Skip to content
Advertisements

Posts from the ‘Security’ Category

58% Of All Healthcare Breaches Are Initiated By Insiders

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why Healthcare Needs Zero Trust Security To Grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities Need to Be Every Healthcare Providers’ New Security Perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

  • 58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today. External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

  • Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud. Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

  • Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents. Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

  • 70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%). Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

  • Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition. Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Advertisements

IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now

  • Digital businesses that lost less than 1% of their customers due to a data breach incurred a cost of $2.8M, and if 4% or more were lost the cost soared to $6M.
  • U.S. based breaches are the most expensive globally, costing on average $7.91M with the highest global notification cost as well, $740,000.
  • A typical data breach costs a company $3.86M, up 6.4% from $3.62M last year.
  • Digital businesses that have security automation can minimize the costs of breaches by $1.55M versus those businesses who are not ($2.88M versus $4.43M).
  • 48% of all breaches are initiated by malicious or criminal attacks.
  • Mean-time-to-identify (MTTI) a breach is 197 days, and the mean-time-to-contain (MTTC) is 69 days.

These and many other insights into the escalating costs of security breaches are from the 2018 Cost of a Data Breach Study sponsored by IBM Security with research independently conducted by Ponemon Institute LLC. The report is downloadable here (PDF, 47 pp. no opt-in).

The study is based on interviews with more than 2,200 compliance, data protection and IT professionals from 477 companies located in 15 countries and regions globally who have experienced a data breach in the last 12 months. This is the first year the use of Internet of Things (IoT) technologies and security automation are included in the study. The study also defines mega breaches as those involving over 1 million records and costing $40M or more. Please see pages 5, 6 and 7 of the study for specifics on the methodology.

The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).

The bottom line from the IBM, Centrify and many other studies is that we’re in a Zero Trust Security (ZTS) world now and the sooner a digital business can excel at it, the more protected they will be from security threats. ZTS begins with Next-Gen Access (NGA) by recognizing that every employee’s identity is the new security perimeter for any digital business.

Key takeaways from the study include the following:

  • U.S. based breaches are the most expensive globally, costing on average $7.91M, more than double the global average of $3.86M. Nations in the Middle East have the second-most expensive breaches globally, averaging $5.31M, followed by Canada, where the average breach costs a digital business $4.74M. Globally a breach costs a digital business $3.86M this year, up from $3.62M last year. With the costs of breaches escalating so quickly and the cost of a breach in the U.S. leading all nations and outdistancing the global average 2X, it’s time for more digital businesses to consider a Zero Trust Security strategy. See Forrester Principal Analyst Chase Cunningham’s recent blog post What ZTX Means For Vendors And Users, from the Forrester Research blog for where to get started.

  • The number of breached records is soaring in the U.S., the 3rd leading nation of breached records, 6,850 records above the global average. The Ponemon Institute found that the average size of a data breach increased 2.2% this year, with the U.S. leading all nations in breached records. It now takes an average of 266 days to identify and contain a breach (Mean-time-to-identify (MTTI) a breach is 197 days and the mean-time-to-contain (MTTC) is 69 days), so more digital businesses in the Middle East, India, and the U.S. should consider reorienting their security strategies to a Zero Trust Security Model.

  • French and U.S. digital businesses pay a heavy price in customer churn when a breach happens, among the highest in the world. The following graphic compares abnormally high customer churn rates, the size of the data breach, average total cost, and per capita costs by country.

  • U.S. companies lead the world in lost business caused by a security breach with $4.2M lost per incident, over $2M more than digital businesses from the Middle East. Ponemon found that U.S. digitally-based businesses pay an exceptionally high cost for customer churn caused by a data breaches. Factors contributing to the high cost of lost business include abnormally high turnover of customers, the high costs of acquiring new customers in the U.S., loss of brand reputation and goodwill. U.S. customers also have a myriad of competitive options and their loyalty is more difficult to preserve. The study finds that thanks to current notification laws, customers have a greater awareness of data breaches and have higher expectations regarding how the companies they are loyal to will protect customer records and data.

Conclusion

The IBM study foreshadows an increasing level of speed, scale, and sophistication when it comes to how breaches are orchestrated. With the average breach globally costing $4.36M and breach costs and lost customer revenue soaring in the U.S,. it’s clear we’re living in a world where Zero Trust should be the new mandate.

Zero Trust Security starts with Next-Gen Access to secure every endpoint and attack surface a digital business relies on for daily operations, and limit access and privilege to protect the “keys to the kingdom,” which gives hackers the most leverage. Security software providers including Centrify are applying advanced analytics and machine learning to thwart breaches and many other forms of attacks that seek to exploit weak credentials and too much privilege. Zero Trust is a proven way to stay at parity or ahead of escalating threats.

83% Of Enterprises Are Complacent About Mobile Security

  • 89% of organizations are relying on just a single security strategy to keep their mobile networks safe.
  • 61% report that their spending on mobile security had increased in 2017 with 10% saying it had increased significantly.
  • Just 39% of mobile device users in enterprises change all default passwords, and only 38% use strong two-factor authentication on their mobile devices.
  • Just 31% of companies are using mobile device or enterprise mobility management (MDM or EMM).

These and many other insights are from the recently published Verizon Mobile Security Index 2018 Report. The report is available here for download (22 pp., PDF, no opt-in). Verizon commissioned an independent research company to complete the survey in the second half of 2017, interviewing over 600 professionals involved in procuring and managing mobile devices for their organizations. Please see page 20 of the study for additional details on the methodology.

The study found that the accelerating pace of cloud, Internet of Things (IoT), and mobile adoption is outpacing enterprises’ ability to scale security management, leaving companies vulnerable. When there’s a trade-off between the expediency needed to accomplish business performance goals and security, the business goals win the majority of the time. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured. Enterprises who made this trade-off of expediency over security were 2.4x as likely to suffer data loss or downtime.

Key takeaways from the study include the following:

  • 79% of enterprises consider their employees to be the most significant security threat. The study points out that it’s not due to losing devices, inadvertent security errors or circumventing security policies. It’s the threat of employees using their secured access for financial or personal gain. 58% of senior management leaders interviewed view employees with secure access as the most significant threat. Security platforms that can stop credential attacks using risk assessment models predicated on behavioral pattern matching and analysis by verifying an employee’s identity are flourishing today. One of the leaders in this field is Centrify, who espouses Zero Trust Security. The following graphic from the study shows the priority of which actors enterprise leaders are most concerned about regarding threats, with employees being the most often mentioned.

  • 32% of enterprises have sacrificed security for expediency and business performance leading to 45% of them suffering data loss or downtime. The study found that companies who sacrificed security were also 2.4x more likely to have experienced data loss or downtime as a result of a mobile-related security incident. For the 68% who prioritized security over expediency, just 19% had suffered data loss or downtime.

  • 89% of enterprises are relying on just a single security practice to keep their mobile networks safe. Verizon’s study found that the majority of enterprises are relying on just one security practice to protect their networks. 55% have two in place, and just 14% have four. Of the four security practices, only 39% change all default passwords. Just under half (47%), encrypt the transmission of sensitive data across open, public networks. The following graphic from the study illustrates the percentage of enterprises who have between 1 and all four security practices in place.

  • Just 49% of enterprises have a policy regarding the use of public WiFi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. A startling high 71% of respondents use public Wi-Fi networks for work tasks, despite their companies prohibiting their use. Taking risks with unsecured Wi-Fi networks for expediency and business performance being done at the expense of security supports a key finding of this study. Nearly one in three (32%) of enterprises are sacrificing security for expediency and business performance, including accessing unsecured Wi-Fi networks. The following infographic from the study explains a few of the many security threats inherent in the design and use of public Wi-Fi networks.

 

Five Ways Machine Learning Can Save Your Company From A Security Breach Meltdown

  • $86B was spent on security in 2017, yet 66% of companies have still been breached an average of five or more times.
  • Just 55% of CEOs say their organizations have experienced a breach, while 79% of CTOs acknowledge breaches have occurred. One in approximately four CEOs (24%) aren’t aware if their companies have even had a security breach.
  • 62% of CEOs inaccurately cite malware as the primary threat to cybersecurity.
  • 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.

These and many other fascinating findings are from the recently released Centrify and Dow Jones Customer Intelligence study, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).

One of the most valuable findings from the study is how CEOs can reduce the risk of a security breach meltdown by rethinking their core cyber defense strategy by maturing their identity and access management strategies.

However, 62% of CEOs have the impression that multi-factor authentication is difficult to manage. Thus, their primary security concern is primarily driven by how to avoid delivering poor user experiences. In this context, machine learning can assist in strengthening the foundation of a multi-factor authentication platform to increase effectiveness while streamlining user experiences.

Five Ways Machine Learning Saves Companies From Security Breach Meltdowns

Machine learning is solving the security paradox all enterprises face today. Spending millions of dollars on security solutions yet still having breaches occur that are crippling their ability to compete and grow, enterprises need to confront this paradox now. There are many ways machine learning can be used to improve enterprise security. With identity being the primary point of attacks, the following are five ways machine learning can be leveraged in the context of identity and access management to minimize the risk of falling victim to a data breach.

  1. Thwarting compromised credential attacks by using risk-based models that validate user identity based on behavioral pattern matching and analysis. Machine learning excels at using constraint-based and pattern matching algorithms, which makes them ideal for analyzing behavioral patterns of people signing in to systems that hold sensitive information. Compromised credentials are the most common and lethal type of breach. Applying machine learning to this challenge by using a risk-based model that “learns’ behavior over time is stopping security breaches today.
  2. Attaining Zero Trust Security (ZTS) enterprise-wide using risk scoring models that flex to a businesses’ changing requirements. Machine learning enables Zero Trust Security (ZTS) frameworks to scale enterprise-wide, providing threat assessments and graphs that scale across every location. These score models are invaluable in planning and executing growth strategies quickly across broad geographic regions. CEOs need to see multi-factor authentication as a key foundation of ZTS frameworks that can help them grow faster. Machine learning enables IT to accelerate the development of Zero Trust Security (ZTS) frameworks and scale them globally. Removing security-based roadblocks that get in the way of future growth needs to be the highest priority CEOs address. A strong ZTS framework is as much a contributor to revenue as is any distribution or selling channel.
  3. Streamlining security access for new employees by having persona-based risk model profiles that can be quickly customized by IT for specific needs. CEOs most worry about security’s poor user experience and its impacts on productivity. The good news is that the early multi-factor authentication workflows that caused poor user experiences are being redefined with contextual insights and intelligence based on more precise persona-based risk scoring models. As the models “learn” the behaviors of employees regarding access, the level of authentication changes and the experience improves. By learning new behavior patterns over time, machine learning is accelerating how quickly employees can gain access to secured services and systems.
  4. Provide predictive analytics and insights into which are the most probable sources of threats, what their profiles are and what priority to assign to them. CIOs and the security teams they manage need to have enterprise-wide visibility of all potential threats, ideally prioritized by potential severity. Machine learning algorithms are doing this today, providing threat assessments and defining which are the highest priority threats that CIOs and their teams need to address.
  5. Stop malware-based breaches by learning how hackers modify the code bases in an attempt to bypass multi-factor authentication. One of the favorite techniques for hackers to penetrate an enterprise network is to use impersonation-based logins and passwords to pass malware onto corporate servers. Malware breaches can be extremely challenging to track. One approach that is working is when enterprises implement a ZTS framework and create specific scenarios to trap, stop and destroy suspicious malware activity.
%d bloggers like this: