Hard to believe it’s October. Typically, my head would be full of thoughts of orange Halloween decorations, sugary Halloween candy and the ubiquitous pumpkin spice that now flavors everything this fall season. But 2020 has been a strange year. I feel like the world has been on pause since March due to the COVID-19 pandemic shutting down much of society. One minute it was the end of February, and I was at the RSA Security Conference in San Francisco lathered in hand sanitizer and wondering if it was safe to attend when the existence of coronavirus was first making noise, and the next minute we were on full lockdown and my cat became my closest co-worker.
Even with all this craziness and uncertainty during the last six months, the one thing we can count on for October is National Cybersecurity Awareness Month (NCSAM), the annual campaign in the US to raise awareness about cybersecurity. Now in its 17th year, NCSAM was created in 2004 as a collaborative effort between government and industry to ensure that every American has the necessary resources to stay safer and more secure online. A corresponding annual awareness campaign in the EU, European CyberSecMonth (ECSM), takes place in October as well. No matter the location or name, this is something the security team at Micro Focus takes very seriously. So seriously, that for the second year in a row we are NCSAM champions, to help promote a safer, more secure and more trusted Internet and help keeps orgs out of the headlines for data breaches.
Data breaches are costly
While the 2020 NCSAM theme, ‘Do Your Part. #BeCyberSmart’, is good advice for individual users and employees (create strong and unique passphrases, don’t fall for phishing attacks), businesses need to keep their data safe too. The cost of a data breach is well, costly, as reported by the Ponemon Institute. It is now close to $4 million globally, and over $8 million in the United States. It can be even more in hidden costs. Don’t forget regulatory fines, lawsuits, lost productivity, and more importantly, loss of customer trust and therefore revenue.
Disruptions to the enterprise
The COVID-19 pandemic has caused a lot of disruption to business and brought unique changes to InfoSec professionals. The pandemic has forced a lot of companies to transition to remote workers. Home Wi-Fi networks are generally easier targets for cyber criminals compared to the more secure internet infrastructure in offices. Traditional enterprise identity management systems and access control solutions, for example, are typically designed to authenticate company employees and corporate-owned devices in controlled environments. Orgs need to enable remote users securely by enforcing VPN usage to ensure that traffic is encrypted from the endpoint to the corporate network. They also need to deploy multi-factor authentication to ensure that users are accurately identified prior to being granted access to the corporate network. NetIQ Advanced Authentication has a flexible, multi-factor authentication framework for businesses and their ever-changing needs around remote workers. You can see how easy it is to use with our free 90-day unlimited trial.
More and more apps mean more and more ways for cyber thieves to steal data
COVID-19 has also changed how customers engage with businesses. Online engagement and demand for online service, such as food or grocery delivery have increased dramatically. Users who wouldn’t have dreamed of buying consumer goods sight-unseen six months ago now regularly shop online. Businesses must develop digital channels if they want to remain relevant to their customers. However, they need to ensure their apps deliver the experience that people expect, and do so without their data being stolen.
App developers are in a rush to get out new products and might not have security at top of mind. Identifying vulnerabilities only toward the end of the app development cycle delays the release of the services by weeks or even months, something business can ill afford. Instead, app development teams can build secure code practices at every step of their agile development lifecycle-an approach known as DevSecOps.
There are two types of security tests for teams to make sure a new service can hold up to cyber-attacks. The first, Static Application Security Testing or SAST, scans the application source files, accurately identifies the root cause, and helps remediate the underlying security flaws. This can be done very early on in the building process, before the service is tested for its performance. The second type, Dynamic Application Security Testing or DAST, simulates controlled attacks on a running web application or service to identify exploitable vulnerabilities in a running environment. A dynamic test helps teams understand how easy it is for hackers to penetrate an application from the outside. Check out the Fortify SAST and DAST solutions to see how powerful and easy they are to use, and get your free trial of Fortify WebInspect DAST solution.
Phishing in the age of COVID-19
Why is it that hackers never take a sick day? During this pandemic, they have flooded workers’ inboxes with phishing emails, and sadly to say, have had a high level of success, with some groups reporting a 600% increase in malicious emails. But what about the reverse? What about remote workers being their own worst enemy? Remote workers, in the interest of time or convenience, will resort to communicating via personal or quickly deployed, yet unsecured, email systems. Orgs should ensure all employee email content and all attachments are properly secured and sent to only authorized partners, vendors or customers.
One way to protect emails is to use Voltage Secure Mail. It provides internal and external email encryption from the originator to the intended recipient. Messages remain encrypted throughout their lifecycle until the recipient decrypts the message. Worried that your employees are using personal accounts to send unsecured email? Try a free trial of Voltage SecureMail and see how easy it is to send secure emails and attachments.
And what if those phishing emails and other social engineering techniques work, and bad actors and malware start infiltrating your system? Security Operations teams need to mitigate these threats quickly. ArcSight ESM has a Coronavirus-related Malicious Monitoring package specifically looking for COVID-19-related malware.
Keeping bad guys out
But what about unknown threats, or even insider threats? SecOps teams also need to monitor for compromised users and entities. However, what does ‘normal’ mean in a world that was turned upside down overnight? The ability to track users must quickly adjust to the remote workforce and monitor for unexpected behaviors based on weeks of information versus months. Unsupervised, online machine learning exceeds expectations by quickly (within days) adjusting to new behaviors and establishing a new baseline of ‘normal’ to identify suspicious activity. For example, how would you know that a user’s corporate information was compromised as a result of a COVID-19 phishing scheme and that a bad actor is suddenly accessing business-critical files and downloading them to an unmanaged device? ArcSight Intelligence provides the ability to find unknown threats that would go undetected by traditional security solutions. ArcSight Intelligence uses machine learning to detect insider threats or malicious attacks by learning the unique normal behavior of every entity and detecting the most anomalous behaviors, enabling response to the threats before data is stolen.
What if the bad guys get in?
Even with careful monitoring and good education of your employees not to click malicious links, what do you do if the bad guys get into your system and get access to your company’s sensitive data? Orgs need to practice good data protection. But what does good data protection look like?
Data protection is all about keeping personally identifiable information out of the hands of unintended users. Voltage SecureData uses format-preserving encryption, allowing data to flow securely through the enterprise with no gaps, no decryption, and no performance overhead. This means that encrypted data (dates, names, national IDs such as U.S. Social Security numbers, etc.) retains its format, minimizing application impact, yet is protected from unwanted eyes. So, if bad guys do break in and try to access credit card data for an easy score, all they will get is useless numbers. That works great for information inside forms or applications, but what about whole files? Voltage SmartCipher transparently encrypts any file and attaches an access policy. End users can continue to work as if the file is not encrypted, but the system stops unauthorized users from accessing it. Bad guys will move on if they can’t quickly and easily get anything they can monetize.
This way, “data at rest” is protected. SmartCipher and SecureData also protect the data while it is being transmitted and used. And since data must be used to be useful, this is critical: protecting data while at rest is only one-third of a good data protection system. A data protection approach focusing on the data itself, rather than in the container, provides the peace of mind that comes with data-centric security.
Another benefit of these data protection systems is that when data does get decrypted, monitoring can show who is accessing it and from where, in almost real time. Most SIEM solutions monitor every endpoint and system in the environment, generating many events—“noise” that analysts must interpret to identify abnormalities that could indicate a breach. The events generated by SecureData and SmartCipher show who is accessing unprotected data, allowing focus on the meaningful events and providing deeper insight for identifying real risks.
Orgs have to gain cyber resilience
In an ever-changing world with an evolving cybersecurity landscape, for this National Cybersecurity Awareness Month, (and the other 11 months too), enterprises need to quickly adapt and create a cyber resilient environment. Protect across your identities, applications, and data. Detect, respond, and recover from advanced and insider threats faster, and evolve your security posture with machine learning.
Get involved for National Cybersecurity Awareness month:
There are many ways that individuals can get involved during National Cyber Security Awareness Month, including:
- Follow the Micro Focus Security Twitter handle
- Use #BeCyberSmart and #CyberSecurityAwarenessMonth in all your social media messages during the month of October
- Practice good online safety habits with these tips and advice from STOP.THINK.CONNECT
- Learn how to Stay Safe Online with Online Safety Basics from the National Cybersecurity Alliance
- Organizations can check out how to secure their businesses
Happy October everyone, and here’s to a healthy 2021!