Category Archives: DATA EXFILTRATION

Insider Threat and 3rd Party Liability

PageUp and the 3rd Party Liability Problem

3rd Party Liabilities

 

The tech world was thrown into frenzy over the recent hack of international HR service provider PageUp.

In late June, chief executives reported "unusual activity" in its IT infrastructure.  An investigation was launched and emergency notifications were distributed to PageUp’s broad client base.

The industry quickly understood: the implications of this hack were potentially devastating.

PageUp specializes in storing personal details of workforce personnel.   The company boasts two million active users across 190 countries.   All of this data was now suspected of being compromised.

The most recent news on the PageUp damage report was the leaked data of the UK food and hospitality giant Whitbread.   The hotel and coffee shop operator acknowledged that some current and prospective employees’ data may have been compromised during the PageUp hack.  Whitbread sent a message to individuals potentially affected stating that personal detail collected during recruitment processes “may have been accessed and could potentially be used for identity theft.”

Whitbread has reportedly suspended its use of PageUp’s services.

 

The Third Party Liability

The PageUp breach and its subsequent fallout highlight the ever present--and increasingly risky--threat to data posed by third party outsourcing.

 

Third party contractors are extremely attractive targets for cyber criminals.   As one industry leader put it: “information like dates of birth and even maiden names […] gives cyber-criminals all that they need to successfully monetize the hack, from phishing attacks to identity theft.”

 

The risk of third party vendors is especially true in the era of heightened compliance demands set by current data regulations.   Laws like the EU GDPR put all the responsibility on companies when it comes to who they trust to handle their data.   In the medical industry,  HIPAA requirements also extend to any outside service provider dealing with personal data of patients.

 

Handle on the Data

 

Enterprises need to take control of their sensitive data, whether it is on their own networks, or being managed via outsourcing.

This means companies need to vet their digital-service supply chains more seriously.  Managers must get clear answers from service providers on very important questions:

  1. What are the security standards for personnel data?
  2. How up to date are the company’s data loss protection tools?
  3. How does the contractor deal with regulation compliance?

Ensuring the tight standards of contractors is the only way for companies to safely employ third parties to handle their most sensitive data.

 

Badmouthing Data Loss Prevention (DLP) is Fashionable

Badmouthing Data Loss Prevention (DLP) is Fashionable   Is DLP Really Dead?   I recently came across several digital security vendor sites who describe themselves as a “DLP alternative.” Perusing through their pages, I came across comments such as “DLP is hard to deploy”, “DLP is hard to maintain” and the classic: “DLP is heavy…
Read more

Equifax submits statement to congressional committees regarding cybersecurity incidient

Equifax Submits Additional Statements to Congress Regarding the Incident Equifax submitted a statement to congressional committees to supplement the company’s responses regarding the extent of the incident impacting U.S. consumers.  "As announced on September 7, 2017, the information stolen by the attackers primarily included: “As a result of its analysis of the standardized data elements, including using…
Read more

Insider & Outsider Threats in Today’s Digital Age

Insider & Outsider Threats in Today's Digital Age What is the value of trust? How much do you trust the security of your business in today's’ digital age? Would you know if an attacker breached your infrastructure and sent out sensitive data? Would you know if a trusted insider sent out sensitive data against policy?…
Read more

Continuous Risk and Trust Assessment Approach

Continuous Risk and Trust Assessment Approach The industry standards in information security have been undergoing dramatic changes over the past several years.  So what is the Continuous Risk and Trust Assessment Approach? The paradigm of network security monitoring has firmly shifted from a rigid, concretized approach, to one the focuses on adaptability and dynamism. Nowhere…
Read more

The Failings of Blanket Encryption

As the rate and severity of data breaches increase, industry leaders in the IT sector have sought more all-encompassing measures to safeguard sensitive information stored on company systems.

Many have identified the lack of blanket encryption for company files to be the primary cause of compromising data exposure following successful hacks by cyber criminals.

While the majority of stolen data consists of non-encrypted files, the question remains if blanket encryption is an efficient solution for maintaining IT security with an organization.

So what are the issues?

Blanket encryption presents several big drawbacks. Some of the more basic issues are already well known amongst cyber security professionals. First and foremost, blanket encryption relies on encryption keys in order for legitimate users to gain access to relevant files. Keys must be securely stored and access restricted appropriately.

Furthermore, keys themselves often become the target of malicious attacks on a system. Encryption merely shifts the information vulnerability from the sensitive files themselves, to the relevant keys stored on an organization’s database.

The threat of targeted attempts to obtain keys has lead industry leaders to develop security safe-locks that delete the keys from a system the moment indications of a hack are identified.

Logistical issues emanating from blanket encryption can also interfere with company operations. IT managers must ensure that all relevant users have access to keys when the needs arise. Coordinating access and configuring inline devices, especially in an era that demands remote system access, is a major task for even well equipped IT departments.

Encryption also faces an operations challenge when interfacing encryption protocol with existing applications. End users dealing with encrypted files have to be trained in how to operate primary task applications with encrypted data. Collaboration and sharing is also severely impaired when multiple members of a work team require regular access to an encrypted file.

But most importantly:

On a fundamental level, maintaining blanket encryption creates an environment advantageous to hackers. Research demonstrates that nearly all data breaches, over 90 percent, begin with phishing or other tactics by hackers to target users with malicious code which victims then inadvertently download onto company systems.

Hackers often resort to encrypting files containing viruses in order to avoid detection. The commonality of malware delivered to victims being encrypted increased from just two percent in 2015, to over 20 percent of all instances as of May 2017. According to a recent estimate, half of all malware will use some type of encryption to conceal delivery by 2019.

The bottom line:

Malicious programs can “blend into the crowd” within a system using blanket encryption, as system managers have to go to significant lengths to identify the content of any given file. Increased efforts within the cyber security community to identify encoded viruses using markers readable by a computer even in its encrypted state, demonstrate the pressing problem encryption poses to IT security maintenance.

The solution?

cloud storage gtb shield lock iconA more focused alternative to blanket encryption uses the method of content aware discovery, to classify and assess data before it is encrypted. By limiting the amount of encrypted data on a system, content aware discovery can use encryption as a factor in identifying malicious files.

The method assesses traffic through a system and attempts to inspect the contained packages. If the encryption of a file prevents this, it serves as an indication that the file is foreign to the system. DLP protocols then kick in to isolate or discard the file before it is able to potentially release a payload and/or ex-filtrate data.

By implementing a targeted as opposed to blanket approach to file encryption, system managers are able to maintain more clarity, and therefore more accuracy, in identifying hacking and / or preventing hacking or data exfiltration attempts.