Skip to content
Advertisements

Posts tagged ‘Multi-Factor Authentication (MFA)’

Predicting The Future Of Next-Gen Access And Zero Trust Security In 2019

Bottom Line:  The most valuable catalyst all digital businesses need to continue growing in 2019 is a Zero Trust Security (ZTS) strategy based on Next-Gen Access (NGA) that scales to protect every access point to corporate data, recognizing that identities are the new security perimeter.

The faster any digital business is growing, the more identities, devices and network endpoints proliferate. The most successful businesses of 2019 and beyond are actively creating entirely new digital business models today. They’re actively recruiting, and onboarding needed experts independent of their geographic locations and exploring new sourcing and patent ideas with R&D partners globally. Businesses are digitally transforming themselves at a faster rate than ever before. Statista projects businesses will spend $190B on digital transformation in 2019, soaring to $490B by 2025, attaining a 14.4% Compound Annual Growth Rate (CAGR) in six years.

Security Perimeters Make Or Break A Growing Business

80% of IT security breaches involve privileged credential access according to a recent Forrester study. The Verizon Mobile Security Index 2018 Report found that 89% of organizations are relying on just a single security strategy to keep their mobile networks safe. A typical data breach cost the average company $3.86M in 2018, up 6.4% from $3.62M in 2017 according to IBM Security’s latest  2018 Cost of a Data Breach Study.

The hard reality for any digital business is realizing that their greatest growth asset is how well they protect the constantly expanding perimeter of their business. Legacy approaches to securing infrastructure that relies on trusted and untrusted domains can’t scale to protect every identity and device that comprises a company’s rapidly changing new security perimeter. All these factors and more are why Zero Trust Security (ZTS) enabled by Next-Gen Access (NGA) is as essential to digital businesses’ growth as their product roadmaps, pricing strategies, and services with Idaptive being an early leader in the market. To learn more about Identity-as-a-Service please see the Forrester report, The Forrester Wave™: Identity-As-A-Service, Q4 2017 (client access required)

Predicting The Future Of Next-Gen Access And Zero Trust Security

The following are predictions of how Next-Gen Access (NGA) powered by Zero Trust Security (ZTS) will evolve in 2019:

  • Behavior-based scoring algorithms will improve markedly in 2019, improving the user experience by calculating risk scores with greater precision than before. Thwarting attacks start with a series of behavior-based algorithms that calculate a risk score based on a wide variety of variables including past access attempts, device security posture, operating system, location, time of day, and many other measurable factors. Expect to see these algorithms and the risk scores they generate using machine learning techniques improve from accuracy and contextual intelligence standpoint in 2019. Leading companies in the field including Idaptive are actively investing in machine learning technologies to accomplish this today.
  • Multifactor Authentication (MFA) adoption soars as digital businesses seek to protect new R&D projects, patents in progress, roadmaps, and product plans. State-sponsored hacking organizations and organized crime see the intellectual property in fast-growing digital businesses as among the most valuable assets they can exfiltrate and sell on the Dark Web. MFA, one of the most effective single defenses against compromised passwords, will be adopted by the most successful businesses in AI, aerospace & defense, chip design for cellular and IoT devices, e-commerce, enterprise software and more.
  • Smart, connected products without adequate security designed in will proliferate in 2019, further challenging the security perimeters of the digital businesses. The era of smart, connected products is here, with Capgemini estimating the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50% of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in). With every smart, connected device creating a new threat surface for a company, expect to see at least one device manufacturer design Zero Trust Security (ZTS) support to the board level to increase their sales into enterprises by reducing the threat of a breach starting from their device.
  • Looking for greater track and traceability, healthcare and medical products supply chains will adopt Zero Trust Security (ZTS). What’s going to make this an urgent issue in healthcare and medical products are the combined effects of greater regulatory reporting and compliance, combined with the pressure to improve time-to-market for new products and delivery accuracy for current customers. The pillars of ZTS are a perfect fit for healthcare and medical supply chains’ need for track and traceability. These pillars are real-time user verification, device validation, and intelligently limiting access, while also learning and adapting to verified user behaviors.
  • Real-time Security Analytics Services is going to thrive in 2019 as digital businesses seek insights into how they can fine-tune their ZTS strategies across every threat surface and machine learning algorithms improve. Many enterprises are in for an epiphany in 2019 when they see just how many potential breaches they’ve stopped using a combination of security strategies including Single Sign-On (SSO) and Multi-factor Authentication (MFA). Machine learning algorithms will continue to improve using behavior-based scoring, further improving the user experience. Leaders in the field include Idaptive who is setting a rapid pace of innovation in Real-Time Security Analytics Services.   

Conclusion

Security is at an inflection point today. Long-standing methods of protecting IT systems and a businesses’ assets can’t scale to protect every new identity, device or threat surface. When every identity is a new security perimeter, a new approach is needed to securing any digital business. The pillars of ZTS including real-time user verification, device validation, and intelligently limiting access, while also learning and adapting to verified user behaviors are proving to be effective at thwarting breaches and securing company’ digital assets of all kinds. It’s time for more digital businesses to see security as the growth catalyst it is and take action now to ensure their operations continue to flourish.

Advertisements

58% Of All Healthcare Breaches Are Initiated By Insiders

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why Healthcare Needs Zero Trust Security To Grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities Need to Be Every Healthcare Providers’ New Security Perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

  • 58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today. External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

  • Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud. Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

  • Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents. Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

  • 70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%). Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

  • Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition. Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

How Machine Learning Quantifies Trust & Improves Employee Experiences

Bottom Line: By enabling enterprises to scale security with user behavior-based, contextual intelligence, Next-Gen Access strategies are delivering Zero Trust Security (ZTS) enterprise-wide, enabling the fastest companies to keep growing strong.

Every digital business is facing a security paradox today created by their proliferating amount of applications, endpoints and infrastructure on the one hand and the need to scale enterprise security without reducing the quality of user experiences on the other. Businesses face a continual series of challenges to growth, the majority of which are scale-based. Scaling security takes a multidimensional approach that accurately interprets user behavior, risk and threat predictions, and assesses data use and access patterns.

How Enterprises Are Solving The Security Paradox With Next-Gen Access

Security defies simple, scale-based solutions because its processes are ingrained in many different systems across a company. Each of the many systems security relies on and protects have their cadence, speed, and scale. When a company is growing fast, core systems including accounting, CRM, finance, pricing, sales, services, supply chain and human resources become security-constrained. It’s common for companies experiencing high growth to choose expediency over security. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured according to the Verizon Mobile Security Index 2018 Report.

The hard reality for any growing business is the faster they grow; the more sophisticated and strong they need to become at security. Protecting intellectual property (IP), all data assets and eradicating threats assures uninterrupted, profitable growth. Adding new suppliers, sales teams, distribution partners and service centers can’t be slowed down by legacy-based approaches to user authentication and system access.  The challenge is the faster a business is growing, the slower its legacy approaches to security reacts, slowing down sales cycles, supplier qualifications, and pipelines.

Next-Gen Access solves the security paradox of fast-growing businesses, enabling Zero Trust Security (ZTS) enterprise-wide by solving the following major challenges of a high growth business:

  1. Quit relying on brute-force Multi-Factor Authentication (MFA) techniques that deliver mediocre user experiences and slow down productivity. Any company can still attain Zero Trust Security (ZTS) without reverting to brute-force approaches to MFA. Get away from the idea of having MFA challenges be for every user on every device they use to access every resource. Instead look to Next-Gen Access (NGA) to quantify context, device, and behavioral patterns and derive risk scores for each user.
  2. Begin to rely on Next-Gen Access, Risk-Aware MFA, and Risk Scores to quantify trust and set the foundation of a Zero Trust Security (ZTS) enterprise-wide strategies. The goal is to keep growth going strong, uninterrupted by any security event or breach. Next-Gen Access (NGA) provides behavioral, contextual intelligence indexed as a risk score for each user, enabling more secure and efficient user experiences. NGA is built on a platform that includes Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). They are also the essential components for creating and fine-tuning Zero Trust Security (ZTS) across fast-growing businesses. Taken together in a concerted strategy, ZTS delivers greater control and visibility over every resource in a company.
  3. Identify potential security risks on a per-user basis to the device level and limiting access while asking for identity verification without impacting user experiences. NGA takes contextual and user intelligence into account when deciding which resources will be available to a given user based on their previous login and system use actions and behaviors quantified in their risk score. Machine learning algorithms are used to find patterns in user behavior that could signal a potential security risk. Based on the risk score, conditional access is provided or not. All of this is done in seconds and doesn’t impact the user experience.
  4. Rely on more NGA that learns user’s behavioral patterns over time and improves the user experience, scaling Zero Trust Security enterprise-wide. Solving the paradox of scaling security in fast-growing companies needs to start with a machine learning-based approach to finding and acting on user’s behavioral and contextual activity. As NGA “learns” how valid users interact with security, updating risk scores and performing identity verification, the quality of a user’s experience improves. In fast-growing companies adding new employees, partners, and suppliers, this is invaluable as every new user will generate a risk score. Quantifying trust using NGA, the foundation of any ZTS strategy makes fast, secure profitable growth possible.
  5. The era of ZTS has arrived, and it is accentuating the importance of partnering with security providers who excel at offering Next-Gen Access solutions. ZTS will continue to revolutionize every aspect of an organization’s security strategy, enabling digital businesses to grow faster and more securely over time. Next-Gen Access solutions are the foundations enabling enterprises to scale ZTS strategies across their businesses. Key Next-Gen access providers enabling the era of ZTS include Palo Alto Networks for firewalls and Centrify for Access. Over the next 18 months, ZTS will redefine the cybersecurity landscape as digital businesses look to Next-Gen Access solutions to securely scale their companies and grow.
%d bloggers like this: