The costs of a data breach are on the rise. According to Ponemon’s 13th annual Cost of a Data Breach Study, the global average costs of a breach rose 6.4 percent over the previous year to $3.86 million in 2018. During that same period, the average cost for each lost or stolen record containing sensitive or confidential information increased 4.8 percent to $148.
To protect themselves against these rising costs, companies are turning to cyber insurance in droves. German reinsurance giant Munich Re said that the insurance market protecting companies against digital threats will likely double by 2020 to over $8 billion, as reported by Security Week. Given this forecast, many companies will undoubtedly purchase cyber insurance for the first time within the next few years. To help them get started, I’d like to provide some best practices for purchasing a policy.
Understanding Suspicious User Types in Your Organization
Whether unintentional or malicious in nature, user-based threats can have devastating consequences on your organization. While your focus may be on protecting your organization from outside incidents, you also need to guard yourself from insider threats. Despite your best efforts to keep your organization safe — such as providing security training and company best practices — users are often the weakest link in your defenses.
Understanding user behavior is often difficult because there are many different types of users. Complicating matters, you don’t know if your users’ actions are unintentional or deliberate. That’s why you need to add an additional layer of analytics beyond your security information and event management (SIEM) platform with user and entity behavior analytics (UEBA).
As with traditional IT networks, Operational Technology (OT) networks are undergoing a digital transformation process of their own. The goal is to improve productivity, efficiency, up-time, and flexibility through better monitoring. To do this, online sensors and connected systems are replacing traditional serial connections, proprietary protocols, and programmable logic controllers to better manage and control industrial environments. At the same time, the integration of automation, communications, and networking in industrial environments is an integral part of the growing Industrial Internet of Things (IIoT).
Maximize Performance and Scalability, Eliminate Downtime and Data Loss
Modern Network Video Recorders (NVRs) are based on Direct Attached Storage (DAS) technology, and were designed to mimic obsolete analog VCRs and DVRs. But most IT organizations have evolved to virtualized servers and shared storage infrastructure (SAN), and stopped using DAS decades ago due to its highly inefficient operation and critical susceptibility to downtime and data loss. Many security implementations, however, have continued to rely on aging and inadequate DAS architecture for increasingly sophisticated video surveillance systems. Pivot3 Hyperconverged Infrastructure (HCI) brings the best of both worlds, merging the resiliency and efficiency of SAN with the simplicity of DAS, and optimizing performance for challenging workloads like video surveillance.
As IT and operational technology networks converge, organizations are exposing their traditionally isolated OT networks to new cyber-risks. Cybercriminals have already begun designing new malware threats, like CrashOverride/Industroyer, Triton and VPNFilter, to target vulnerable OT systems. While some of these new attacks target SCADA (supervisory control and data acquisition) and ICS (industrial control system) systems, most are focused on highly vulnerable industrial IoT devices.
Traditionally, OT engineers attached devices to monitor and control the OT infrastructure through a serial connection, which made them less available to traditional hackers. Today, as OT managers add serial-to-Ethernet converters to these devices, they are becoming prime targets. Part of the reason is that many of these devices are highly vulnerable to attack. For example, many run aging operating systems, such as Windows XP, that are highly susceptible to exploitation. In addition, most OT networks simply haven’t deployed the sorts of security technologies commonly in place in IT networks. As a result, targeting IIoT devices has certain advantages for some cybercriminals.
Note: this post originally appeared in the Riverbed blog, but due to strong interest in cloud visibility we are reposting.
Many organizations, even those not typically associated with technology, are migrating application workloads to the cloud. This trend is growing because of benefits such as increased flexibility, agility and availability. In most cases, the migration process is in hybrid mode, with some workloads moving to public cloud providers such as Amazon Web Services (AWS), others using private cloud software, and still others running on traditional physical hardware.
Financial, Healthcare, Government, and Retail IT Professionals Review Fortinet’s Enterprise Firewall Solution
Recognition in the Magic Quadrant for Enterprise Network Firewalls
Each year, Gartner evaluates the enterprise firewall market based on the capabilities and features of the solutions being offered throughout the cybersecurity space. The Gartner Magic Quadrant for Enterprise Network Firewalls examines today’s solution providers based on completeness of vision and how effectively they are able to execute this vision. According to the report, “products in this market must be able to support single-enterprise firewall deployments and large and/or complex deployments. These include traditional “big firewall” data center placements, branch offices, multitiered demilitarized zones (DMZs), and, increasingly, virtual versions for the data center and various cloud environments.” Learn more about Fortinet’s Enterprise Firewall and the company’s position as a Leader in the Gartner Magic Quadrant.
Security Pros Fear Data Compromise, Financial Loss, and More from Cryptomining. But Are Risks Founded?
For over a year now Lastline has witnessed a tremendous increase in malware designed for criminal cryptocurrency mining, or “cryptomining.” Of course, we all know that Bitcoin has been the go-to cryptocurrency for criminal payments in ransomware, but now on the back of Bitcoin’s successful usage in cybercrime, we are seeing the adoption of other currencies in money-making activities by other criminal groups. According to coinmarketcap.com, there are now over 2,000 cryptocurrencies, up from 1300 at the beginning of the year, with new initial coin offerings (ICOs) taking place all the time.
Everywhere I look, someone’s talking about machine learning (ML) or artificial intelligence (AI). These two technologies are shaping important conversations in multiple sectors, especially marketing and sales, and are at risk of becoming overused and misunderstood buzzwords. The technologies are also drawing the attention of security professionals, with some believing that AI is poised to transform information security.
Despite this hype, there’s still a lot of confusion around ML, AI and their utility for information security. In this blog post, I would like to correct these misperceptions. Let’s start with differentiating machine learning and artificial intelligence in general.