Daily Archives: January 26, 2022

News

Home Working Drives 44% Surge in Insider Threats

Read Time:1 Minute, 55 Second

Home Working Drives 44% Surge in Insider Threats

Insider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint.

The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.

It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.

The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.

Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.

Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively.

That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident.

However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.

Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, described people as the “new perimeter” in the fight against spiraling cyber-risk.

“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” he argued.

“In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cyber-criminals due to their far-reaching access to critical systems, data and infrastructure.”

Unfortunately, current efforts to detect insider risk appear to be failing: it now takes an average of 85 days to contain an insider incident, up from 77 days in 2020.

Read More

News

Home Working Drives 44% Surge in Insider Threats

Read Time:1 Minute, 55 Second

Home Working Drives 44% Surge in Insider Threats

Insider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint.

The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.

It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.

The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.

Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.

Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively.

That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident.

However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.

Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, described people as the “new perimeter” in the fight against spiraling cyber-risk.

“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” he argued.

“In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cyber-criminals due to their far-reaching access to critical systems, data and infrastructure.”

Unfortunately, current efforts to detect insider risk appear to be failing: it now takes an average of 85 days to contain an insider incident, up from 77 days in 2020.

Read More

News

Data residency laws pushing companies toward residency as a service

Read Time:1 Minute, 43 Second

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have customers or employees in multiple countries, the regulatory requirements can be onerous and difficult to keep up with.

Previously, “safe harbor” laws or tokenization-based approaches helped companies address the issue, but recent regulatory changes have made both approaches less workable. Meanwhile, countries like China, Russia and Brazil have been making changes to their data residency requirements.

In 2020, European courts upended the previous data transfer mechanisms — the EU-U.S. Privacy Shield and standard contractual clauses. In summer 2021, new guidance was released, and companies now have until the end of 2022 to switch to new standard contractual clauses that comply with the new requirements.

In summer 2021, China passed a new data security law, which went into effect in September, with significant financial penalties for companies that violate its new cross-border data transfer rules. This was soon followed by a personal information protection law, China’s answer to the EU’s General Data Protection Regulation (GDPR), which took effect in November.

Brazil passed its own version of the GDPR in fall 2020 and began enforcing it in August 2021.

Russia adopted a data localization law in 2014, then upped the fines on violations significantly in 2019. Last summer, a new law required companies with significant numbers of Russian users to have not just servers but physical offices in Russia. That law went into effect at the start of 2022.

According to the United Nations Conference on Trade and Development, 133 countries have legislation in place to protect data and privacy and another 20 are working on draft legislation. As a result of these and other changes, companies now either set up local servers for the jurisdictions where they do business and residency laws apply, use cloud providers that offer residency support, or work with a newly emerging class of vendors called residency-as-a-service providers.

To read this article in full, please click here

Read More

News

Data residency laws pushing companies toward residency as a service

Read Time:1 Minute, 43 Second

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have customers or employees in multiple countries, the regulatory requirements can be onerous and difficult to keep up with.

Previously, “safe harbor” laws or tokenization-based approaches helped companies address the issue, but recent regulatory changes have made both approaches less workable. Meanwhile, countries like China, Russia and Brazil have been making changes to their data residency requirements.

In 2020, European courts upended the previous data transfer mechanisms — the EU-U.S. Privacy Shield and standard contractual clauses. In summer 2021, new guidance was released, and companies now have until the end of 2022 to switch to new standard contractual clauses that comply with the new requirements.

In summer 2021, China passed a new data security law, which went into effect in September, with significant financial penalties for companies that violate its new cross-border data transfer rules. This was soon followed by a personal information protection law, China’s answer to the EU’s General Data Protection Regulation (GDPR), which took effect in November.

Brazil passed its own version of the GDPR in fall 2020 and began enforcing it in August 2021.

Russia adopted a data localization law in 2014, then upped the fines on violations significantly in 2019. Last summer, a new law required companies with significant numbers of Russian users to have not just servers but physical offices in Russia. That law went into effect at the start of 2022.

According to the United Nations Conference on Trade and Development, 133 countries have legislation in place to protect data and privacy and another 20 are working on draft legislation. As a result of these and other changes, companies now either set up local servers for the jurisdictions where they do business and residency laws apply, use cloud providers that offer residency support, or work with a newly emerging class of vendors called residency-as-a-service providers.

To read this article in full, please click here

Read More

News

How to defend Windows networks against destructive cyberattacks

Read Time:47 Second

The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want to cause as much damage as possible. Both Microsoft and Mandiant recently released information about these destructive attacks and how to better protect against them.

Regardless of geographic location, all of us can learn from how these attacks occur and are mitigated. The attacks were extreme in their destruction. As Microsoft noted in its blog, “The malware in this case overwrites the MBR [master boot record] with no mechanism for recovery.” This leads the system to be unbootable and unrepairable without a full reinstall or recovery from a full backup of the system. Thus, the first lesson is to ensure that you have the tools and resources to either fully redeploy your workstation images or have a full ability to recover your platforms.

To read this article in full, please click here

Read More

News

How to defend Windows networks against destructive cyberattacks

Read Time:47 Second

The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want to cause as much damage as possible. Both Microsoft and Mandiant recently released information about these destructive attacks and how to better protect against them.

Regardless of geographic location, all of us can learn from how these attacks occur and are mitigated. The attacks were extreme in their destruction. As Microsoft noted in its blog, “The malware in this case overwrites the MBR [master boot record] with no mechanism for recovery.” This leads the system to be unbootable and unrepairable without a full reinstall or recovery from a full backup of the system. Thus, the first lesson is to ensure that you have the tools and resources to either fully redeploy your workstation images or have a full ability to recover your platforms.

To read this article in full, please click here

Read More

Advisories

A Vulnerability in Polkit’s pkexec Component Could Allow For Local Privilege Escalation

Read Time:20 Second

A vulnerability in Polkit’s pkexec component could allow for local privilege escalation. Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit is installed by default on all major Linux distributions. Successful exploitation of this vulnerability could result in privilege escalation to root privileges.

Read More