Data Security In the News: The Weight of GDPR, Widespread Retail Breaches, Cloud Worries, More Venture Investment
News on the data security front has intensified of late, including new survey results indicating prevalent security breaches in the vulnerable retail industry, escalating cloud-based security fears, significant contract wins for security technology vendors and continued venture investment in security start-ups, beginning with yesterday’s announcement from ObserveIT that the insider threat specialist has garnered $33 million in Series B funding. The Boston-based company’s investment round includes participation from Bain Capital Ventures, Spring Lake Equity and NightDragon Security.
The company boasts 145 employees and 1,700 customers in 87 countries and offers real-time anomalous contextual behavior analytics. ObserveIT said the latest version of its insider threat management software, ObserveIT 7.5, in the past 12 months has increased customer deals by nearly 200 percent YOY. Earlier this year, the company was named a gold winner of an Info Security PG's Global Excellence Award in the database security, data leakage-protection/extrusion prevention category.
ObserveIT CEO Mike McKee told EnterpriseTech the company’s threat detection software builds on previous attempts to apply AI and machine learning to the insider security problem, which “is tricky,” he said, “when you’re dealing with people. It’s the quality of the data around what people are doing that is the key starting point.”
ObserveIT’s approach is rooted in forensics and investigations data, what the company calls “eyes on the end point.” That means taking in data from multiple platforms (Mac, Windows, Linux), “wherever a person interacts electronically through the course of a day, we make sure we’ve got broad platform coverage,” McKee said.
To prevent data exfiltration, the goal is to build a context around an individual’s behavior. That behavior, McKee said, “can be as simple as printing out a large file, or sending a large file, or putting a file in a file sharing service, or plugging in a USB. Ninety-five percent of the time that’s not a problem. By having the context of knowing what the person did before and after the alert went off – that goes back to the importance of comprehensive data and understanding data…and ultimately the ability to video capture (data use behavior). But we don’t do that until someone’s tripped a bunch of the database alerts and there’s the sense, given the context, that there’s a real risk there. It’s about having the data around something recurring, something happening off-hours, or someone going to an area they shouldn’t or elevating a privilege, that’s when you realize it’s a potential insider threat.”
McKee, who said ObserveIT has several of the largest financial services and insurance companies in the country for customers, said the company will use the Series B funding in part to scale the company’s products from on-premises to the cloud.
Meanwhile, Thales eSecurity has released a doleful report on widespread security breaches in the retail sector, including a general assessment that “increases in IT security spending across a broad swath of vertical markets and geographies have done little to stem the tide of breaches. This ongoing game of cat-and-mouse suggests that the tactics, sophistication and motivation are helping global attackers stay at least one step ahead of their often overwhelmed and beleaguered defenders.
The U.S. retail sector, Thales stated, “is certainly emblematic of these trends. Reports of successful breaches, including some of the most infamous and damaging, are soaring even as IT security spending in this sector is up significantly… With ultra-high volumes of personally identifiable information (PII) and payment card information changing hands with every transaction, the retail industry is one of the most, if not the most, vulnerable targets for cyber-attacks.”
In its survey of nearly 200 senior retail IT security managers in the U.S. other countries, Thales found that some 84 percent of U.S. retail respondents plan on increasing IT security spending this year, up from last year’s 77 percent, well ahead of the global average (78%) across all business sectors and particularly global retail (67 percent).
This reflects the concerning news that 50 percent of U.S. retail respondents reported being breached last year, also significantly ahead of the global average (36 percent), according to Thales. Further, three quarters of U.S. retail have experienced at least one breach in the past compared with 60 percent for global retailers.
Other findings from Thale:
- U.S. retail ranked analysis and correlation tools (91 percent) as the most effective solution for stopping breaches, and data-in-motion (90 percent) second. Yet curiously, spending plans are the highest for endpoint/mobile defense solutions, despite their being ranked as the least effective defenses.
- Despite having a higher propensity to store sensitive data in the cloud, only 26 percent of U.S. retail is implementing encryption in the cloud today, compared with 30 percent in global retail.
- However, encryption/tokenization remain the top choices for securing emerging environments.
Another security study was recently released by AlienVault – which offers both its Unified Security Management tool and the Open Threat Exchange, a crowd-sourced security platform with more than 80,000 participants worldwide who share potential threats. In a survey of nearly 1000 security professionals conducted at the recent Infosecurity 2018 conference in Europe, key findings include:
- 51 percent said the additional resources their organization is spending on GDPR compliance take vital resources away from detecting threats
- 56 percent believe cybersecurity has become a political pawn (17 percent don’t)
- Cloud security is the most concerning external threat moving forward, followed by DDOS attacks and the international threat landscape (nation-state attacks)
- Phishing (55 percent) and ransomware (45 percent) are the most concerning internal threats, followed by a shortage of skilled staff (29 percent), non-malicious insider mistakes (27 percent) and social media threats (23 percent)
Phishing email tops the list of internal threats with the most impact that are triggered internally — nearly 55 percent of participants agreed it was the biggest worry, according to AlienVault.
“The human element of phishing is what makes it attractive to attackers,” reported AlienVault, “and a concern for security departments. No single control can defend against a phishing attack, and ultimately, humans make mistakes. In fact, human error can be traced back to the root cause of many breaches. User awareness and education are definitely important, but that alone isn’t enough — and companies should create a layered defense comprising of people, technology and processes. This can include having email filtering in place, alerting users to emails that have originated outside of the organization, as well as having an established process for users to report suspicious emails.”
An additional survey was reported this week by Positive Technologies, a provider of enterprise security solutions for incident and threat analysis and application protection. Findings from the first quarter report for this year:
- Cyberincidents continued to grow, exceeding the equivalent year-ago period (Q1 2017) by 32 percent.
- Attacks aimed at obtaining data became more frequent, primarily targeting personal information and account credentials. This information can be sold on the black market or used to pursue further attacks.
- Malware use was a factor in most attacks, often combined with such methods as social engineering and exploitation of web vulnerabilities.
- Spyware, which allows obtaining personal data, corporate secret, and account credentials that grant access to sensitive internal systems, was the most common type of malware.
- Lack of antivirus protection, as well as careless downloading of files and opening of links, were primary contributing factors.
- Botnets took IoT devices by storm in 2017 to become more powerful than ever. The last day of winter marked the strongest-ever DDoS attack: 1.35 terabits per second.
On the contract win front, Brightcove (NASDAQ:BCOV), a global provider of a cloud-based online video platform hosted on AWS, announced today it has selected Lacework’s continuous cloud security solution and host-level intrusion detection.
“The size and diverse nature of Brightcove’s AWS fleet required us to find a solution that we could easily incorporate into our DevOps culture and scale to our variable AWS usage,” Eric Kelson, senior security engineer at Brightcove, said. “Lacework gave us the ability to monitor our thousands of AWS hosts, quickly detect and assess threats across hosts and AWS services, and identify AWS configuration compliance gaps, all without customized security rules.”