Cybersecurity industry research is a great way to stay on top of the latest threats — and the controls that can keep those vulnerabilities from affecting your organization. Research released in November 2018 spanned the gamut of IT risk concerns, including identity, application containers, vulnerability disclosures, and the global threat landscape itself. Here are key takeaways from 11 reports released this month, along with cyber defenses organizations should consider implementing.
- Distill Networks Bot Research
- Fortinet Global Threat Landscape
- Intelisecure State of Critical Data Protection Report
- ObserveIT Holiday Travel Cybersecurity Risk Survey
- Ping Identity:Attitudes and Behavior in a Post-Breach Era
- Risk Based Security: 2018 Q3 Report
- Sailpoint Annual Market Pulse Survey
- Secureworks State of Cybercrime Report
- 2018 StackRox State of Container Security
- Tanium Business Resilience Survey
- Tenable Vulnerability Intelligence Report
Automated processes known commonly as bots can have both good and bad purposes. In a report released Nov. 14 by Distil Networks, researchers reported that bad bots are particularly prevalent on airline websites, mobile apps and APIs, accounting for 43.9 percent of traffic.
While some bots are unsophisticated, Distil found that 84.3 percent of bots on airline domains are moderate or advanced, which are difficult to detect. Bad bots can be used to impersonate real users and steal credentials, among other malicious activities.
“In recent months, airlines have faced an uptick in nefarious activity by bad actors, a sign that this industry is ripe with information that can be used for monetary gain or to wreak havoc,” said Mike Rogers, VP of Services at Distil Networks
Key Takeaway: Be aware of what is running on your network, and take steps to combat bots.
The Fortinet Global Threat Landscape report released Nov. 14 takes a broad look at some of the trends in cybersecurity over the last few months.
Among the high-level findings in the report is that unique malware is once again on rise, with Fortinet observing a 43 percent year-over-year gain. Fortinet also reported that the number of malware families grew by 32 percent.
The use of HTTPS-encrypted traffic also achieved a new milestone, accounting for 72 percent of all network traffic, up from 55 percent in 2017.
“Cyberthreats are growing rapidly and every organization is feeling the impact, with daily detections and exploits increasing. Previously, ransomware was the talk of the day, and now cryptojacking, mobile malware, and attacks against business-critical supply chains are proliferating,” stated Phil Quade, Fortinet’s Chief Information Security Officer.
Key takeaways: Malware might seem like an old-school form of attack, but it’s still growing and enterprises needed to have proper anti-malware, network and EDR technologies in place to limit risk.
According to the 2018 State of Critical Data Protection Report released Nov. 15 by InteliSecure, there is a significant gap in how organizations think about and actually secure sensitive data.
The report found that 90 percent of surveyed organizations have policies that define how sensitive data should be stored and protected on employee systems. Despite those policies, most organizations do not have a programmatic approach to maintain them.
“While threats to organizations continue to grow in scale, sophistication and frequency, it’s clear the cybersecurity industry skills shortage is failing most organizations, particularly those who choose to go it alone,” InteliSecure CEO Steven Drew stated.
Key takeaways: Having a policy for sensitive data management is great, but having tools, processes and personnel to actually enforce policies is better.
Travel represents a cybersecurity risk, according to a Nov. 15 report released by ObserveIT.
Among the big risks that are exposed during travel, 77 percent of respondents reported using free or public Wi-Fi while traveling. Additionally, 63 percent admitted that they have used free public Wi-Fi to access work emails and files while traveling.
While holidays should be a break from work, 55 percent of respondents to the the ObserveIT survey said that they would be bringing a work device with them during holiday travel season.
“Not only does this research confirm that cybersecurity isn’t top of mind while employees are traveling, but it also highlights a major gap in security awareness training around mitigating the threats posed by remote work,” ObserveIT CEO Mike McKee wrote in a statement. “While technology has enabled people to be productive regardless of location, it’s also creating new ways for hackers to infiltrate otherwise secure systems.”
Key takeaways: Be wary of free public Wi-Fi and use a VPN to help secure and promote remote access.
What is the impact of a data breach on consumer loyalty and engagement? That’s the key question answered by the Ping Identity 2018 Consumer Survey on attitudes and behaviors in a post-breach era.
78 percent of respondents to the Nov. 7 survey reported that they would stop engaging with a brand online after a data breach. Additionally, 49 percent said that they would not use an online service or application that recently experienced a data breach.
Data breaches are also impacting consumer behavior, with 47 percent of respondents indicating that they have made changes to the way they secure their personal data as a result of recent breaches.
“With the prevalence of data breaches and leaks, enterprises must have the proper controls in place or they become at risk of losing consumer trust and business,” said Sarah Squire, CTO Office, Ping Identity. “In the same way that brands are expected to provide user-friendly experiences, they also must understand the value and importance of strong identity management strategies.”
While Fortinet reported an increase in the number of unique malware families it found, Risk Based Security’s Q3 2018 Vulnerability Report provides a different view.
The Nov. 15 report found that there was a 7 percent decrease in the number of vulnerabilities in the first three quarters of 2018 over the same period in 2017. Not all vulnerabilities are equal, however with varying severity and impact. Risk Based Security reported that 15.4 percent of vulnerabilities in the third quarter were rated as “critical.”
Looking at the root cause of flaws, 67.3 percent of vulnerabilities are due to insufficient or improper input validation. Not all flaws have solutions either, a key challenge identified in the report. Just over a quarter (24.9 percent) of the reported vulnerabilities currently have no known solution.
“We continue to see vulnerabilities that are being actively exploited in the wild well before most organizations are aware of the issues. It is an unfortunate situation to find yourself in a position to learn about a vulnerability after the damage is done.” said Brian Martin, VP of Vulnerability Intelligence for Risk Based Security.
Key takeaways: Have an active patch management strategy in place to deal with the remediation in a timely manner.
The SailPoint 10th Annual Market Pulse Survey released Nov. 13 provides insight into identity governance practices.
Among the survey highlights is the finding that 75 percent of respondents admitted to reusing passwords across accounts, including both personal and work. That’s a significant increase from 2014, when only 56 percent of respondents admitted to doing the same.
Not only are employees increasingly ignoring best practices for passwords, they are also ignoring other IT policies that are deemed to be inconvenient. 55 percent of SailPoint’s survey respondents said their IT department can be a source of inconvenience. That inconvenience leads to employees ignoring IT policies and installing their own software.
“To secure and enable today’s modern workforce, the users have become the new ‘security perimeter’ and their digital identities are the common link across an organization’s IT ecosystem at every stage of its digital transformation,” said SailPoint CMO Juliette Rizkallah.
Key takeaways: Make sure that IT is an enabler for employees and not an inconvenience that they need to go around. And to the extent possible, lock down company-owned devices to control what gets downloaded and to enforce password management.
Cybercriminals are increasingly organized and using ever more advanced techniques, according to the Secureworks State of Cybercrime Report 2018 released Nov. 13.
From July 2017 through June 2018, Secureworks Counter Threat Unit (CTU) researchers analyzed incident response outcomes and conducted original research to gain insight into threat activity and behavior across 4,400 companies.
One of the key findings in the report is that nation-state actors are increasingly using tools and techniques employed by cybercriminals, and vice versa. Secureworks reported that criminal cybergangs are now using advanced social engineering techniques alongside network intrusion methods with point-of-sale (POS) malware.
“Cybercrime is a lucrative industry, and it’s not surprising it’s become the arm of powerful, organized groups,” said Don Smith, Senior Director, Cyber Intelligence Cell, Secureworks Counter Threat Unit.
Key takeaways: Be aware of the macro-security landscape and have controls that can deal with targeted and advanced persistent threats.
On Nov. 14, StackRox released its inaugural State of Container Security report, taking a deep dive look into the nascent world of application container security.
Containers can run in multiple types of deployments, and StackRox found that 40 percent of its survey respondents are running containers in hybrid environments, both on premises and in the cloud.
Looking at container security, 54 percent of respondents said their primary concerns were about misconfigurations and accidental exposures of data. And 44 percent of organizations noted that they are more concerned with the runtime phase of containers than the building and deployment phases.
“The influence of DevOps and the fast uptake in containerization and Kubernetes have made application development more seamless, efficient and powerful than ever,” StackRox CEO Kamal Shah stated. “Yet our survey results show that security remains a significant challenge in enterprises’ container strategies.”
Key Takeaways: Have technologies in place to be able to monitor and manage the runtime behavior of applications, whether they are running in containers or elsewhere.
While it’s not possible to block all attacks, it is possible for organizations to build infrastructure and processes to make operations more resilient.
The Tanium Resilience Gap Study released Nov. 14 found diverging views in how resilient organizations are to cyberattacks. 96 percent of survey respondents indicated that they believe that making technology resilient to business disruptions should be core to their firm’s wider business strategy.
The reality, however, is that only 61% of respondents claimed that their organizations are in fact resilient to disruption.
“The speed and complexity of technology has led organizations to purchase multiple tools to solve for IT security and operations challenges,” said Tanium CSO David Damato. “In turn, this has created a fragmented collection of endpoint management and security solutions which is leaving the enterprise environment brittle, vulnerable and lacking the Business Resilience needed to adequately mitigate threats.”
Key takeaways: Don’t just look at threat detection and identification, also consider resilience and the ability of the enterprise to continue operations in the face of threats.
According to the Tenable Vulnerability Intelligence Report released Nov. 7, there will be an estimated 19,000 vulnerabilities disclosed in 2018, an increase of 27 percent over 2017. Tenable reported that enterprises are identifying an average of 870 unique vulnerabilities every day.
Not all vulnerabilities have the same severity, with only 100 or so on average every day having critical impact. Organizations overall are continuing to struggle with the volume of alerts and vulnerability activity and the associated remediation actions, according to Tenable.
“When everything is urgent, triage fails,” said Tom Parsons, senior director of product management. “As an industry, we need to realize that effective reduction in cyber risk starts with effective prioritization of issues.”
Key takeaways: Be sure to have a vulnerability management system in place and understand what the actual risks are to properly prioritize patching and remediation.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist. #