Ivanti Blog: Posts by

Long Weekend and you Locked Yourself Out of Your Computer

Tue, 01 Jun 2021 22:46:20 Z

The latest Verizon DBIR report is out and we all should realize, normal is not the new workplace.

Picture this:

You’re logging into the work account after a long weekend of gratitude, remembrance and maybe even getting to hug someone safely.

*Please reset password.*

*Cannot use a previous password.*

*Must be 8-20 characters with one special character and a sprinkling of Latin.*

*Must be written in Haiku form.*

*Your account has been locked. Please try again in 2023.*

*Oops, someone else logged into your account. It’s probably fine, right?*

Okay, we’re exaggerating a little but variations of this scene are playing out all over the country this week. You’re frustrated and you haven’t even gotten started on the work that piled up over the weekend.

And cybersecurity woes are doing more damage than just making you want to throw your laptop out the nearest window.

The latest Verizon DBIR report is out, and – as anyone in cybersecurity guessed – it’s not good news. The report shows that once again, phishing, ransomware and credential theft are on the rise. It makes a clear case for doing a better job protecting users as well as the devices used to access networks.

Here are some highlights (or should we say lowlights):

Report analyzes 29,207 quality incidents, 5,258 of which were confirmed breaches.
Phishing attacks increased by 11%, while attacks using ransomware rose by 6%.
85% of breaches involved a human element.
61% of breaches involved credentials.
Ransomware appeared in 10% of breaches, double the previous year.
Compromised external cloud assets were more common than on-premises assets in incidents and breaches.
Breach simulations found the median financial impact of a breach is $21,659, with 95% of incidents falling between $826 and $653,587.

That’s…not ideal. The fact that credentials were so commonly used is terrifying, to say the very least.

Here’s a closer look at the findings:

Why are things getting worse, not better? For one thing, companies are undergoing digital transformations and shifts to the cloud that make those companies more agile and better suited to the Everywhere Workplace – but also vulnerable, without the right security measures in play.

“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures” —Tami Erwin, Executive Vice President and CEO, Verizon Business

Phishing and Ransomware once again top the list

The DBIR states that phishing, ransomware and web app attacks dominated data breaches in 2020. This is part of an overall trend that we’ve seen since the pandemic hit. ZNet reports, “Email scams related to Covid-19 surged 667% in March (2020) alone.”

Insights from the report reveal that among 1,148 people who received real and simulated phishes, none of them clicked the simulated phish but 2.5% clicked the real phishing email, reinforcing the need for better phishing simulations and security education training.

It’s not just businesses…

The federal government had a tough year when it came to data breaches and ransomware attacks. According to the Federal News Network, in the first quarter of 2020, government agencies saw a 278% year-over-year increase in compromised information, totaling more than 17 million records while institutions were hit with an unprecedented number of ransomware attacks that cost the US government of up to $1.4 billion.

Ransomware attacks are continuing and it is not a minute too soon that that the White House released an Executive order that said it is time to adopt security best practices. Specifically: “Within 180 days of the date of this order, agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

So what can we do?

According to the DBIR, a “significant percentage of victims targeted” were organizations “that neglected to implement multi-factor authentication, along with virtual private networks.” And “the zero trust model for access quickly became a fundamental security requirement rather than a future ideal.”

Translation: the old security methods don’t work in this new landscape. And they’re getting less secure by the day as threats get more sophisticated.

The future is passwordless, and the companies that take the longest to embrace that shift are the ones who will be most vulnerable.

Eliminating passwords through zero sign-on goes a long way toward shoring up security in this new, much more decentralized Everywhere Workplace. Eliminating passwords is also one of the clearest, simplest ways to prevent laptop-through-window incidents.

We’d all like to see a better DBIR report next year – perhaps one marked by a dramatic downtrend in breaches combined with a surge in companies embracing the new business landscape with simpler, more secure access. That’s what we’re working on every day at Ivanti.

The 30th Anniversary of RSA Would Have Been One Heck of a Party

Fri, 21 May 2021 16:54:40 Z

There is no doubt that a virtual RSA is not the same as catching up with colleagues and partners over great food, and of course meeting up at the W Bar. The good news is we all have or are adjusting to working remotely and we didn’t have to travel to hear what the industry luminaries think, or what our peers are saying they can do to keep the world safe. (not sure if you have caught our tagline but, we make the Everywhere Workplace possible – for us it was very comfortable to participate securely). It was pretty clear that not every organization has embraced the Everywhere Workplace and that “securing chaos” is a common need we are all trying to address.

No surprise the recent Colonial Pipeline ransomware attack that has been making headlines prompted virtually every vendor to discuss how and why we need to get ahead of ransomware attacks – spoiler alert – ransomware makes cybercriminals money, and they are not going to stop anytime soon.

Ransomware also has put the White House on notice. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology in the Biden administration, stated on day two of the conference that, a recent executive order signed by President Biden "creates a pilot program to create an ‘energy star’ type of label so the government, and the public at large, can quickly determine whether software was developed securely,” the White House says.

In her remarks, Neuberger also stressed that the Biden administration is taking cybersecurity seriously and working internationally to combat security threats around the world. Specifically, the administration is making ransomware a top priority.

It’s about time!

The other topic that dominated the conference was trust. The main message heard from the keynote speaker and sessions was that you can’t let your guard down and although zero trust has been talked about it is time to actually start implementing a zero trust strategy. The conference was packed with multiple sessions about how we (security vendors) and the average employee needs to be more vigilant about our credentials and what we click on (who hasn’t clicked on a too good to be true product on Facebook or Instagram?).

As another RSA comes and goes a few things are clear:

We can stop talking about digital transformation – It has happened
Whether companies are moving to the cloud or not – They are
Consolidation on security architectures and security stacks at the organization level are increasingly important

Lastly, we need to realize the security talent shortage is still a big issue that cybercriminals are capitalizing on, and we need to take Cisco’s CEO, Chuck Robbins, resiliency message to heart.

Robbins described the challenges of the sudden shift to remote work by having the remote workforce try to connect over multiple networks and with whatever device workers could find to be productive from the Everywhere Workplace. Not only did this put an immediate strain on the IT departments to scale up and accommodate all the new remote connections, but the security threat landscape immediately expanded and kept the company’s security team and CISO up at night!

“For instance, employees, just by working 30 extra minutes on a mobile device, create 20 percent more vulnerability than you would have normally, he said. “Every individual is carrying an average of four devices, and most of us are carrying even more. And this just creates more opportunity for breaches.”

The threat surface keeps growing and will continue to expand in the future. What is your company’s plan of resiliency to protect the increasing number of mobile endpoints in the remote workforce, and how can you counter more sophisticated cyber threat actors in the wild? What is your company's journey to implement the Zero Trust security strategy?

Ivanti knows that the Everywhere Workplace is here, and it is essential to secure user identities, secure the remote user, secure their work mobile device (and laptop/desktops), and secure their access to critical work resources wherever they reside. Come see how Ivanti can help enable your company’s Everywhere Workplace.