Confronting the New Cyber Security Reality: Part 2

Since 2013, breaches have compromised nearly six billion records—that’s an average of almost four million records every day and over 162,000 records every hour! It’s time to face the facts. Today’s security is no longer secure. Enterprise networks have expanded beyond traditional perimeters to include more devices, apps (on-premises and in the cloud) and people. In the absence of these boundaries, the identities that make up modern enterprises are easier to compromise than ever before, and hackers are targeting these identities at an alarming rate. In fact, Forrester estimates 80% of security breaches involve privileged credentials. Traditional security approaches, like passwords…

Confronting the New Cyber Security Reality: Part 1

During the peak of the 2016 U.S. presidential election cycle, two groups of hackers accessed the Democratic National Convention servers. The leak made public emails detailing the DNC’s interactions with the media, both primary candidates’ campaigns and campaign contributions, and personal information about DNC donors, including credit card and Social Security numbers. This historical breach will forever be known for its impact on the 2016 Presidential election. Recently, we’ve seen the frequency of breaches like the DNC attack skyrocket—and no organization is safe. Over the past two years, sixty-six percent of organizations report experiencing five or more breaches, according to…

Researchers: Action Required to Protect Against IoT Threats

Recently, Pwnie Express researchers released their third annual report on the wired, wireless, Bluetooth, IoT and BYOD challenges facing IT security professionals. It’s not your typical study. These researchers combine a survey of hundreds of IT security pros with “on-the-ground” data captured from Pwnie Express sensors, distributed across a number of businesses. This mix of human perspective and real-world data offers a more accurate picture of what’s really going on out there. This year’s report had some interesting findings that I wanted to point out. If you have time to read the report — and I recommend it — you…

How to Stop the Breach in a Hybrid Enterprise

Has your enterprise experienced a data breach in the past two years? If so, it’s time for a wake-up call. In fact, 66% of organizations reported falling victim to a breach an average of five or more times during that time span. The security status quo is a slippery slope. Enterprise networks have expanded beyond the well-defined boundaries that used to protect our important assets from falling into the wrong hands and a new security reality has set in. Traditional security methods can’t protect your organization from breaches, and failure to recognize this new reality leaves your business at risk…

Ponemon 2017 Report: The Need for a New IT Security Architecture

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

The Cybersecurity Tipping Point Nears

If we’d take a moment to pull our heads out of the sand and look around, we’d quickly see that we’re on an ominous trajectory. There’s no arguing that over the last several years, we’ve been suffering from increasing numbers of breaches, cyberhacks and data leaks. What’s truly puzzling is the fact that we’ve grown so used to the headlines, they no longer seem to impact us: Target spent $250 million to manage a breach? A massive 1 terabytes per second attack against a DNS provider that knocks out major websites? One billion Yahoo identities hacked? Even a hacked election?…

Uh Oh, Yahoo Breach Hits 1 Billion User Accounts

Could this be the catalyst for change to end hacks? Compromised enterprises face huge barriers to rebuilding customer trust and brand reputation. And for Yahoo, this may be an insurmountable task. In September, Yahoo disclosed that the company lost access control for over 500 million accounts. Turns out the largest breach in history of 500M Yahoo accounts in 2014 is only half as much as the latest and largest hack ever discovered – 1B Yahoo accounts lost in 2013. Will this event finally be the catalyst for not only Yahoo but every other company that maintains customer accounts to force…

How to Prevent Another SFMTA Ransomware Attack

By now, many have heard about the recent ransomware attack against the San Francisco’s “Muni” system on Black Friday where the hacker locked out the railway’s system and demanded 100 BTC as payment. The second, less known, part of the story was published by Brian Krebs on his blog yesterday: “On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s…

How to Avoid a Snowden-esque Security Breach at Your Company

What would happen to your company’s reputation or market share if its data was hacked? This article originally appeared on Inc. Magazine and is reprinted with permission. The recent release of Snowden, the 2016 film about exiled former cyber-security contractor Edward Snowden, highlights some of the inherent cyber-security risks that organizations face. These concerns have been reinforced by the controversy over hacked emails during the current election cycle. In Snowden’s case, it was the National Security Agency (NSA) that was breached, but the vulnerabilities he exploited exist in many enterprise-level companies as well. Security Breaches in recent memory While I worked at Symantec for the…