Connect with us

Expert Speak

Cybersecurity Predictions for 2022

Published

on

Written by Saket Modi, CEO, and Co-Founder, Safe Security

As we look forward to the security threat landscape for 2022, here are some predictions from Safe Security:

  • The First Phygital Catastrophe is Coming: A central mission-critical application will go down and create a ripple impact across businesses and for consumers around the world. For example, a hack on a major central system like an internet gateway, public cloud provider or a healthcare system like Epic will impact millions of people and we will see the physical ramifications in our everyday lives. Healthcare could be upended, businesses unable to provide digital services, flights cancelled, food and supplies not delivered and more.
  • The Consumerization of Cyberattacks Will Rise for Easier Wins: The attack perimeter is becoming more personal, and the consumerization of attacks will rapidly increase. For example, the last iOS update alone had 11 zero-day attacks. Hackers will amplify attacks on mobile apps and people. This issue will proliferate because as zero-day attacks are rising, consumer cyber awareness and the steps people need to take to protect themselves have not increased in tandem.
  • Cybersecurity and Data Science Fields Will Unite: Cybersecurity and data science have been disconnected fields that served two distinct purposes, but they will come together to help organizations better understand and proactively protect against increasing threats. The fields will collide and continue to grow together out of necessity, as the application creation and enterprise data continue to explode and dramatically expand the attack surface.
  • Cyber Insurance Will be Mandated: In the next 12 months, the quantum of cyber insurance needed to protect against ransomware and other attacks will be mandated, at least in some geographic regions and industries. In a similar manner to requiring everyone to have auto liability insurance, high at-risk industries will be mandated to have a minimum level of cyber insurance. For example, companies may be required to have insurance to cover at least two percent of their annual turnover. In the next five years, almost all industries and geographic regions will mandate cyber insurance.
  • A Healthcare Cyber Regulator Will be Established: Healthcare continues to be the most targeted and attacked vertical, putting consumers at risk while not effectively protecting itself. A healthcare regulator or governing body will be put in place soon, like the SEC for the highly regulated financial services industry, to help strengthen the healthcare industry’s security and consumer protection.
  • More Cybersecurity Services will be Sold by Non-Cyber Companies in the Next Five Years: Cell Phone service providers and device manufacturers will embed cybersecurity as a service into their plans to help consumers manage their security. Businesses will purchase cybersecurity offerings within their IT plans to protect employees and infrastructure. A large chunk of cybersecurity, both personal and enterprise, will be sold by large technology companies rather than solely through cyber vendors.

Authentication

Biometric Authentication – A Cure for the Common Password

Published

on

Written by Debra Miller, the Digital Marketing Communications Manager at HID

From 2019 through 2021, nearly 1,900 healthcare data breaches of 500 or more records have been reported to the Health and Human Services Office for Civil Rights. Those breaches exposed the sensitive and supposedly protected health information of 49.8 million individuals in 2021, an 11% increase compared to 2019. The reasons for security attacks are obvious and not so obvious.

The Root Cause of Most Healthcare Security Breaches
The human element, such as phishing, stolen credentials, and human error, causes 82% of data breaches. It is little wonder that these conditions pose critical security and financial risks to the healthcare industry.

One of the obvious reasons for security breaches is that healthcare workers log in to multiple computer systems dozens of times per shift. Consequently, healthcare workers must remember eight to 20 passwords to access patient-care applications.

Because they work under extreme time constraints and need to remember complicated, ever-changing passwords, some healthcare workers engage in risky password behaviours. For example, 51% of people reuse work passwords in their personal lives. Unfortunately, 44% of people know the risks of reusing passwords but do it anyway; and 69% of employees admit to sharing passwords with colleagues at work. These conditions lead to compromised, weak, and reused passwords, causing 81% of data breaches.

Moreover, for the past 12 years, healthcare, one of the more highly regulated industries, has suffered the highest average cost due to system breaches.  An individual’s health data on the black market can be worth more than a credit card because patient records often contain all their personal and financial information (PII).

Malicious actors also seek healthcare organization vulnerabilities in not-so-obvious ways, like those found in outdated IT infrastructure or software. Another not-so-obvious target is a healthcare worker’s use of personal devices that connect to the network. And even internet-connected medical devices like insulin pumps and heart rate monitors are an easy gateway to accessing the servers holding patient data.

How Biometric Authentication Provides a Cure for the Common Password
Preventing those breaches is critical to protecting patient privacy and confidentiality. This makes biometric authentication a critical element of a healthcare organization’s identity assurance strategy.

Biometric authentication delivers the highest level of identity assurance. While passwords are easy to forget, and wristbands and ID cards can be misplaced or stolen, biometric markers are unique to each individual and cannot be lost or forgotten. Biometric technology relies on something we always have with us: our fingerprints or faces.

Here’s how biometric authentication works. It compares two sets of data, the first is preset by the device owner, and the second belongs to the device visitor. If the two data are nearly identical, the device knows that “visitor” and “owner” are one and the same and gives access to the visitor.

Biometric authentication provides a cure for the common password by providing healthcare organizations with the following benefits:

  • Irrefutable proof of presence for regulatory and legal compliance. Biometric authentication provides instant insights into who accessed which systems and resources and accurately identify patients across multiple systems and facilities.
  • Fast and easy patient identity assurance. Biometric matching takes a fraction of a second. Accelerated access to patient data enables clinicians to be more productive and provide better care throughout the patient journey. Biometric authentication streamlines patient registration, check-in, and care eligibility verification. And, in a health emergency, quick, easy, and comprehensive access to medical records saves lives.
  • Minimized human intervention for improved data accuracy. Biometric identification is automated, frictionless, and sterile. It ensures data accuracy even when people wear surgical masks, and it eliminates duplicate medical records. Fingerprint scanners have accuracy rates above 99.5%. Best-in-class facial recognition systems deliver an error rate of just 0.08%.
  • Mitigated risks of patient misidentification. Patient misidentification costs the healthcare system billions of dollars each year. And more important, it can lead to tragic medical errors that cause temporary or permanent patient harm. Biometric technologies mitigate these risks by increasing accuracy and tying identification to something people always have with them — their fingerprints or faces.
  • Reduced identity fraud. Nearly 43,000 cases of medical identity theft were reported to the Federal Trade Commission in 2021. By extending security to systems that contain personal and sensitive data, biometrics increases the privacy of those individuals and reduces the risk of identity theft.
Continue Reading

Expert Speak

How Can Unified Physical Security Can Help Retailers Thrive in a Changing Environment?

Published

on

Written by Firas Jadallah, Regional Director, Middle East, and Africa at Genetec

The retail industry has evolved dramatically over a relatively short period. Today, digital transformation has unlocked the creation of new innovative business models centered on frictionless, multi-channel shopping and e-commerce while simultaneously presenting new security challenges. In addition, it’s worth noting that digitization has also facilitated innovation in video surveillance technologies, creating new opportunities for retailers to use data from video management systems (VMS) in conjunction with data from access control systems (ACS), automatic license plate readers (ALPR), identity management systems (IMS), sensors, and more.

The key objectives are not only to reduce shrink but also to improve operational efficiency and the overall buyer experience. However, without a fully unified software solution, it is difficult to comprehend how these data puzzle pieces fit together and make sense. Only when retailers are able to consolidate data from multiple sources, can they gain a comprehensive understanding of their environment. A unified physical security platform that allows for the integration of devices and applications, will successfully create a connected store, which centralizes the management of the entire environment for improved visibility, operations, and data intelligence.

How Retailers Can Benefit from Unification:

Frictionless shopping
The introduction of frictionless shopping solutions such as curbside pickup and self-checkout has presented retail security teams with new challenges. Unified security platforms provide a variety of solutions to overcome these challenges. If theft is suspected, asset protection managers can easily review the video of self-checkout systems and share it with law enforcement as necessary. Unified security platforms also enable IT teams, to devote their time to higher-priority tasks and spend less time on software updates. Similarly, a comprehensive view of the connected store allows corporate security managers to work more effectively and efficiently.

E-commerce and logistics
In 2021, e-commerce sales in the UAE surpassed US$4.8 billion, up from US$2.6 billion in 2019, due to the pandemic-enabled acceleration of the global shift towards online shopping. According to an analysis by the Dubai Chamber of Commerce, the value of the UAE’s e-commerce market is expected to reach $9.2 billion by 2026. This exponential growth of the e-commerce market has given rise to new security concerns and a demand for inventory management logistics at distribution centers.

These centers are often frequented by a large number of non-regular employees, as coordinating the delivery of packages involves multiple parties. Here, ALPR technologies can play a crucial role in tracking who enters and exits distribution centers, and in retail locations, they can record who has received products from a curbside pickup station. ALPR solutions can also assist in identifying Organized Retail Crime (ORC) suspects by determining whether a vehicle has been involved in previous thefts.

Supply chain management is another area in which retail security technologies can play a focal role in overcoming challenges. Retailers can significantly reduce losses by utilizing article tags and video surveillance to monitor their environment and track individual products from suppliers to the warehouse, to the store.

Shrink
Shrink encompasses numerous forms of loss, but it is primarily caused by external theft, such as organized retail crime (ORC). A recent report by Sensormatic estimates that the annual global retail sales loss due to shrinkage amounts to US$99.56 billion. Aside from the loss of goods, in some cases, retailers are also having to contend with violent altercations with thieves. Retailers are implementing a variety of technologies to combat ORC, including artificial intelligence-based video analytics at point-of-sale (POS)/self-checkout, self-service locking cases, autonomous security robots, and automatic license plate recognition (ALPR), in addition to establishing specialized ORC teams.

Cybersecurity
Cybersecurity threats such as fraud, account takeovers, malware, ransomware, compromised business emails, and data breaches pose escalating risks for retailers today. Any device connected to a retailer’s network, be it a smart IoT thermostat, an access control sensor, or a computer, has the potential to serve as a gateway for cybercriminals to gain access to private data stored on servers connected to that network. Due to the interconnected nature of modern technology, data must be secured and monitored at every stage.

When multiple solutions that were not designed to work together are implemented, it can be challenging for teams to manage, maintain, and scale. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices.

Advancing Video Surveillance
The vast improvement in video camera quality and cost reductions over the last year have made video surveillance an essential component of retail security solutions. Furthermore, the digitization and automation of video technologies have further improved their value by transferring mundane tasks from humans to machines. Although adding video surveillance can address some of the challenges posed by frictionless shopping, it can also introduce new ones.

These surveillance systems can accumulate vast volumes of footage, which retailers must then store while also making sense of it. A unified system enables retailers to manage data from all cameras, as well as data from access control and ALPR systems, sensors, smart devices, and maps, through a single, intuitive dashboard. In addition, cross-referencing video footage with additional analytic data can yield insightful results.

These tools can provide invaluable insights into the customer’s journey through the store and at checkout, thereby enabling retailers to enhance their customer’s shopping experience.

Hybrid Cloud Solutions
Cloud-based systems make it efficient for retailers to scale storage requirements as the business environment evolves. However, overhauling an entire IT system all at once is a daunting undertaking. As stores are upgraded or retrofitted, retailers can take advantage of new technologies and functionalities by connecting IoT devices. A hybrid cloud strategy enables retailers to continue operating on-premises systems that meet current requirements while integrating them with adaptable cloud technologies. For companies with a combination of new stores that utilize cloud-based systems and established locations with on-premises systems, support of a hybrid cloud approach through a unified platform enables them to manage the data from all of them in one place.

Insights and Efficiency
When physical security systems are siloed, it is challenging to extract the full value of the data collected by each system. By leveraging a unified, connected store, retailers can combine and display data from all of their security systems in a variety of formats, including customized dashboards, graphical maps, mobile applications, and web clients.

When data is centralized, new insights become apparent. Modern physical security systems allow retailers to personalize dashboards that display data that is most pertinent to specific users. Each department, from asset protection to marketing, will have a unique perspective on data and offer a variety of solutions. Here, interdepartmental collaboration can be essential to the development of new strategies. Moreover, unified security platforms enable retailers to scale, regardless of whether they are opening their first physical store or expanding their global brand to hundreds of locations.

Unified security platforms can be easily deployed and integrated with video surveillance, access control, ALPR, and more. Starting with an open, unified security platform allows retailers to maximize the value of the devices and equipment they already possess, utilizing data in novel ways to streamline operations and gain insights. They can deliver an optimal customer experience without sacrificing security or negatively impacting their bottom line. Everything begins with integration – a connected store for the omnichannel world.

Continue Reading

Expert Speak

Indicators of Behaviour and the Diminishing Value of IOCs

Published

on

Written by Hussam Sidani, the Regional Vice President for the Middle East and Turkey at Cybereason

How secure is your organization if you can only stop attacks that have already been detected in other environments based on Indicators of Compromise (IOCs)? Secure enough, if those were the only attacks you needed to be concerned with. But what about targeted attacks with bespoke tactics, techniques, and procedures (TTPs) that have never been documented because they were designed only to be used against your organization?

In today’s threat landscape that’s what’s happening: zero-day exploits, never-before-seen malware strains, and advanced techniques developed specifically for high-value targets are plaguing security teams. Most security solutions do a pretty good job of detecting and preventing known threats, but they continue to struggle with detecting and preventing novel threats. But the issue run even deeper than that — how can security teams detect malicious activity on the network earlier if the actions and activities of the attacker are not outwardly malicious because they are typical of activity we expect to see on a network?

The diminishing value of IOCs
Following a security incident, investigators scour for the evidence and artifacts left behind by the attackers. These can include IP addresses, domain names, file hashes, and more. Once these Indicators of Compromise (IOCs) have been documented, they can be shared so that security teams at other organizations can search their environments for similar threats, and security solutions can be tuned to better detect and prevent them from being used in subsequent attacks. That’s great for everyone, except the initial victims of the attacks, of course — for them, the damage has already been done.

Bur IOCs are constantly changing and more often are unique to a specific target, so leveraging IOCs for proactive defense in another environment is unlikely to result in earlier detections. Even the assumption that IOCs are somehow uniformly applicable in every instance, for a given attack campaign in the same environment, has proven to be demonstrably false.

Furthermore, the more advanced attackers engaged with a high-value target often change their TTPs within the same kill chain when moving from one device to the next in a target environment, making early detection based on already-known IOCs nearly impossible. IOCs are still quite valuable for detecting known TTPs, just as outmoded signature-based detections are still effective for detecting common malware strains, and they will continue to be an important aspect of our security toolkits for the foreseeable future.

But given the limitations of their application in surfacing highly targeted and novel attacks as described above, the question remains as to how we can detect more reliably and earlier in the kill chain. That’s where Indicators of Behavior (IOBs) come into play.

Defining Indicators of Behaviour
IOBs describe the subtle chains of malicious activity derived from correlating enriched telemetry from across all network assets. Unlike backward-looking IOCs, IOBs offer a proactive means to leverage real-time telemetry to identify attack activity earlier, and they offer more longevity value than IOCs have ever been able to deliver.

IOBs describe the approach that malicious actors take over the course of an attack. They are based on chains of behavior that can reveal an attack at its earliest stages, which is why they are so powerful in detecting novel and highly targeted operations. Sooner or later, an attacker’s path diverges from the paths of benign actors.

But IOBs is not about just looking for anomalies or a key indicator of malice at a particular moment in time, although that’s also part of it. IOBs are about highlighting the attacker’s trajectory and intentions through analysing chains of behaviors that, when examined together, are malicious and stand out from the background of benign behaviors on the network.

IOBs can also be leveraged to detect the earliest signs of an attack in progress that are comprised of “normal activity” one would expect to see occurring on a network, such as we see with techniques like living off the land (LotL/LOLBin) attacks where legitimate tools, processes, and binaries native to the network are abused by the attacker.

Operationalising IOBs for Operation-Centric security
Today’s alert-centric approach to security puts too much focus on the generation of uncorrelated alerts and remediating the individual elements of the larger attack campaign; a process that has proven to be inefficient given the typical resource constraints security operations are subject to.

Conversely, an Operation-Centric approach leveraging IOBs can reorient the detection and response cycle by consolidating otherwise disparate alerts into a single, content-rich correlated detection that serves to comprehensively disrupt the attack progression earlier than is possible with our current reliance on IOCs alone.

Leveraging IOBs to achieve an Operation-Centric approach also presents the opportunity to create a repository of detectable behavior chains that can surface even the most novel of attacks earlier, as well as support automated response playbooks that can better disrupt attacks at their onset.

More work to be done
Understanding attacker intentions and likely pathways based on early-stage actions and activities enable defenders to proactively predict and disrupt subsequent stages of an attack, as well as provides an avenue to develop fully autonomous security operations. In order to achieve a truly Operation-Centric posture and move closer to autonomous security operations, a future-ready standard that universally defines and operationalizes IOBs is required.

To be truly useful, there needs to be a common definition, language, and expression of IOBs that is completely independent of any particular security tool or vendor. The wide array of solutions available can provide the raw telemetry as well as the color and context required to collectively interpret observable behaviours.

But, as it stands today, security tools themselves don’t provide a standardized language that can accurately describe and operationalise the chains of behavior that will enable us to detect and respond to attacks faster than the adversary can adapt. Operationalising IOBs will require standardization that will deliver the full potential value of the entire security stack to quickly and autonomously deliver the necessary context and correlations across diverse telemetry sources.

But achieving an Operation-Centric approach that leverages IOBs will ultimately empower security operations to predictively respond to changing TTPs more swiftly than attackers can modify and adjust them to circumvent defenses, which is key to finally reversing the adversary advantage and returning the high ground to the Defenders.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.