The Ivanti Threat Thursday Update for August 17, 2017: The Devil Inside?

Greetings. This week’s cybersecurity news includes a new survey about the challenge of insider threats, and a new protection arrangement with Microsoft for the UK’s National Health Service (NHS). Got opinions, reactions, suggestions, or tips? Please share. Thanks in advance.

Survey: Insider Threats a Top Challenge – to Detect and to Prevent

Dtex Systems, provider of user behavior intelligence solutions, announced its 2017 Threat Monitoring, Detection & Response Report, based on a survey of more than 400 cybersecurity professionals, conducted by Crowd Research Partners. The report includes several interesting – and alarming – findings.

  • “Sixty-one percent of all respondents say that it is more difficult to detect and prevent insider attacks than it is to prevent external attacks. Only six percent of respondents say that detecting external attacks is more difficult than identifying internal attacks.”
  • “Sixty-four percent of respondents cite an inadvertent data breach or compromise – where an employee unknowingly causes an accidental breach – as the top insider threat concern.”
  • More than half the respondents cited two top reasons for a rise in insider threats. The first: “an increasing number of devices with access to sensitive data linked to their networks” (55 percent). The second: “data increasingly leaving the network perimeter via mobile devices and Web access (51 percent).”
  • “User training was identified as the leading method for combating insider threats, according to 57 percent of those surveyed. However, only 30 percent of all respondents felt confident in their organization’s insider threat security posture – seven percent less than those who said they were confident in their organization’s overall security posture.

What We Say: This survey boils down to two apparently inescapable conclusions. One is that insiders who make mistakes are more likely and immediate threats to your enterprise’s cybersecurity than outside malefactors. Another is that user training is essential, but must be augmented by proactive, multi-layered technological defenses and protections. You must combine people, effective processes, and modern technologies to enable the protection and remediation abilities your users and your enterprise need. (See “Three Things You Can Do Now to Increase User Contributions to Cybersecurity at Your Enterprise.”

Microsoft to Deliver Additional Protections to Legacy NHS Systems

In May, the worldwide WannaCry ransomware attack affected multiple National Health Service (NHS) hospitals and organizations across the UK, many of which still rely on Windows versions Microsoft no longer supports. Now, NHS Digital, the technology arm of the NHS, has executed a custom cybersecurity agreement with Microsoft to protect those systems.

As reported by UK Authority, under the agreement, in force until June 2018, Microsoft will provide “patches and updates for all existing Windows devices operating on Windows XP, Windows Server 2003 and SQL 2005.” According to a spokesperson quoted in the report, Microsoft will also “’provide NHS Digital with a centralized, managed, and coordinated framework for the detection of malicious cyber activity through its Enterprise Threat Detection (ETD) service.’” That service “’analyses intelligence and aims to reduce the likelihood and impact of security breaches or malware infection across the NHS.’”

These protections go into effect as NHS accelerates modernization of its IT and cybersecurity estates. As Computer Weekly reported in July, the UK government plans to “boost investment in NHS data and cyber security.” “An initial £21m of capital funding will be targeted at increasing the cyber resilience of major trauma sites as an immediate priority, and improve NHS Digital’s national monitoring and response capabilities.” The government plans to invest a total of more than £50m “to address key structural weaknesses, such as unsupported systems.”

What We Say: Legacy technologies may still deliver marginal functionality and value, but their vulnerabilities and lack of official support represent hidden and potentially significant risks and costs. Modernization of your cybersecurity solutions and IT infrastructure are investments that can measurably and meaningfully improve productivity and security while reducing operating and support costs. (See “The Power of Unified IT™: IT. Together. Strong.”)

Survey: Hackers Love Privileged Accounts

At the recent Black Hat conference, cybersecurity solutions vendor Thycotic surveyed more than 250 hackers. As reported by BetaNews, respondents had some interesting things to say about enterprise cybersecurity.

  • “32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts.”
  • “85 percent blame humans for security breaches, more so than the lack of security or unpatched software.”

What We Say: Effective control of privileged accounts – those with admin rights – is a top recommendation of cybersecurity experts worldwide. The Center for Internet Security (CIS), the Australian Signals Directorate (ASD), the International Organisation for Standardization (ISO), and the UK’s National Cyber Security Centre (NCSC) all agree that such control, combined with timely, comprehensive patching and control of applications and devices, can improve cybersecurity quickly and significantly. Your enterprise must incorporate such measures into your cybersecurity efforts to maximize their effectiveness, today and tomorrow. (See “Your Threats Are Evolving. Are Your Defenses?”)

Protect and Defend Your Enterprise with Ivanti

Ivanti has the solutions and expertise you need to modernize and improve your enterprise’s protection against cybersecurity threats, whether internal or external, accidental or intentional. Let us help you with patch management, control of user applications, devices, and admin rights, your constant fight against ransomware and other malware, or all of these.

For added incentive, through September, Ivanti is offering new and current customers combinations of select cybersecurity solutions at discounts of up to 30 percent. Check out the offer details, and the free trials of our patch management solutions. And keep reading our Patch Tuesday and Threat Thursday updates, for our take on the latest news on the latest threats and how best to deal with them.

ransomware attack