Modern Practices: Zero Trust Security

In today’s mobile-first, cloud-first environment, cybersecurity starts with protecting the primary attack vector – privilege identities – with a “never trust, always verify” mindset for Zero Trust Security. Gartner predicts that companies will spend $96 billion in cybersecurity solutions in 2018 alone. While worldwide spending will increase 8% from last year’s total, less than 10% will be spent on Identity and Access Management, the number one attack vector. Clearly there is misinformation and misunderstanding of how to stop a breach. A recent research study with Dow Jones Customer Intelligence, “CEO Disconnect is Weakening Cybersecurity,” revealed that a discrepancy in the C-Suite is weakening enterprise security postures. CEOs mistakenly focus on eliminating malware, while Technical Officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches – including privileged user identity attacks and default, stolen…

MFA Everywhere: A Tried and True Method in Accelerating Security

While phishing attacks continue to jeopardize today’s organizations (a reported 76% of organizations experienced phishing attacks in 2017), it was refreshing to hear that tech giant Google has apparently eliminated phishing by giving security keys to all of its 85,000 employees. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a company spokesperson told Krebs on Security last week. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.” This…

A Ticking Time Bomb: Understanding and Securing the Next Generation of Workers

It’s sometimes easy to forget that the younger employees of today are the managers of tomorrow. If we fail to understand how they use technology and perceive security and privacy, it will have a major bearing on the workforce of the future, and the long-term ability of organisations to withstand cyber threats. To shed some light on the issue, Centrify recently commissioned new in-depth research drawing on interviews with not only 1,000 UK office workers aged 18-24, but also 500 senior decision makers. At a central London event last week, we gained some fascinating extra insight into how the next…

Cyber Risk Insights from the AIG 2017 Cyber Insurance Review

I read with interest AIG’s 2017 Cyber Insurance Review. In a one sentence summary: cyber insurance claims are up, due to systemic ransomware and wiper malware attacks, the cyber business is booming, but we are still early in the market evolution. Reading the report prompted me to ask three questions regarding Cyber Insurance: How well do insurance brokers understand cyber risk and cyber insurance? What percentage of businesses shopping for cyber insurance truly understand their cyber loss exposure in quantitative terms, and conversely how well do brokers understand their exposure What security controls and policies do businesses have in place…

LIVE BLOG: SecurIT Zero Trust Summit

REGISTER BELOW FOR THE LIVE STREAM! Welcome to the live blog from SecurIT: the Zero Trust Summit for CIOs and CISOs. SecurIT is an all-day industry event at Terra Gallery in San Francisco. This blog will be a frequently-updated chronology of highlights from the day, including notable quotes, photos, and other interesting details that we hope a remote audience will find useful in their Zero Trust journeys. If you’re new to Zero Trust, it might be helpful to visit https://www.centrify.com/zero-trust-security/ to learn more about this concept, which is enabling a complete rethink of security. The old adage of ‘trust, but…

It’s Almost GDPR D-Day: So What Happens Next?

Over the past 12 months during this blog series I’ve tried to provide insight into some of the key aspects of the GDPR and how organisations can better prepare for the big compliance deadline day of 25 May. Now that day is almost upon us, the question many organisations are asking is, “what happens next?” The truth is that, despite having had years of notice, many are only now waking up to the reality of the new regulatory regime. A recent survey of RSA attendees found just 14% claimed they were fully prepared for the GDPR. So what can we…

Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline

With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms. The GDPR will require much stricter due diligence and new contractual provisions between data controllers, processors and other third parties. Access controls in particular should be front and centre when dealing with suppliers. This is an opportunity to differentiate on improved security, so grab…

Centrify for NIST 800-171 MFA Compliance

I often speak with Federal System Integrators (FSIs) who need to implement Multi-Factor Authentication (MFA) as part of their NIST 800-171 compliance. Specifically section 3.5.3 of this NIST guide states, “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” Many of these FSIs have already implemented smart cards in their environment, at least partially, while others have no form of MFA at all. Either way, the Centrify Identity Platform can provide this MFA compliance, along with many other features required for a secure, Zero Trust environment. (Centrify’s detailed compliance note on…

Takeaways from the Russia-Linked US Senate Phishing Attacks

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns. On January 12, 2018, cybersecurity firm Trend Micro revealed that Russia-linked hackers tried to infiltrate the US Senate, leveraging phishing attacks to harvest access credentials. These tactics suggest that the hackers were laying the groundwork for a widespread compromise of Senate employees. And while these findings might further bolster the public view that the Kremlin is trying to influence our democracy, security professionals should not get distracted by the media frenzy that these revelations created and instead focus on the real…

Multi-factor Authentication (MFA) Is Ready for Prime Time

We’ve heard it time and again. As security threats increase and morph, and user devices and locations diversify, multi-factor authentication (MFA) should be blossoming into a trusted method for preventing misuse. Experts have consistently stated that enterprises need to implement protections at vulnerable points and apply effective access security mechanisms such as MFA. So, what’s the deal?  The Deloitte and Uber breaches, both incidents which took place last fall, demonstrated that these episodes were aided by the lack of MFA. These proof points alone should in fact create an urgency in MFA implementation and usage within organizations! Then… why haven’t…