DATA SECURITY

Perfect storm of cybersecurity risks threatens the hybrid workplace

HP Wolf Security | November 01, 2021

HP Inc. today released its latest HP Wolf Security report: Out of Sight & Out of Mind, a comprehensive global study highlighting how the rise of hybrid work is changing user behavior and creating new cybersecurity challenges for IT departments.

The research shows that a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing. All of this is making IT support more complex, time-consuming, and costly than ever.

The report combines data from a global YouGov online survey of 8,443 office workers who shifted to Working from Home (WFH) during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna. Key findings include:

New Shadow IT buying and installing endpoints with security out of mind: ‘Shadow IT’ typically refers to non-IT departments deploying software beyond the purview of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT. 45% of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However, 68% said security wasn’t a major consideration in their purchasing decision, while 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same of their new printer.

Phishing becoming increasingly successful: 74% of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months. 40% of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49%) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link, 70% didn’t report it to IT – 24% didn’t think it was important, 20% cited the “hassle factor”, while 12% had a fear of reprisal or being punished.
Increase in devices being compromised fuels growth in rebuild rates: 79% of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defenses. The real figure could be higher still: 80% of IT teams worry that employee devices might be compromised and they don��t know about it.

"People often don't know if they have clicked on something malicious, so the real numbers are likely much higher," comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. "Threat actors don't always announce themselves, as playing the 'long game' to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.”

Pratt continues: "It shouldn't be this easy for an attacker to get a foothold - clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement."

With threats rising, it’s becoming more difficult for IT teams to deliver security support. 77% of IT teams said the time it takes to triage a threat has increased in the past year, while an estimated 62% of alerts relating to the endpoint are false positives, leading to wasted time. With IT teams tied up dealing with alerts, it’s becoming harder for them to onboard employees and identify threats:

65% of IT teams said that patching endpoint devices is more time-consuming and difficult due to the mass shift to home working, while 64% said the same of provisioning and onboarding new starters with secure devices.
As a result, IT teams estimate the cost of IT support in relation to security has risen by 52% in the last 12-months.

83% of IT teams said the pandemic has put even more strain on IT support because of home worker security problems, while 77% of IT teams say homeworking is making their job much harder and that they fear teams will burnout and consider quitting.
“As IT continues to grow in complexity, security support is becoming unmanageable,” Pratt concludes. "For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value. We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.”

HP is helping organizations to secure the hybrid workplace by delivering endpoint security that provides teams with greater visibility and management tools. With HP Wolf Security1 organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. HP Wolf Security provides the ideal support for securing the hybrid workplace – for example HP Sure Click Enterprise2 reduces the attack surface by rendering malware, delivered via email, browser or downloads, harmless through threat containment and isolation. HP Wolf Security enables teams to deliver defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large.

About HP Wolf Security
From the maker of the world’s most secure PCs3 and Printers4, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

DirectDefense and Claroty Partner to Secure Customers’ Cyber-Physical Systems

Businesswire | April 13, 2023

DirectDefense, Inc., a leading information security services company, today announced its partnership with Claroty, the cyber-physical systems protection company. Claroty empowers organizations with unmatched visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified over the last decade, a broad range of XIoT assets – including operational technology (OT), the Internet of Medical Things (IoMT), building management systems (BMS) and enterprise IoT – are now interconnected. While this drives innovation, resilience, sustainability and numerous other business benefits, the XIoT can also increase organizations’ attack surface area and risk exposure if not properly secured, and solutions intended solely for OT, IT, or any other specific use case are insufficient. Without holistic, comprehensive visibility and security, organizations may face costly downtime, as well as negative impacts on critical outcomes such as patient care and manufacturing process integrity. “By adding Claroty to our services offering, customers in the industrial, healthcare and commercial industries can better secure their XIoT environments,” said Jim Broome, President and CTO of DirectDefense. “Time and time again we hear the challenges these industries face with the proliferation of connected devices and the difficulty managing and securing them. The Claroty platform provides the required visibility and protection and with our 24x7 SOC managing those alerts in partnership with our Connected Systems team, customers will elevate their security posture and increase their cyber resiliency.” Claroty tackles the risks posed by the explosion of connectivity between the cyber and physical worlds with its flagship product, the Claroty Platform. This unified XIoT cybersecurity solution is tailored to the requirements of healthcare, industrial, and public sector environments, deployable via on-premise, hybrid, or cloud/SaaS options, and integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. “When it comes to securing cyber-physical systems, the number one priority is cyber and operational resilience,” said CJ Radford, Global Vice President of Channel & Alliances for Claroty. “With the strength of Claroty’s technology and the support of DirectDefense’s 24x7 managed services, customers are equipped to proactively secure assets and devices, quickly respond to and recover from incidents, and preserve operational continuity and safety within their XIoT environments.” About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com. About Claroty Claroty empowers organizations to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. The company’s cyber-physical systems protection platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, network segmentation, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To find out more about Claroty, visit claroty.com.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

SOC Prime Launches Integration with Amazon Security Lake to Supercharge Security Operations

Businesswire | May 31, 2023

SOC Prime, provider of the world’s largest and most advanced platform for collective cyber defense, today announced its integration with Amazon Security Lake, the AWS security service that enables organizations to automatically centralize security data from the cloud, on-premises, and custom data sources into a purpose-driven data lake stored in their account. SOC Prime drives a transformational change in cybersecurity relying on zero-trust & multi-cloud approach to empower smart data orchestration, dynamic attack surface visibility, and cost-efficient threat hunting. Backed by its advanced cybersecurity solutions, Uncoder AI, Attack Detective, and The Prime Hunt, SOC Prime enables organizations to boost their cyber defense capabilities at scale, unleashing the power of Amazon Security Lake. Leveraging SOC Prime’s Uncoder AI, an Augmented Intelligence framework, security teams can save development time and migration costs with re-usable threat hunting queries automatically convertible to Amazon Athena and OpenSearch in the standard Open Cybersecurity Schema Framework (OSCF) format. SOC Prime’s Attack Detective tool intelligently and automatically queries security logs in the customer's Amazon Security Lake account via Amazon Athena and Amazon OpenSearch to identify data sources and then scan them in real time with a curated set of threat hunting queries. By leveraging Attack Detective, security engineers can channel their efforts directly into incident investigation rather than analyzing overwhelming volumes of alerts and accelerate threat research by validating over 10,000 adversary behaviors against the stored log sources in a matter of hours. Attack Detective follows core Zero-Trust Architecture (ZTA) principles segregating the data plane and control plane to ensure that no SIEM or EDR access credentials are shared or inherited within the Company profile. The tool provides complete threat visibility based on the organization-specific logs by linking and correlating with SIEM and EDR on-premises data in its native location without the need to migrate it to the cloud, which contributes to significant cost savings and ensures compliance with zero-trust basic tenets. Adding to investment optimization capabilities, The Prime Hunt open-source browser extension enables security professionals to extract valuable data from large datasets at a lower cost. Users can seamlessly run threat hunting queries on security logs within the Amazon Security Lake account via a web browser in both Athena and OpenSearch and automatically identify accounts and assets affected by the suspected activity. About SOC Prime Headquartered in Boston, SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations, including 42% of Fortune 100 and 21% of Forbes Global 2000. Flexible subscriptions ensure that both organizations and individual operators can benefit from SOC Prime’s curated detection content and enhanced cyber defense capabilities. SOC Prime is backed by DNX Ventures, Streamlined Ventures, and Rembrandt Venture Partners, having received $11.5M in funding in October 2021. For more information, visit https://socprime.com or follow us on LinkedIn & Twitter.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tessian Launches Advanced Email Threat Response Capabilities for Security Teams

Prnewswire | April 26, 2023

Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry's most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model. "At Tessian, we are focused on helping our customers eliminate email based threats," said Allen Lieberman, Chief Product Officer of Tessian. "As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations. With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations." "Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis," said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. "Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks." About Tessian Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

Read More