RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

2017 Brings DLP Technology and IoT’s Weaknesses to Light

DLP Technology

In regards to data loss prevention (DLP), in the last five years many companies rushed to implement DLP solutions without taking the time to first identify the data that should not transit egress points. Most of these rushed implementations have not been successful. Security analysts, in particular 451 Research, have been recommending that companies should first identify and classify data before deploying DLP. Unfortunately, we are just now seeing companies execute this approach. Companies in 2017 that identity and classify data before they begin implementing DLP solutions will see a dramatic increase in the effectiveness of their data protection programs.

In 2017, attacks that seek to access a company’s sensitive data will increase. Some of the attacks will be conducted by activists looking to damage their targets’ integrity and reputation – similar to the intent behind the Sony breach. Other attacks will be for financial gain, predominantly tied to ransomware. Hiding behind the anonymity of bitcoin and other cryptocurrencies, ransomware continues to be a crime where the culprits can remain anonymous and difficult or even impossible to capture. Cybercriminals will continue to upload stolen data publicly to make investigations and containment trickier.

The likelihood of a data breach is higher than ever and organizations must get serious about the sensitive data sprawl that is occurring across their networks. In the case of the Sony breach, one of the biggest and most newsworthy breaches since 2014, the majority of the damage was done from sensitive data that was stored unprotected on their network. Companies need to develop enterprise-wide data security programs to address vulnerabilities.

Data sprawl continues to be a major threat to enterprises and governments alike. In the majority of recent attacks – the Home Depot breach, the SWIFT network breach, the DNC breach – the common denominator is the unaccounted-for sensitive data. Unknown or misplaced sensitive data that is stolen is the most valuable to the cyber thieves and the most devastating to companies. Enterprises and government organizations must take action to ensure they eliminate sensitive data sprawl across their organizations. This is the very first and most critical step in protecting themselves, their employees and their customers from the major risk of a data breach.

We also see Internet of Things (IoT) devices as a weak link in the security chain. The vast majority of IoT device manufacturers are not be able to address security threats, as we saw in the DDoS Dyn attack. Early IoT security failures will push the industry toward authentication standards but these standards will not be implemented before 2017 comes to a close. Operational technology needs to be aggressive with their cybersecurity approach – by hiring experts and assigning the businesses responsibility of cybersecurity to individuals.

###

By Dr. Jo Webber, Spirion, CEO

Dr. Webber is an experienced technologist and software company CEO having led three previous companies including Energy Solutions International, an Inverness Graham Portfolio company. She has served on 12 boards and has substantial M&A and international experience.

She has a PhD in Quantum Physics and has authored four patents. She is a Fellow of the Royal Society of Chemistry.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

SYNDICATED NEWS SOURCES

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…