Category: Identify

In a newly released study from International Data Corporation (IDC) and cybersecurity company Exabeam, research shows companies globally are struggling with visibility when it comes to defending against cyberattacks.

Fifty-seven percent of surveyed companies experienced significant security incidents in the last year that required extra resources to remediate — shining a glaring light on program gaps caused by dedicated but overburdened teams lacking key, automated threat detection, investigation, and response (TDIR) resources. North America experienced the highest rate of security incidents (66%), closely followed by Western Europe (65%), then Asia Pacific and Japan (APJ) (34%). Research for the Exabeam report, The State of Threat Detection, Investigation and Response, November 2023, was conducted by IDC on behalf of Exabeam and includes insights from 1,155 security and IT professionals spanning these three regions.

The findings reveal a significant gap between self-reported security measures and reality. Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators (KPIs), such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and the overwhelming majority of organizations (over 90%) believe they have good or excellent ability to detect cyberthreats. Seventy-eight percent also believe that their organizations have a very effective process to investigate and mitigate threats. These inflated confidence levels are creating a false sense of security and likely putting organizations at risk. A continued lack of full visibility and complete TDIR automation capabilities, which survey respondents also reported, may explain the discrepancy.

“While we aren’t surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities,” said Steve Moore, Exabeam Chief Security Strategist and Co-founder of the Exabeam TEN18 cybersecurity research and insights group. “Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defense operations.”

Secure Operations Are In A Visibility Crisis

Organizations globally report that they can “see” or monitor only 66% of their IT environments, leaving ample room for blindspots, including those in the cloud. While no organization is immune from adversarial advances, the lack of full visibility means that organizations are potentially blind to any advances in those unseen environments.

“Despite having the lowest number of security incidents, APJ reports the lowest visibility of all regions at 62%, signaling that these teams may be missing and failing to report incidents as a result,” noted Samantha Humphries, Senior Director of International Security Strategy, Exabeam. “With business transformation initiatives moving operations to the cloud and an ever-increasing number of edge connections, lack of visibility will likely continue to be a major risk point for security teams in the year ahead.”

TDIR Automation Lags

With TDIR representing the prevailing workflow of security operations teams, more than half (53%) of global organizations have automated 50% or less of their TDIR workflow, contributing to the amount of time spent on TDIR (57%). Unsurprisingly, respondents continue to want a strong TDIR platform that includes investigation and remediation automation, yet hesitation to automate remains.

“As attackers increase their pace, enterprises will have to overcome their reluctance to automate remediation, which often stems from concern over what might happen without a human approving the process,” said Michelle Abraham, Research Director for IDC’s Security and Trust Group. “Organizations should embrace all the helpful expertise they can find, including automation.”

2024 and Beyond’s Greatest TDIR Needs

When organizations were asked about the TDIR management areas where they require the most help, 36% of organizations expressed the need for third-party assistance in managing their threat detection and response, citing the challenge of handling it entirely on their own. This highlights a growing opportunity for the integration of automation and AI-driven security tools. The second most identified need, at 35%, was a desire for an improved understanding of normal user, entity, and peer group behavior within their organization, demonstrating a demand for TDIR solutions equipped with user and entity behavior analytics (UEBA) capabilities. These solutions should ideally minimize the need for extensive customization while offering automated timelines and threat prioritization.

“As organizations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot,” continued Moore. “Because AI-driven automation can aid in improving metrics and team morale, we’re already seeing increased demand to build even more AI-powered features. We expect the market demand for security solutions that leverage AI to continue in 2024 and beyond.”

The organizations surveyed for the report represent North America (Canada, Mexico, and the United States), Western Europe (UK and Germany), and APJ (Australia, New Zealand, and Japan), across multiple world industries.

The State of Threat Detection, Investigation, and Response 2023 report can be found here.

The post New Study Shows Over Half of Organizations Experienced Significant Security Incidents in The Last Year appeared first on Cybersecurity Insiders.

Author: Venkat Thummisi, Co-Founder & CTO – Inside Out Defense

Cybersecurity teams are only as successful as their ability to observe what’s happening inside the complicated computer networks they guard.

Gartner expects that by 2026, 70 percent of organizations successfully applying observability will achieve shorter latency for decision-making, enabling competitive advantage for target business or IT processes. This is because observability is not a forecast or prediction tool – but a genuinely evidence-based data source needed for decision-making.

Observability may be a new buzzword in IT, but it’s a decades-old term in physics. It means inferring the state of a complicated system by observing only the outputs of that system. It’s not the same as application performance monitoring (APM) or network performance management (NPM). Some say that observability is the next step from APM, but it’s essential to understand that observability does not replace monitoring.

Security and event management systems (SIEM) are aggregation tools that analyze security event data over time, then alert to a problem. There are several security observability tools that perform similar activities.

Audits function similarly – they alert you to problems weeks or months after they occur. In the world of access management, a minute later is too late.

Observability complements existing cybersecurity practices.

Detailed observability enables the IT team to swiftly identify and resolve unauthorized access either by bad actors from the outside or by what appears to be legitimate users operating on the inside.

Over the past couple of years, cloud-native architectures – including a push for uncomplicated access across platforms and systems – have added new complexity to IT settings. Observability has become even more critical in this dynamic environment of a proactive cybersecurity system.

Privileged access monitoring is one area of observability that continues to gain more importance. Cybercriminals frequently target privileged user accounts – and the corresponding access credentials – because they know they will gain deeper access via high-level access credentials. And any activity they launch once they are inside the system is less likely to cause suspicion.

Organizations must regularly monitor privileged access accounts to ensure that they are used only for intended purposes and that the user is indeed who they claim to be. Observability has drawn a lot of attention in the field of cybersecurity. It has proved very successful in aggregating security events of various types and offering in-depth analysis and insights.

Observability must have an immediate fix to be successful in privileged access monitoring.

There are several reasons why observability alone is not enough when it comes to privileged access monitoring.

  1. It may not be live and in real-time. Most software solutions’ observability is reactive rather than proactive. It attempts to offer accurate and detailed knowledge of what may be happening in an IT security environment but does not prevent or address problems. Privileged access issues are here-and-now problems and must be addressed the moment they occur.
  2. Observability can produce excessive noise: Several PAM and SIEM solutions, among other observability tools, bombard IT staff with vast recommendations, making it difficult to detect and address real security issues
  3. It’s a fact that constant alert output from observability tools causes alert fatigue in IT teams. As a result, even if alerts contain real security dangers, they are more likely to be ignored, making it more likely that a breach will go unnoticed.
  4. Observability doesn’t deal with the underlying source of privilege access misuse or abuse. Organizations must combine observability with proactive security issue prevention strategies to overcome these problems. This involves putting in place tools to detect and fix cybersecurity issues, enabling IT security staff to manage and watch over privileged access efficiently.
  5. Guarding against privilege access abuse entails a deeper inspection and analysis of the associated user behaviors being validated against the organizational and regulatory mandates to identify abusive access behavioral patterns. Modern threats are very sophisticated, and they seamlessly pass through the current crop of security scanners as these were purpose-built to detect static threat signatures. Ex: An admin user on an AWS S3 bucket downloading or making changes to the configurations passes through as a genuinely entitled user going about their activities. However, a larger corroboration of the user’s distributed set of activities in other environments may tell a different story about the user’s specific activities in the AWS environment.

Observability is a crucial tool for IT security operations, especially privileged access monitoring, but it is insufficient to provide efficient control of privileged security.  It is a valuable technique for monitoring privileged access. IT teams can swiftly identify and address possible security concerns by tracking the activity of privileged users and accounts. However, observability by itself won’t guarantee efficient privileged access monitoring.

The post Why Observability Alone Is Not Enough to Keep Your Organization Safe appeared first on Cybersecurity Insiders.

A few days ago, the servers of car dealer ‘Arnold Clark’ were breached by hackers and the information of 1000sof motorists was stolen that can lead to identity thefts and online frauds. The threat actors are adamant in their demand for charging cryptocurrency in millions and are not ready to entertain any negotiation of hackers.

As the company failed to pay them the demanded ransom, the cyber crooks have leaked addresses, passports, and national insurance numbers and are threatening to leak more sensitive information in the coming weeks, if the victim cannot pay them the demanded ransom.

Play Ransomware gang is suspected to be behind the incident. But the news is yet to be confirmed by the sources from the Britain’s biggest car dealers.

Cybersecurity Insiders has learnt from its resources that the threat actors have so far leaked 15GB of information out of the 467GB that they siphoned from the servers last month.

On Sunday, they leaked a portion of data onto the dark web that contained bank statements details and the car registration number associated with the car owner.

Security analysts state that such information can easily be misused, leading to frauds and identity thefts where criminals pose as a person and commit frauds without the permission of the victim.

NOTE- Play Ransomware aka PlayCrypt is a kind of file encrypting malware that was first identified in June 2022. Last year, the said group of criminals hacked into cloud service provider Rackspace, that happens to be the first renowned victim in their list of targets. According to a research conducted by Trend Micro, Play has some connection with Quantum Ransomware, a malware linked to the Conti Ransomware gang that has an established business of conducting online crime and has a team of research and development, spammers, negotiators tied up with a legal firm and a call center to conduct negotiations with representatives of victims.

 

The post Arnold Clark data breach leads to identity theft appeared first on Cybersecurity Insiders.

By Gal Helemski, Co-Founder and CTO, PlainID

As the world continues to enter into virtual spaces, the use of identity and access management, or IAM, is ultimately a requirement for participating organizations. In particular, the need for smart technology that manages who can access what and when is at high demand within the healthcare industry.

Many healthcare organizations are using their IAM systems to address their ongoing complex compliance requirements, combat persistent cybersecurity threats, and securely share medical records with patients and within the healthcare network. This balancing act often leaves healthcare providers with a series of obstacles during critical circumstances.

While these obstacles aren’t new to healthcare organizations, it doesn’t mean that the IAM systems in place are equipped to solve each issue. A few factors that test the functionality and efficiency of these systems are:

Compliance Complexities and Digital Data

Complexities within the compliance landscape continue to change course due to code updates resulting in new requirements. Healthcare-specific compliance frameworks like HIPAA require healthcare organizations to manage digital data so that it aligns with the newer data privacy laws, like the EU’s General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA). Increasing complexities regarding how medical information and data is applied have placed additional responsibilities on healthcare providers to respond with efficiency.

Consumer Expectations

Consumers expect information regarding their health to be delivered with a certain level of sensitivity and transparency. Privacy concerns can be expected in relation to health data, but consumers are also looking to be handled with the same special care that exists between a healthcare provider and patient. The need for open communication about personal health information is why Gartner recommends healthcare organizations develop “strategies for notification, communication and minimizing the amount of data collected and retained.”

Data’s Lifetime Impact

The impact of valuable data isn’t lost on healthcare organizations, but the challenge they face is how to use data for future use. While leaders in the healthcare space recognize the significance of data as a critical resource, stakeholders can run into issues in accessing and adequately leveraging it. Creating an intentional use for data over a period of time can be challenging due to the difficulty of sharing data securely and efficiently. This is especially true when it comes to sharing patient medical information.

Security Threats

As part of the digital landscape, the healthcare industry isn’t foreign to cyberattacks, especially those caused by ineffective data management and access controls. Health facilities are frequently using massive databases to accommodate health providers and patients. As facilities continue to exchange these databases, there is a growing need for data access controls to provide intuitive authentication methods to give the right personnel access to the right information.

Ultimately, policy-based access control (PBAC) can provide healthcare organizations with the proper solutions to address these issues. Using a dynamic and policy-based access control system creates an environment for healthcare organizations to address each factor from a more holistic perspective.

A holistic approach enables the type of scalable functionality needed for modern healthcare organizations to build success. Policy-based access control streamlines access control for healthcare data, making it easier for healthcare providers to align technical controls with business requirements.

By delivering dynamic authorizations that are controlled by a centralized PBAC, healthcare organizations can establish a solution that delegates governance, management and enforcement of the right controls at the right time. More specifically, through granular access control policies, healthcare providers can share medical information to individual patients while providing the same information with their organization based on certification level.

Overall, the obstacles healthcare organizations and their providers face to deliver effective care will persist. Confusing compliance mandates, proper data research and security threats will always remain, along with the demand for healthcare to become more accessible and digital-friendly. But there are ways to address the fine-grained needs of healthcare organizations while maintaining the necessary security and risk requirements.

While many healthcare organizations using identity and access management systems seem to be a step ahead, they may not be positioned to share vital information across their network. Leading with policy-based access control technology is the best way for the healthcare industry to manage data in the most efficient and secure way. The power of using dynamic authorization enables decision-makers to set meaningful and efficient access controls policies.

The post Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control appeared first on Cybersecurity Insiders.