most vulnerable systems are the most popular. There was a time when cyber defenders would debate on the security of Mac vs. Windows. As soon as Mac entered the corporate enterprise, the vulnerabilities and exploits started to appear. Microsoft Office products are most popular and thus the biggest target for exploitation, just like Java.
The report found that the public sector only patched 30% of vulnerabilities found – 33% of which were on time and the financial sector patched only 25%, with 33% on time. This is simply not good enough. Patching is basic blocking and tackling for any cyber program.
It often fails because the responsibility is shared across two organizations. Security teams identify the vulnerabilities. Server and desktop teams then have to patch them. If this program is not taking into account how the firewalls and other compensating controls can reduce the risks of these exploits, IT departments are often faced with a huge backlog of patches with no prioritization.
Hackers are after credentials in order to move within their target to gain access to data. Directly attacking these production systems is costly and often exploitation leads to detection of outages. It's akin to robbing a bank by using a stick of dynamite. Getting the safe combination is easier. As long as employees are offering up their credentials by accident or other means, direct exploitation will remain a plan “C” for most attackers.
Credential theft is plan “A” for hackers and multi-factor authentication will need to become a basic strategy along with internal segmentation and reduction of shared passwords. These strategies take time, effort and cultural shifts but an absolute requirement in modern business.
In the DBIR, Verizon noted that the “most significant change to ransomware in 2016 was the swing away from infecting individual consumer systems toward targeting vulnerable organizations.” This is a path we see a lot of malware take – testing the waters by targeting consumers and then moving to target organizations. Or it could be a case of consumer systems infecting organizations due to the flexible way in which people work these days.
Organizations are a set of common systems using common defense controls. If a single machine in a company can be infected, chances are every machine is a target. They are on the same image using the same patch backlog and culture. To use an analogy, it is far more effective to launch a rock at a flock of birds.These are just some of the ways hackers are advancing their techniques to breach organizations and capitalize on their crimes. Of course, seeing the big picture and identifying weak spots in security infrastructure is one of the best ways to prevent them from reaching their nefarious goals. Intelligent Security Management can help provide this bigger picture and keep the stats in these kinds of reports from growing in the bad guy’s favor.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.