Month: February 2017

Saturday, January 28th was Data Privacy Day. We’re proud champions of the National Cyber Security Alliance’s focused effort on protecting privacy and safeguarding data. But at Code42, we know that one day isn’t enough. We dedicate an entire month each year to reaffirm our critical role in keeping our customers’ data safe.

This year, we initiated an annual Certified Information Systems Security Professional (CISSP) training program at Code42 and trained staff on the eight common bodies of knowledge defined by (ICS)² to earn the coveted credential. We embedded a new tool in our email system for Code42 employees to report phishing attempts. And, we hosted a panel discussion with representatives from the FBI and Secret Service to learn more about how they combat cybercrime.

But we’re not here to talk about what we did to keep our data safe. We’re here to talk about what you can do to protect yours. The first step in any cybersecurity strategy: situational awareness.

Your Employees Are Being Targeted: Part One
Your end users, and their devices, represent a very large mobile attack surface. IT and InfoSec professionals spend far too much time cleaning up issues caused by employees who fall for phishing emails, click corrupt links, or engage in careless online behavior. These unintentional “user mistakes” are one of the biggest threats today, causing around 25 percent of data exfiltration events.

Why do users make so many mistakes? To put it simply, most don’t care. They believe that if IT is doing its job, no threats will reach them and they have nothing to worry about. They believe that if they have an error in judgment, or do something foolish, IT will always come to the rescue. They actively ignore security policies and find creative workarounds for security measures they view as an inconvenience.

Your Employees Are Being Targeted: Part Two
It’s one thing for your employees to make mistakes. It’s another for them to deliberately remove data from your organization. Unfortunately, that’s exactly what happens quite often, and it’s part of the reason why 78% of security professionals say insiders are the biggest contributors to data misappropriation.

With your company’s IP making up 80% of its value, the potential damage from malicious insider threat is enormous. To help spot vulnerabilities, look for “Shadow IT,” the tools and solutions your employees use without explicit organizational approval that often pose measurable risks. Many tools that are unapproved by your IT department also place the data they’re accessing at risk and often there’s no overall management of these tools.

The Solution: Backup and Real-time Recovery
I have often said that there are only two types of networks in this world, those that have been breached and those that are being attacked. The fact is, security breaches occur to varying degrees of severity at all Fortune 500 companies. If a breach results in being denied access to your data, the C-Suite expects IT to get them back up and running. What they are just now learning is that this can be accomplished in mere minutes, or hours without overwhelming support staff! The solution to protecting your company from inside threats, ransomware, or any other cybersecurity issue is real-time recovery on the endpoints.

This is what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. It’s equally important to ensure that backed-up files aren’t susceptible to ransomware’s ability to infect multiple sources and backups. Consider these key points:

1. When endpoints are infected by ransomware, real-time recovery can roll back clean versions of every file, including system files.
2. While other solutions such as File Sync and Share (FSS) programs can import ransomware to its mirror mate (as they are designed to do), enterprise endpoint recovery solutions can roll back all files to earlier dates (versions) and restore them.
3. When a device gets stolen or damaged for whatever reason, or when an employee leaves with valuable company data, real-time recovery can roll back each and every file on the device. This keeps the business operational and provides options relative to how they want to deal with the departed employee.

There are many tools on the market that claim to protect your data, and many indeed do a good job. But a sound cybersecurity policy begins within. You can’t protect your data if you don’t understand where it is and the threats you’re up against.

Rick Orloff, Chief Security Officer, Code42

[Palo Alto Networks Research Center]

During its first few weeks, the Trump administration issued several executive orders that left heads spinning, with many federal personnel unclear of the implications. One particular order that is causing significant anxiety among federal cybersecurity personnel – including thousands of (ISC)² members — is the hiring freeze. How is the freeze impacting our U.S. government member community and the government’s overall cyber progress?

After numerous conversations with federal cybersecurity leaders, one thing is clear – there is an abundance of unknowns and a unanimous sentiment of unpredictability. Yet, when outcomes are hard to predict, sometimes it helps to know that you are not alone. We can confirm that the current tone among federal cyber leaders is that of uncertainty, bordering on anxiety. So far, the unintended consequences of the freeze include a pause on recruitment efforts, withdrawal of current applicants, the exodus of younger entrants who see greater promise in private industry and an increase in early retirement for those with seniority. For those in the federal government who struggle daily in a short-staffed environment, morale is certainly taking a hit.

For our U.S. government members trying to navigate the implications of the hiring freeze, and other cyber-related orders on the immediate horizon, I want to encourage you to think short-term and be cautious to draw conclusions within the first 90 days of the new administration. One thing that I can say with certainty is that the (ISC)² organization is doing our part to drive awareness of the issues, and we stand dedicated to continuing such efforts. As for (ISC)²’s immediate goals, we will be focused on the following:

• Helping our members navigate the uncertainties. We will be regularly polling cyber experts and posting the community’s reactions to any new happenings in an effort to shed light on potential impact to our members. To this end, we are encouraging you to provide comments and/or questions in the comment section below, so that we can be a resource of information to assist in whatever challenges arise.
• Continuing our efforts to advocate for the workforce. We will be presenting a set of recommendations to the transition team in the coming weeks with the intention of helping to move forward federal cyber workforce initiatives. In prior years, the government heeded our call to hire a Federal CISO, and we will continue pushing for the same from this administration. We will make it known that it is a top priority to fill the void of practical leadership for those of you on the front lines.

Finally, I want to encourage conversation. As the world’s largest body of cybersecurity professionals, we have an opportunity to drive progress over the next four years. With the greatest minds in cyber, together we can help solve the complex and continuing challenges of securing our nation and the world around us. Now, more than ever, our collective voice needs to be heard.

Dan Waddell, CISSP, CAP, PMP
Regional Managing Director, North America Region, (ISC)²

[ (ISC)² Blog]