The Ivanti Threat Thursday Update for June 1, 2017

Welcome. This is the second edition of an evolving series of blog posts inspired by the WannaCrypt/WannaCry attack and our Patch Tuesday outings. This time out: the aftermath of another major IT outage, new collaborations between two major industry players, and the looming challenges of new data protection regulations.

The British Airways Outage: Chaos and Questions

British Airways (BA) experienced a near-total failure of its IT infrastructure on Saturday, May 27. According to multiple news reports, at least 75,000 travelers were affected, the airline didn’t return to its full schedule until Tuesday, and many passengers are still waiting to be reunited with their checked baggage.

Initially, suspected causes of the outage ranged from a cybersecurity attack to the airline’s outsourcing of IT jobs to India. In a statement reported by The Guardian, the airline said that the outage “was not an IT failure and had nothing to do with outsourcing of IT, it was an electrical power supply which was interrupted.” That interruption was followed by an “uncontrolled return of power” that knocked out multiple data center servers, BA said. The cause of the initial power failure has not yet been discovered or disclosed.

What We Say: Even if this catastrophic failure was not directly caused by a specific IT problem, it highlights apparently significant shortcomings in BA’s IT infrastructure and management. The failure should be a clarion call to IT decision makers everywhere to ensure that their environments are adequately protected—and agile enough to avoid and recover quickly from such catastrophes. Such agility relies upon comprehensive, effective IT asset management and service management. For more on what IT can and should learn from the BA outage, read “Six Immediate Lessons to Learn from the British Airways IT Outage.”

Cisco, IBM Team on Cybersecurity

Cisco and IBM announced plans to integrate multiple cybersecurity offerings and threat intelligence efforts. The goal is to ease and speed identification and remediation of vulnerabilities and threats, the companies said.

From the news release: “One of the core issues impacting security teams is the proliferation of security tools that do not communicate or integrate. A recent Cisco survey of 3,000 chief security officers found that 65 percent of their organizations use between six and 50 different security products. Managing such complexity is challenging over-stretched security teams and can lead to potential gaps in security.”

That complexity is also costly. The release also cited Ponemon Institute research that found “incidents that took longer than 30 days to contain cost $1 million more than those contained within 30 days,” the news release added.

What We Say: The buried lead of this announcement may be the results of the Cisco survey. Those results imply that a surfeit of fragmented, poorly harmonized tools creates significant cybersecurity risk for many enterprises.

Ivanti offers tools designed to tame these challenges. Xtraction connects to data from almost any IT tool, and presents that data in clear, actionable reports and dashboards, with no coding required. Insight collects and presents desktop environment data, such as logon times and resource usage, to enable informed endpoint management decisions. To learn more, see “Xtraction and Insight: Turning IT Data Into Actionable Information.”

Reports: GDPR is Coming—and the UK is Not Ready

A PricewaterhouseCoopers (PwC) study summarized by ComputerWeekly.com found that in 2016, the UK issued £3.2 million in penalties for 35 breaches of the UK Data Protection Act. These figures represent a 60-percent increase in penalties and a near-doubling of the number of breaches over the previous year, according to PwC.

Such penalties are likely to grow significantly with the implementation of the General Data Protection Regulation (GDPR), which takes effect in May 2018. Under the GDPR, maximum penalties will increase from the current £500,000 limit to £17.5 million or 4% of a company’s “global annual turnover, whichever is greater,” ComputerWeekly.com said.

As the GDPR deadline looms, many UK companies are likely to face such penalties, according to research conducted by the threat management firm RiskIQ and reported separately by ComputerWeekly.com. The GDPR requires that “provisions should be in place to ensure that personally identifiable information (PII) is captured and processed securely.” However, the RiskIQ study found that “34% of web pages of [firms listed in the FT 30 index, some of the UK’s largest enterprises] that collect PII are doing so insecurely, 29% are not using encryption, 3.5% are using vulnerable encryptions algorithms, and 1.5% have expired security certificates.”

What We Say: The fines and penalties associated with the GDPR are intended to apply to all companies that do business with European citizens, wherever those companies are located physically. So the above challenges are not limited to UK enterprises. And the GDPR is just one set of regulations designed to protect PII, and to punish those companies that do not do so.

Proactive, multi-layered cybersecurity is essential to PII protection, regulatory compliance, and avoidance of fines and worse penalties. Such cybersecurity begins at your network endpoints, where your users spend most of their time and hackers focus most of their efforts. To learn more, check out “Endpoint Security Evolves: Your Enterprise’s Front Line of Defense” and “Endpoint Security Evolves: The Three Critical Needs.” Then, download the report that inspired the posts, The Forrester Wave™: Endpoint Security Suites, Q4 2016.

Ivanti: Your Cybersecurity Partner

Feel free to explore and share the Ivanti resources mentioned above, and to contact Ivanti directly for more on how we can help to improve asset, cybersecurity, endpoint, and/or service management for your enterprise. And if you have comments or suggestions about this post or series, feel free to contact me directly. Thanks!

ransomware attack