Connect with us

Expert Speak

Security Fatigue is Real: Here’s How to Overcome it



Written by Phil Muncaster, the guest writer at ESET

IT security is often regarded as the “Department of No” and sometimes it’s easy to see why. In a world of escalating cyber risk, expanding attack surfaces, and a fast-growing cybercrime economy, security teams are understandably keen to limit the damage their employees could cause. After all, it takes just one misplaced click to unleash a potentially devastating ransomware compromise. But when the burden on employees becomes too high, they may react in unexpected ways, which actually increases cyber risk in the organization.

This is known as “security fatigue” and it in a worst-case scenario it can lead to reckless and impulsive behavior – quite the opposite of what IT teams want. To tackle it, security needs to work more seamlessly, limiting the number of decisions users need to make and rebalancing protection and productivity for a world of hybrid working.

What is security fatigue and how bad is it?
Humans are often thought of as the weakest link in the corporate security chain. That’s why IT security departments are so keen to mitigate the risk from (not just) negligent insiders. On the one hand, they’re right. An estimated 67% of companies experienced between 21 and over 40 insider incidents in 2021, up from 60% in 2020 and costing them an average of over US$15m to remediate.

However, when staff feel bombarded by security warnings, policy rules and procedures at work, and media stories of breaches and threats in their spare time, a state of exhaustion may set in. This security fatigue is characterized by a feeling of helplessness and loss of control. Individuals may find it all so overwhelming that they retreat from corporate policy and go their own way. There may also be a sense of resignation: that breaches are going to happen whatever they do, so they might as well ignore all those stressful security alerts.

It’s more common than you might think. A 2018 study revealed that over half (55%) of EMEA employees are not regularly thinking about cybersecurity, and nearly a fifth (17%) aren’t concerned about it at all. Evidence suggests that younger staff are even more prone to become fatigued by excessive security demands.

What are the top symptoms of security fatigue?
Unfortunately, this could have a seriously destabilizing impact on corporate security. Among the tell-tale signs of security, fatigue is employees who:

  1. Take more risks with phishing emails, perhaps deciding to click through on links or open attachments out of interest.
  2. Practice poor password management, such as reusing weak credentials across multiple accounts. According to one recent study, 43% of employees admit to sharing logins and even avoiding their work altogether to reduce the stress of logging in.
  3. Log-in to corporate networks without a VPN, although this may be restricted in some organizations.
  4. Use unsecured public Wi-Fi hotspots when out and about to log in to sensitive corporate accounts.
  5. Fail to update their devices and machines regularly. A new EY study claims Gen Z and Gen Y employees are far more likely than older colleagues to disregard mandatory patches for as long as possible.
  6. Fail to report incidents immediately to superiors or the IT department. The same EY study reveals that nearly a fifth (16%) of employees would try to handle a suspected breach by themselves, rather than notify someone else.
  7. Use work devices for personal use, including risky activities such as internet downloads, gaming and online shopping. One study claims that half of the employees now see their work devices as their personal property.
  8. Circumvent security in other ways: Another report reveals that 31% of office workers aged 18-24 have tried to bypass policy.

How to tackle security fatigue
The rapid shift to mass home working in 2020 triggered a knee-jerk response in many organizations as IT teams sought to limit their risk exposure by placing onerous new rules on their employees. Now the hybrid workplace is beginning to emerge from the ashes of the pandemic, there’s an opportunity to revisit these restrictions, with an eye on reducing the risk of security fatigue.

Consider the following:

  1. Listen to your end-users to better understand how security impacts workflows and disrupts productivity. Try to design policies that better balance the needs of employees with the need to minimize cyber risk.
  2. Limit the number of security decisions users need to make. That could mean automatic software patching, remote security software installation, and management of laptops and devices. And running detection and response services in the background to catch and contain threats when they breach network defenses.
  3. Support enhanced log-in security while minimizing effort, with password managers, biometric-based two-factor authentication, and single sign-on (SSO).
  4. Limit the number of security-related messages you bombard users with. Less is more.
  5. Make security awareness training more fun, via shorter sessions (10-15 minutes) that use real-world simulations and gamification, to change behavior.

For security to work effectively, you need to create a culture where every employee understands the crucial role they play in keeping the organization safe and proactively wants to play their part. That kind of culture can take time to build. But it starts with understanding and tackling the causes of security fatigue.


Biometric Authentication – A Cure for the Common Password



Written by Debra Miller, the Digital Marketing Communications Manager at HID

From 2019 through 2021, nearly 1,900 healthcare data breaches of 500 or more records have been reported to the Health and Human Services Office for Civil Rights. Those breaches exposed the sensitive and supposedly protected health information of 49.8 million individuals in 2021, an 11% increase compared to 2019. The reasons for security attacks are obvious and not so obvious.

The Root Cause of Most Healthcare Security Breaches
The human element, such as phishing, stolen credentials, and human error, causes 82% of data breaches. It is little wonder that these conditions pose critical security and financial risks to the healthcare industry.

One of the obvious reasons for security breaches is that healthcare workers log in to multiple computer systems dozens of times per shift. Consequently, healthcare workers must remember eight to 20 passwords to access patient-care applications.

Because they work under extreme time constraints and need to remember complicated, ever-changing passwords, some healthcare workers engage in risky password behaviours. For example, 51% of people reuse work passwords in their personal lives. Unfortunately, 44% of people know the risks of reusing passwords but do it anyway; and 69% of employees admit to sharing passwords with colleagues at work. These conditions lead to compromised, weak, and reused passwords, causing 81% of data breaches.

Moreover, for the past 12 years, healthcare, one of the more highly regulated industries, has suffered the highest average cost due to system breaches.  An individual’s health data on the black market can be worth more than a credit card because patient records often contain all their personal and financial information (PII).

Malicious actors also seek healthcare organization vulnerabilities in not-so-obvious ways, like those found in outdated IT infrastructure or software. Another not-so-obvious target is a healthcare worker’s use of personal devices that connect to the network. And even internet-connected medical devices like insulin pumps and heart rate monitors are an easy gateway to accessing the servers holding patient data.

How Biometric Authentication Provides a Cure for the Common Password
Preventing those breaches is critical to protecting patient privacy and confidentiality. This makes biometric authentication a critical element of a healthcare organization’s identity assurance strategy.

Biometric authentication delivers the highest level of identity assurance. While passwords are easy to forget, and wristbands and ID cards can be misplaced or stolen, biometric markers are unique to each individual and cannot be lost or forgotten. Biometric technology relies on something we always have with us: our fingerprints or faces.

Here’s how biometric authentication works. It compares two sets of data, the first is preset by the device owner, and the second belongs to the device visitor. If the two data are nearly identical, the device knows that “visitor” and “owner” are one and the same and gives access to the visitor.

Biometric authentication provides a cure for the common password by providing healthcare organizations with the following benefits:

  • Irrefutable proof of presence for regulatory and legal compliance. Biometric authentication provides instant insights into who accessed which systems and resources and accurately identify patients across multiple systems and facilities.
  • Fast and easy patient identity assurance. Biometric matching takes a fraction of a second. Accelerated access to patient data enables clinicians to be more productive and provide better care throughout the patient journey. Biometric authentication streamlines patient registration, check-in, and care eligibility verification. And, in a health emergency, quick, easy, and comprehensive access to medical records saves lives.
  • Minimized human intervention for improved data accuracy. Biometric identification is automated, frictionless, and sterile. It ensures data accuracy even when people wear surgical masks, and it eliminates duplicate medical records. Fingerprint scanners have accuracy rates above 99.5%. Best-in-class facial recognition systems deliver an error rate of just 0.08%.
  • Mitigated risks of patient misidentification. Patient misidentification costs the healthcare system billions of dollars each year. And more important, it can lead to tragic medical errors that cause temporary or permanent patient harm. Biometric technologies mitigate these risks by increasing accuracy and tying identification to something people always have with them — their fingerprints or faces.
  • Reduced identity fraud. Nearly 43,000 cases of medical identity theft were reported to the Federal Trade Commission in 2021. By extending security to systems that contain personal and sensitive data, biometrics increases the privacy of those individuals and reduces the risk of identity theft.
Continue Reading

Expert Speak

How Can Unified Physical Security Can Help Retailers Thrive in a Changing Environment?



Written by Firas Jadallah, Regional Director, Middle East, and Africa at Genetec

The retail industry has evolved dramatically over a relatively short period. Today, digital transformation has unlocked the creation of new innovative business models centered on frictionless, multi-channel shopping and e-commerce while simultaneously presenting new security challenges. In addition, it’s worth noting that digitization has also facilitated innovation in video surveillance technologies, creating new opportunities for retailers to use data from video management systems (VMS) in conjunction with data from access control systems (ACS), automatic license plate readers (ALPR), identity management systems (IMS), sensors, and more.

The key objectives are not only to reduce shrink but also to improve operational efficiency and the overall buyer experience. However, without a fully unified software solution, it is difficult to comprehend how these data puzzle pieces fit together and make sense. Only when retailers are able to consolidate data from multiple sources, can they gain a comprehensive understanding of their environment. A unified physical security platform that allows for the integration of devices and applications, will successfully create a connected store, which centralizes the management of the entire environment for improved visibility, operations, and data intelligence.

How Retailers Can Benefit from Unification:

Frictionless shopping
The introduction of frictionless shopping solutions such as curbside pickup and self-checkout has presented retail security teams with new challenges. Unified security platforms provide a variety of solutions to overcome these challenges. If theft is suspected, asset protection managers can easily review the video of self-checkout systems and share it with law enforcement as necessary. Unified security platforms also enable IT teams, to devote their time to higher-priority tasks and spend less time on software updates. Similarly, a comprehensive view of the connected store allows corporate security managers to work more effectively and efficiently.

E-commerce and logistics
In 2021, e-commerce sales in the UAE surpassed US$4.8 billion, up from US$2.6 billion in 2019, due to the pandemic-enabled acceleration of the global shift towards online shopping. According to an analysis by the Dubai Chamber of Commerce, the value of the UAE’s e-commerce market is expected to reach $9.2 billion by 2026. This exponential growth of the e-commerce market has given rise to new security concerns and a demand for inventory management logistics at distribution centers.

These centers are often frequented by a large number of non-regular employees, as coordinating the delivery of packages involves multiple parties. Here, ALPR technologies can play a crucial role in tracking who enters and exits distribution centers, and in retail locations, they can record who has received products from a curbside pickup station. ALPR solutions can also assist in identifying Organized Retail Crime (ORC) suspects by determining whether a vehicle has been involved in previous thefts.

Supply chain management is another area in which retail security technologies can play a focal role in overcoming challenges. Retailers can significantly reduce losses by utilizing article tags and video surveillance to monitor their environment and track individual products from suppliers to the warehouse, to the store.

Shrink encompasses numerous forms of loss, but it is primarily caused by external theft, such as organized retail crime (ORC). A recent report by Sensormatic estimates that the annual global retail sales loss due to shrinkage amounts to US$99.56 billion. Aside from the loss of goods, in some cases, retailers are also having to contend with violent altercations with thieves. Retailers are implementing a variety of technologies to combat ORC, including artificial intelligence-based video analytics at point-of-sale (POS)/self-checkout, self-service locking cases, autonomous security robots, and automatic license plate recognition (ALPR), in addition to establishing specialized ORC teams.

Cybersecurity threats such as fraud, account takeovers, malware, ransomware, compromised business emails, and data breaches pose escalating risks for retailers today. Any device connected to a retailer’s network, be it a smart IoT thermostat, an access control sensor, or a computer, has the potential to serve as a gateway for cybercriminals to gain access to private data stored on servers connected to that network. Due to the interconnected nature of modern technology, data must be secured and monitored at every stage.

When multiple solutions that were not designed to work together are implemented, it can be challenging for teams to manage, maintain, and scale. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices.

Advancing Video Surveillance
The vast improvement in video camera quality and cost reductions over the last year have made video surveillance an essential component of retail security solutions. Furthermore, the digitization and automation of video technologies have further improved their value by transferring mundane tasks from humans to machines. Although adding video surveillance can address some of the challenges posed by frictionless shopping, it can also introduce new ones.

These surveillance systems can accumulate vast volumes of footage, which retailers must then store while also making sense of it. A unified system enables retailers to manage data from all cameras, as well as data from access control and ALPR systems, sensors, smart devices, and maps, through a single, intuitive dashboard. In addition, cross-referencing video footage with additional analytic data can yield insightful results.

These tools can provide invaluable insights into the customer’s journey through the store and at checkout, thereby enabling retailers to enhance their customer’s shopping experience.

Hybrid Cloud Solutions
Cloud-based systems make it efficient for retailers to scale storage requirements as the business environment evolves. However, overhauling an entire IT system all at once is a daunting undertaking. As stores are upgraded or retrofitted, retailers can take advantage of new technologies and functionalities by connecting IoT devices. A hybrid cloud strategy enables retailers to continue operating on-premises systems that meet current requirements while integrating them with adaptable cloud technologies. For companies with a combination of new stores that utilize cloud-based systems and established locations with on-premises systems, support of a hybrid cloud approach through a unified platform enables them to manage the data from all of them in one place.

Insights and Efficiency
When physical security systems are siloed, it is challenging to extract the full value of the data collected by each system. By leveraging a unified, connected store, retailers can combine and display data from all of their security systems in a variety of formats, including customized dashboards, graphical maps, mobile applications, and web clients.

When data is centralized, new insights become apparent. Modern physical security systems allow retailers to personalize dashboards that display data that is most pertinent to specific users. Each department, from asset protection to marketing, will have a unique perspective on data and offer a variety of solutions. Here, interdepartmental collaboration can be essential to the development of new strategies. Moreover, unified security platforms enable retailers to scale, regardless of whether they are opening their first physical store or expanding their global brand to hundreds of locations.

Unified security platforms can be easily deployed and integrated with video surveillance, access control, ALPR, and more. Starting with an open, unified security platform allows retailers to maximize the value of the devices and equipment they already possess, utilizing data in novel ways to streamline operations and gain insights. They can deliver an optimal customer experience without sacrificing security or negatively impacting their bottom line. Everything begins with integration – a connected store for the omnichannel world.

Continue Reading

Expert Speak

Indicators of Behaviour and the Diminishing Value of IOCs



Written by Hussam Sidani, the Regional Vice President for the Middle East and Turkey at Cybereason

How secure is your organization if you can only stop attacks that have already been detected in other environments based on Indicators of Compromise (IOCs)? Secure enough, if those were the only attacks you needed to be concerned with. But what about targeted attacks with bespoke tactics, techniques, and procedures (TTPs) that have never been documented because they were designed only to be used against your organization?

In today’s threat landscape that’s what’s happening: zero-day exploits, never-before-seen malware strains, and advanced techniques developed specifically for high-value targets are plaguing security teams. Most security solutions do a pretty good job of detecting and preventing known threats, but they continue to struggle with detecting and preventing novel threats. But the issue run even deeper than that — how can security teams detect malicious activity on the network earlier if the actions and activities of the attacker are not outwardly malicious because they are typical of activity we expect to see on a network?

The diminishing value of IOCs
Following a security incident, investigators scour for the evidence and artifacts left behind by the attackers. These can include IP addresses, domain names, file hashes, and more. Once these Indicators of Compromise (IOCs) have been documented, they can be shared so that security teams at other organizations can search their environments for similar threats, and security solutions can be tuned to better detect and prevent them from being used in subsequent attacks. That’s great for everyone, except the initial victims of the attacks, of course — for them, the damage has already been done.

Bur IOCs are constantly changing and more often are unique to a specific target, so leveraging IOCs for proactive defense in another environment is unlikely to result in earlier detections. Even the assumption that IOCs are somehow uniformly applicable in every instance, for a given attack campaign in the same environment, has proven to be demonstrably false.

Furthermore, the more advanced attackers engaged with a high-value target often change their TTPs within the same kill chain when moving from one device to the next in a target environment, making early detection based on already-known IOCs nearly impossible. IOCs are still quite valuable for detecting known TTPs, just as outmoded signature-based detections are still effective for detecting common malware strains, and they will continue to be an important aspect of our security toolkits for the foreseeable future.

But given the limitations of their application in surfacing highly targeted and novel attacks as described above, the question remains as to how we can detect more reliably and earlier in the kill chain. That’s where Indicators of Behavior (IOBs) come into play.

Defining Indicators of Behaviour
IOBs describe the subtle chains of malicious activity derived from correlating enriched telemetry from across all network assets. Unlike backward-looking IOCs, IOBs offer a proactive means to leverage real-time telemetry to identify attack activity earlier, and they offer more longevity value than IOCs have ever been able to deliver.

IOBs describe the approach that malicious actors take over the course of an attack. They are based on chains of behavior that can reveal an attack at its earliest stages, which is why they are so powerful in detecting novel and highly targeted operations. Sooner or later, an attacker’s path diverges from the paths of benign actors.

But IOBs is not about just looking for anomalies or a key indicator of malice at a particular moment in time, although that’s also part of it. IOBs are about highlighting the attacker’s trajectory and intentions through analysing chains of behaviors that, when examined together, are malicious and stand out from the background of benign behaviors on the network.

IOBs can also be leveraged to detect the earliest signs of an attack in progress that are comprised of “normal activity” one would expect to see occurring on a network, such as we see with techniques like living off the land (LotL/LOLBin) attacks where legitimate tools, processes, and binaries native to the network are abused by the attacker.

Operationalising IOBs for Operation-Centric security
Today’s alert-centric approach to security puts too much focus on the generation of uncorrelated alerts and remediating the individual elements of the larger attack campaign; a process that has proven to be inefficient given the typical resource constraints security operations are subject to.

Conversely, an Operation-Centric approach leveraging IOBs can reorient the detection and response cycle by consolidating otherwise disparate alerts into a single, content-rich correlated detection that serves to comprehensively disrupt the attack progression earlier than is possible with our current reliance on IOCs alone.

Leveraging IOBs to achieve an Operation-Centric approach also presents the opportunity to create a repository of detectable behavior chains that can surface even the most novel of attacks earlier, as well as support automated response playbooks that can better disrupt attacks at their onset.

More work to be done
Understanding attacker intentions and likely pathways based on early-stage actions and activities enable defenders to proactively predict and disrupt subsequent stages of an attack, as well as provides an avenue to develop fully autonomous security operations. In order to achieve a truly Operation-Centric posture and move closer to autonomous security operations, a future-ready standard that universally defines and operationalizes IOBs is required.

To be truly useful, there needs to be a common definition, language, and expression of IOBs that is completely independent of any particular security tool or vendor. The wide array of solutions available can provide the raw telemetry as well as the color and context required to collectively interpret observable behaviours.

But, as it stands today, security tools themselves don’t provide a standardized language that can accurately describe and operationalise the chains of behavior that will enable us to detect and respond to attacks faster than the adversary can adapt. Operationalising IOBs will require standardization that will deliver the full potential value of the entire security stack to quickly and autonomously deliver the necessary context and correlations across diverse telemetry sources.

But achieving an Operation-Centric approach that leverages IOBs will ultimately empower security operations to predictively respond to changing TTPs more swiftly than attackers can modify and adjust them to circumvent defenses, which is key to finally reversing the adversary advantage and returning the high ground to the Defenders.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.