Cloud, Data And PET Adoption

Furry, fluffy pets bring us comfort in our homes, and similarly, Privacy Enhancing Technologies (PETs) provide comfort by keeping your data safe. The following piece, Cloud, Data and PET Adoption, From Ntirety CEO Emil Sayegh was originally published in Forbes. 

 

Cloud, Data And PET Adoption

Let’s face it— the world we live in is not a very private place. Try as we might, we can never really be left alone. We are always under the watchful eye of big data and in a state of constant connection. Before you think too long of how your fluffy cat, or a watchful dog will fit in a cloud privacy discussion, let’s break this down. Privacy Enhancing Technologies (PETs) are a suite of privacy technologies that protect data and minimize exposure of unintended personal data, placing variable control of data in the hands of the user. An increase in PET adoption could change all that in the data world. This is about new and comprehensive integrations of privacy and security technologies, largely based on cloud tools and APIs that will evolve the nature of data itself. 

Faster. Cheaper. Easier.  

There is no denying that technologies have evolved along these lines over time. In the big picture, computer, storage, and cloud infrastructures have similarly become more of a commodity than ever before. Metric barriers will continue to be broken through innovations that lead on those three characteristics. The direction for data, however, is more sophisticated than that because we continually find new use cases for data. The future of cloud technologies is interwoven with the application of data science as they head forward on a course together that is rife with the implications of privacy and security. We are only at the beginning.  

Cloud meets Privacy Enhancing Technologies (PETs) 

With roots that go back to early computing, you can find traces of PET technology and practices among everyday internet behaviors and tools. There are soft privacy technologies which are software-based, such as tunnel encryption (SSL/encryption), access controls, and data anonymity systems. There are also hard privacy technologies which include hardware VPNs, anonymous routing, and devices that leverage cryptography. Communication anonymizers hiding the real online identity (email address, IP address, etc.), Enhanced Privacy ID (EPID) , Homomorphic encryption, Non-Interactive Zero-Knowledge Proof (NIZKs), Format-Preserving encryption (FPE), Differential Privacy, and Pseudonymization are other evolving forms of PETs.  

It is an accepted fact that smartphones and apps are continually sharing location, usage data, and untold valuable information about that phone’s owner. From stores to street corners, highways, neighborhoods, and everything in between, video cameras are everywhere we can reasonably go. I haven’t even gotten to the invisible satellites that continually race around us in the heavens above and often cluttering our ability to star gaze.  

The point is that the proliferation of technology, especially those of cloud and data technologies ricocheted past what would have been more favorable in terms of privacy by design. Privacy regulations have tried and had some effect, but the industry still endures painful and devastating breaches of sensitive data. Privacy regulations have always and will always lag behind technology and hackers. Building around this and scaling up securely is clearly a task that is too difficult for many enterprises to deploy on their own. PETs can bridge that gap, and maintain privacy even as the underlying computer technology evolves and morphs. 

Collaboration: Trusting Zero Trust 

As the proposition of PET grows, what is developing is a new horizon coined as collaborative computing. Its proposition is simple. Collectively, PETs are advancing into technology stacks with the aim of creating a continuously verified plane of data privacy, advanced processing, and ultimately, a complete shift in principles of how platform-based data communicate towards an ecosystem of data collaboration. In essence, through ensuring security and privacy, sharing data becomes a more inviting focus.  

A New World of Data Enabled by Comprehensive Security 

It is clear that the drive for greater data acceleration and global availability balanced with the increasing focus on security and privacy are on track for a significant breakthrough that can unlock dynamic data markets and economies of scale. For example, marketplaces will feature the ability to federate queries and share tranches of non-specific data instantly. Whether that outside party is a partner, supplier, consumer or supply chain, regardless of country, information can be shared instantly across the world.  

The journey of cloud technologies and the data that comes with it have long counted on the tenets of security, privacy and integrity. The continuing evolution and adoption of PET, followed by the establishing field of collaborative computing are leading the way to a redefined global economy where opportunities are both unleashed and balanced by the characteristics of secure, private, and available data systems with its linchpin being a comprehensive security approach. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Michigan Mutual Gains Uptime through Ntirety Managed Services

Michigan Mutual is a mortgage broker founded in 1992 by brothers Mark and Hale Walker. Over the past few decades, the business has expanded across 35 states and now has a total of 100 Mortgage Loan Advisors. As a company that handles financial information, being able to quickly communicate with customers while keeping personal data secure is a top priority and core to their value proposition. The challenge is having all the right tools and technology in place to compete with big players and some nimble smaller ones. 

Michigan Mutual had to move their back-office IT servers from their office suite to a data center that they owned and operated. Over time their server, storage, and network set-up became outdated.  A decision had to be made on how to make sure data management was as efficient as possible in the spring of 2017. 

To free up their time, and increase availability and security, Michigan Mutual turned to Ntirety for a virtual desktop services solution (VDI) and moved everything from their own data center to be on Ntirety’s VDI and DR infrastructure. The VDI and on-prem DR Solution moved to Ntirety in August 2017. In June 2018 their applications and back-office were also moved to be fully handled by Ntirety. 

With Ntirety onboard, the mortgage company now has more uptime and availability to focus on other business operations. The migration to Ntirety’s data center gives the Michigan Mutual team more servers and desktops that are available all the time and running at peak performance. 

Centralized administration and cloud desktop means that regardless of what happens in any individual area, employees can just go somewhere that has internet, and they’re back up and running. 

“We have been fortunate in the fact that the Ntirety team has been able to focus and to get attention to things quickly to help us get results,” Michigan Mutual EVP and CIO Bruce Clarke said. 

The reliability, communication and support from Ntirety has helped Michigan Mutual to feel valued as a customer and feel confident in the Ntirety solution. That confidence allows the Michigan Mutual team to stay focused on being competitive in the market rather than worrying about managing their infrastructure. 

Read the full case study here for more details about how the Ntirety solution helped Michigan Mutual gain uptime. 

The Russia-Ukraine Conflict and the Mounting Cyber-Threat to the Homeland

As Russia’s invasion of Ukraine moves into its second week, the cyber threat to Western countries supporting Ukraine grows as Russian forces get bogged down.  I have had several friends ask, “How did we get here?’ or “Why is the Russian affiliated cyber threat so big?”  The answer begins with a story (like many conversations).  

 A History Lesson in Cyber-Security

Fifteen to eighteen years ago when the FBI formally established Cyber squads to counter aggressive nation-states, Russia and China were at the top of that list.  The activities were somewhat confined to the defense sector or critical infrastructure and we in the FBI were not even allowed to say that we were engaged in cyber investigations against those countries.  “We cannot confirm or deny” being a common catchphrase.  Iranian cyberthreats began to grow approximately 10 years ago, and it remained a relatively high-level engagement between these cyber “Super-powers”.  

Then it changed.  I use the Target attack of 2013 as the beginning of this change.  Criminals started realizing that they could use the Internet to connect to and exploit businesses all over the world.  They started spending money, building data centers, and developing code.  The bigger change came when three distinct forces emerged in 2014 and 2015 and began to dominate cyber-crime.  One was the dark marketplaces which allowed software and personal information to be sold.  These sorts of places had already existed, but they became even more prolific with the rise of the second force: cryptocurrency allowed for these dark marketplaces to grow.  Lastly, we say the creation of what we today call ransomware gangs.  These groups are highly organized, well-funded, and often work in countries where they are protected or at a minimum can operate with relative impunity.  This is where the story of the suspected Russian cyber-threats comes in. 

 Russian Based Cyber-Threats Up 800% 

Suspected Russian affiliated cyber threats have always been advanced, and their suspected state-sponsored hackers are some of the best in the world.  But where does a suspected former state sponsored hacker go after they are done serving their country?  To make money of course. But what if the best way to make money in a country like Russia was to work with cyber-crime organizations?  This is what appears to have happened to many of these individuals because cyber-crime pays very well indeed. Many of these criminal organizations have long been suspected of having ties to Russian intelligence and, recently, these ties appear to be confirmed with the leakage of hundreds of pages of internal communications inside the Conti ransomware gang. Conti has made more than $30 million in ransomware payments in the last couple of years, and they are just one of the groups suspected to have these ties to miscellaneous Russian intelligence agencies. With the start of the Russian invasion, we started to see where the true allegiances of these criminal groups lay.  The number of ransomware attacks rose more than 800% in just the first week of the war and most of this is attributable to Russian-homed criminal groups. In fact, Conti is purported to have issued a statement that they would defend their homeland against all aggressors and supposedly pledged their full support for President Putin.   

 Bad “Guys” Can’t Win 

The threat is rising and not just for large companies. In 2021, 43% of ransomware victims were small businesses and when we roll in mid-size companies, that number rises over 60%.  Statistically, any (note ANY) business in the United States has a 1-in-4 chance of being successfully hit with ransomware and/or a data breach.  That  ransomware attack will take down the infected corporate network for 20-25 days on average.  And we are not even talking about E-Mail Account Compromise which affected more than 70% of businesses in 2021.  So, let’s talk security before this happens to you.  I hate seeing the “bad guys” win.  During my time in the Bureau, I too often saw a company get victimized and all they were trying to do was run their business. The threats will continue to evolve, and the criminal actors are awake 24 hours a day looking for ways to make everyone a victim.  This is why you need a comprehensive managed security partner in your corner to manage the “entirety” of your security perimeter, watch your environment 24/7, and take decisive actions to keep it secure. Let our 3 US-based SOCs, and our talented security engineers take care of security from beginning to end while you concentrate on what you do best.  

The Combined Peskiness Of Inflation And Cybercriminals

Inflation has been a (not so) hot topic over the past year. As prices rise on grocery store shelves, unfortunately so do ransom costs because cybercriminals have bills to pay too. The following piece by Ntirety CEO Emil Sayegh was originally published in Forbes. 

The Combined Peskiness Of Inflation and Cybercriminals  

Not a day goes by where hackers are not making American lives worse. From fraud to ransomware, from data leaks to compromised passwords, it’s another serious problem for all of us to deal with. Lately, both business leaders and the public have become concerned with hyperinflation. Nobody likes it, but it is here— and as it is with most changes, a bit of upheaval will follow. Beyond the personal economic impact, there are serious cyber implications as well and it all leads to an uncertain future.  

Paying More for Cyber Crime 

I hate to tell you this, but hackers pay bills, too. Inflation is a factor of our national economy and when it surges as it has in the last several months, it carries a significant impact to everyday life and can cause significant disruptions. Prices increase across the board and in time, they will affect just about everything around us. That goes for the cost of cloud computing, software, support, and yes, hackers.  

Hackers, while arguably the lowest forms of life, live with the rest of us. They are not tucked away on a secret island somewhere with an independent economy. I am not attempting to incur sympathy for the increased financial burden for hackers and cybercriminal groups, however we must consider what is surely about to happen in terms of their cost of operations, cost of living and continuation of their raw activity returns. 

  • 2021 saw a 17% increase in publicly disclosed ransomware attacks, while certain sectors such as retail saw a 100% increase in attacks.
  • Ransom amounts increased tremendously in 2021 with the largest ransomware payout being made by an insurance company at a whopping $40 million, setting a world record.
  • Faced with mounting power, computing, and living costs, ransomware event frequency will increase, while the target size of companies will continue to decrease.
  • Attack selection will focus on time and location where targets are the most vulnerable.
  • Based on dire financial situations in certain areas of the world, a new, much younger generation of hackers will arrive and join the cause.
  • Attacks will continue to become easier to implement. 
  • New attack vectors will be discovered, most likely after a major attack.
  • The number of weakened organizations will increase. Faced with financial pressures and mounting costs, organizations may cut corners or delay security preparedness.
  • Virtual currency, the preferred payment channel of cybercriminals, will swing wildly as incidents play out.

To put it simply, the market for cyber attacks is exceedingly lucrative for those that ply within that trade. And a climate of financial pressures and supply chain issues are nothing more than an opportunity for cyber criminals to turn up the heat. It is a perfect storm that pays favor to cybercrime.  

As a matter of definition, cyber attacks seek vulnerability. Optimal timing is a major factor found in the aftermath of an attack incident. In many cases, intrusions occur on some vestigial digital component— such as an environment that was slated to retire but never quite made it, an unpatched, lightly-managed server, or those couple of dozen users who refused or were unable to migrate their workstations.  

Cyber Attack Targeting is Limitless and Without Morals 

Technical deficiencies aside, the industry position of a target could also be what makes it a target in the first place. These are crimes of opportunity that seek to maximize their potential leverage in burdened industries. For example, at the moment people are feeling the inflationary impact at the gas pump, at the grocery store, at their favorite restaurants and in many retail situations. Cybercriminals are actively selecting their targets on the greatest potential to exploit legacy security systems and to maximize their potential returns. In general, not all industries are as ready as others for modern cybercrime threats.  

Cybersecurity into the Boardrooms 

More than ever, security is a critical facet of company success— and survival. It has become an existential threat with 40% of hacked companies not being around a year after a data breach. Chief Information Security Officers at major companies are now invited to the boardroom. They must because most expect to be the target of ransomware attacks in the coming year. Actions are becoming more proactive, to get ahead of potential attacks. More importantly, risk concerns are serving as the catalyst that is fueling cyber-attack response capabilities including  funding  the implementation of new technologies, security missions, and supplemental services and partnerships. While slowly, priorities are generally building in the right direction and that’s a good thing.  

Weathering the Surge 

Not every company however is as big or in a position to respond alone to the incoming surge. Talent and vision can be rare throughout the industry, but the framework of where threat readiness is readily available. 

Technical controls and practices for vulnerabilities are available throughout the front lines of cloud, email, endpoints, and on-premise environments. These components will ideally feature behavior detection, centralized reporting, and some level of automation. Defense strategies should be built around the detection and notification of lateral movements and must always expose the leakage of data across all possible exit points.  

One of the most valuable tools available in the preparedness arsenal is backups. Organizations should have a comprehensive security strategy that includes recovery.  A disaster recovery solution, as well as a regular test of backup  data ensures that backups can be accessed in case of emergencies. Further, we can prioritize around key systems and keep sensitive records isolated whenever possible.  

Finally, consider increasing focus on more comprehensive and holistic security practices. Consider threat modeling, gap identification, and risk analysis in the overall security plan. Implement services and consultation with qualified, experienced parties that truly live and breathe these cyber threats. Focus on the training and education of your administrators and users. Investments in security today, under any financial situation, will pay dividends when things turn rough.
 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

ARG and Ntirety Secure AbsoluteCare’s IT Infrastructure

AbsoluteCare is a leading healthcare provider that focuses on providing comprehensive and preventative care to the most vulnerable populations in the United States. ARG is a technology consultancy dedicated to helping companies find the right match for their technological needs and is a trusted partner of Ntirety.  

With a large amount of Protected Health Information (PHI) in their data warehouse, it was essential for AbsoluteCare to guard against potential threats. AbsoluteCare works with insurance providers to find specific individuals in need of their services and in order to safely store data and properly process information they needed the right partner.  

As a growing company, in 2016 AbsoluteCare decided it would be best to reduce reliance on some of its own dated technology stacks and start with a clean slate. 

AbsoluteCare’s previous vendors did not have the database management and database architecture expertise that was needed to manage the large amount of information that the healthcare provider was responsible for. Cybersecurity was handled by multiple partners, increasing cost, risk, and complexity. 

AbsoluteCare turned to ARG to help them find a good match for their infrastructure and security needs. ARG Senior Technology Advisor Cassie Diehl surveyed the marketplace to find a provider that met AbsoluteCare National IT Director Chris Becker’s specific qualifications for a comprehensive multi-faceted secure solution. Ntirety formulated a solution that met all their security needs, including — VDI, XDR, Disaster Recovery, SOCaaS, and CaaS. 

Thanks to Diehl and Becker’s hard work, AbsoluteCare was able to get connected with the Ntirety team. Ntirety was able to meet all of AbsoluteCare’s requirements from primary infrastructure to robust backup, to Disaster Recovery (DR). 

“Ntirety’s comprehensive security suite has been an impressive security shield for our business,” said Becker. “Additionally, we don’t have the budget to stand up our own internal infrastructure or internally hire the expertise required to protect against today’s artful criminals.” 

Read more details in the full case study here to learn more about how the Ntirety solution transformed AbsoluteCare’s IT infrastructure.

Freight Trains, Russia-Ukraine, Log4J And Supply Chain Attack Madness

The current conflict between Russia and Ukraine has undeniably captured the attention of countries all around the world. Our thoughts and prayers go out to the people of Ukraine, and we hope that there will soon be peace. It is crucial that we promote cybersecurity best practices always, but especially now as cyberattacks have increased drastically due to this conflict. This piece by Ntirety CEO Emil Sayegh was originally published in Forbes on February 1, 2022.  

 Freight Trains, Russia-Ukraine, Log4J, And Supply Chain Attack Madness 

We have all seen the images of the train tracks in California littered with boxes due to the systemic attacks by organized gangs of criminals. These attacks on our supply chain left train tracks resembling third-world garbage dumps as cargo containers were being raided with impunity, leaving a heap of strewn boxes in their wake. The train attacks delayed much-needed shipments to stores with empty shelves, as well as essential packages needed by businesses and consumers from all walks of life, at the exact moment when all of us were trying to deal with the resurgent Omicron virus. 

In the same way that physical attacks on trains have been on law enforcement minds, cyber-attacks against the software supply chain are on many cyber security professionals’ minds. These threats are perhaps not as visible, but nonetheless are a sleeping national disaster if left unchecked. A variety of factors have created a growing and consistent attack vector for the enterprise to deal with, especially considering the Russia and Ukraine geopolitical tension. Rumor is that if the US imposes sanctions on Russia, Russia will retaliate by mounting a concerted cyber-attack on US supply chain infrastructures. Regardless of the geopolitical situation, we are on the horizon of a hyper-escalated future of supply chain attacks, and it is critical that security strategies focus on comprehensive security and not point solutions.  

A Very Big Attack Hammer 

The enterprise is still stinging from recent high-profile supply chain attacks such as the SolarWinds breach. It did not take long for this threat condition to evolve. Successful attacks against SolarWinds caught significant attention in a supply chain attack that allowed the hackers to further select and target some of SolarWinds’s specific client targets such as Microsoft, FireEye, and US government agencies. Later, a ransomware attack against Kaseya, an IT management software tool, disrupted operations for many managed service providers and their clients. Even more recently, even more commotion emerged when a vulnerability was found in Log4j, a ubiquitous but obscure piece of monitoring software. The trend of one attack to many victims is a theme that continues in the headlines.  

What has happened in these and many other cases, is significant. By compromising the virtual supply chain, criminal threat actors have managed to breach centralized services, software, and platforms to get a foothold into target organizations causing considerably more damage than the California physical train attacks, and without even getting out of their chair. Once there, the cyber threat actor goes on to widespread infiltration of customers and clients of the original victim. For the attacker, one successful breach means that the economy of impact can be scaled out to hundreds, even thousands of victims, saving time and effort making it more lucrative, and less risky than physically raiding freight trains. 

Simple Attacks, Big Results 

Even scarier, most of these incidents happen through very basic attacks. While many of the high-profile attacks were sophisticated in their planning and execution, the technical measures used to achieve the attacks were not sophisticated at all. These attacks exploit common weaknesses including: 

  • Certificate comprise
  • Open-source vulnerabilities
  • Exploiting unpatched libraries and executables
  • Compromised accounts
  • Exploited firmware
  • Malware and Ransomware
  • Phishing

Further, with an arsenal of well-established and easily consumable nefarious methodologies, most cyber supply chain attacks are easily replicated. Simple and cheap, the characteristics of novel supply chain attacks are a significant problem that is bound to grow because as you will see, cyber chaos success begets imitation, and it will not be long before significant numbers of cybercriminal groups get on board the supply chain attack train.  

Standing Up to the Threats 

The ultimate takeaway from this growing threat breaks down to a highlight of focus. First, recognize that every organization and industry are stacked up against very different challenges. Then, recognize that slowly, the supply chain industry is working to update systems and platforms to help address this threat – using the latest dynamic principles of comprehensive security in a cloudified age. These organizations must escalate their efforts to defend their products in a coming storm of activity. There is a staggering amount of interdependence between all the components of a cyber supply chain. These companies must also position themselves to provide rapid response when needed, on behalf of their clients.  

Protect Your House 

As individual as organizations can be, every organization has a unique digital supply chain. We are all in this boat together, and so we must also focus on analyzing and protecting against these threats. We have built upon services, platforms, software, and other digital components that came from somewhere.  

The prescription for these threat conditions is a comprehensive security strategy and implementing the protections of continual analysis, introspective monitoring, and integrity enforcement of our own digital systems as well as the realm of digital outside our clouds that have been allowed into the organization. Focus on threat modeling, adaptive strategy, and risk-focused assessment. Increase security presence, monitoring, and controls at every phase of the software life cycles as well as throughout the library of digital platforms and tools. 

The Must-Do Mission of our Times 

There is no excuse for enterprise systems to linger unpatched, unreviewed, and unmonitored or for security systems to depend on outdated missions and technology. Considering the technology and services available today, actionable security data must be “in-the-moment” because stale information can only provide weak, ineffective and potentially misguided benefits. Preparation for the unknowable means investment in technology, investment in people and investment in robust services that can blunt these nefarious threats. 

The historical precedent is out there. The significant breach events have occurred. It cannot be ignored that the market for simple attack tools and methods are cheap and easy to implement, and are actually much easier than a freight train heist. Everybody likes a winning program (including hackers), and a boon of cyber disruption success means that shifting attack efforts onto the supply chain will continue to be a top mission. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.

The Imminent Death And Rebirth Of Cyber Insurance

For insurance companies, it is important to predict all possible outcomes within their realm of protective services. This is not the path cyber insurance has followed, making it somewhat unreliable.  The following piece, The Imminent Death and Rebirth Of Cyber Insurance, from Ntirety CEO Emil Sayegh was originally published in Forbes. 

 We wake up every day to a pattern of record ransoms being paid as well as record increases in cyber-insurance cost. The Bloomington School District in Illinois published its cyber-insurance renewal costs and reported a whopping 334% increase in premiums. Faced with challenges, it is common knowledge that businesses must continually evolve due to circumstances such as opportunity, missions, and risks. The cyber insurance industry is no different. In this climate of record ransoms and cyber incidents, these challenges are creating a shift in insurance market conditions signaling that cyber insurance will fade towards demise as we know it. While this seems like a bad thing, there is a silver lining in all this. 

 Mounting Ransom Costs 

We are living in the greatest period of data vulnerability in history. There are risks everywhere, all of which carry significant financial burdens including ransomware, downtime, compliance fines, and data loss. The global pandemic opened opportunities for threat actors to escalate their attacks and seize, causing dramatic increases in ransomware attacks alone. Amid the shifting security haze of 2020, the consumer GPS company Garmin paid a significant $10 million in ransom and the tales of ever-increasing ransoms go on. While the average cost of a data breach now hovers around $4.24 million, organizations routinely find their insurance only covers about 40 percent of the costs incurred due to a cyber incident.  

 The Trend was Not a Friend  

Cyber insurance is built on the careful analysis and management of risks in a present-day environment. It is unimaginable to think of a scenario where the cyber insurance industry is not challenged by the rising challenges and costs of cyber-crime now. Reported cyber losses continually reach into figures in the billions of dollars. Each month is a record now. Meanwhile, the historical loss data continues to shift according to changes and escalation of risks. There is a palpable element of unpredictability that does not work well for the cyber insurance market and those looking for coverage.  

One can reasonably wonder how the cyber insurance industry got this wrong. How did they miss this trend? After all, insurance relies on heavy predictive analytics based on historical data. Sadly, in this case, the historical trend was far from predictive. The calculus was based on historical patterns of small-time hackers or lone wolves looking to get a quick hack of a hit. However, in the last two years, all of this has changed at such a pace, that the cyber insurance industry was caught ill-prepared. What is now driving the acceleration of costs, attack volume, and social engineering are nation-state threat groups. These new hacker groups are incredibly well organized. Organizations of cybercriminals from around the world who are demonstrably sponsored or ignored by their respective governments. What this means is that in addition to financial gain to sustain their operations, the disruption of the target’s operations is also their constant and perhaps primary goal. Attacks on infrastructure, military, and business entities have been continually associated with outside countries, such as the SolarWinds attack discovered in 2020.  

One way of looking at this tells the tale of a dying industry, slammed by rising challenges and costs and a lack of interest to back cyber liabilities. For example, it is easy to draw a line between ransomware-related claims and capacity throughout the industry. As it stands, just a small sample of losses within the industry could quickly wipe out the premiums collected well ahead of time. This is classified as unbearable risk within the pool and in insurance terms, losses are not acceptable.  

 Indemnification and Comprehensive Security to the Rescue 

In addition to the array of risks, one must now consider whether the state of cyber insurance constitutes an additional risk to the organization. The stakes are high and legal conditions abound. New coverage and rising renewal rates are a major concern. Premiums are rising by 10 to 20 fold, and that is if a renewal is even available. Enterprises are left exposed, or have to pay exorbitant premiums. The answer lies in going back to the fundamentals of minimizing heavy reliance on cyber insurance through a comprehensive security framework. Comprehensive security frameworks provide better security outcomes and a better posture for the insured. Furthermore, enterprises can leverage the indemnification provided by their cybersecurity provider in lieu of getting their own cyber insurance coverage. However, in order to do that, organizations need to embrace a comprehensive security approach. There is no wiggle room on that. 

Comprehensive security approaches can manifest through full spectrum security programs that provide protection, recovery, and assurance services that minimize risks. 

  • Protecting data means protecting data everywhere, all the time— including the perimeter, malware detection, finding threats, ensuring encryption and access. 
  • The benefits of recovery include virtualized and ready-access redundancy/restoration of systems that are available in any type of disaster including a breach. 
  • Building out an assurance program means life cycle assessments of security, compliance, logging, and the integrity of compliance within a given environment. 

In a challenging threat and cyber-insurance environment, comprehensive security augments risk aversion and minimizes reliance on more stringent insurance scenarios. 

 A New Dawn for Cyber Insurance 

Cyber insurance has and will adapt to these conditions, and we will see this evolution include demands for improved cyber-hygiene and exclusions that will shield insurance companies from providing coverage when the insured fails to maintain high security standards. We see that in the home insurance industry when security alarms actually reduce the premiums. Similarly, the cyber insurance industry, while nascent, will mature. It has just emerged from two years of nightmare losses and a risk climate that was hard for them to anticipate. You can expect specific adaptations ahead and an emphasis towards better education and improved cybersecurity practices. The rebirth of cyber insurance is in the cards, but it will be in combination with proper, responsible security planning and comprehensive security strategy. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn

Security in a Non-Secure Environment

As a newly minted CISO, I have been injecting myself into the Ntirety environment, talking security at every corner of the company.  I come from a deep IT/security background where I have seen many companies fall prey to the ever-increasing cyber threat landscape.   

 Sad Tales Abound 

In my previous roles with Hewlett Packard Enterprise and the FBI, I would often speak with companies before and after they had been breached.  One of my saddest experiences was with a prospective SMB customer who was concerned about security in his environment but wasn’t sure where to start.  We discussed various options including the deployment of a Firewall or maybe a security assessment to help him determine where the “right place to start” was.   

 He was non-committal, and we departed the meeting agreeing to meet again in a few months to see where he was in his decision.  I was concerned because I felt his corporate network was exposed and the threats against his company were rising as his company became more successful and lucrative.  

 You can imagine my horror when his company was hit with a ransomware attack six weeks after our conversation.  I sent my corporate contact an email expressing my desire to help in any way. Could I have done more?  Could I have been more convincing?  I don’t know, but my desire is to assist every customer in any way possible. I want every customer’s environment to be more secure than when I first met them.   

 Basic Security First 

What is the proper order to assist a customer in an insecure environment?  It feels like a “Chicken-or-the-Egg” conversation – do we secure the environment and then do a security assessment, or do we start with a security assessment and then see what we need to secure.  I feel like I have come down in the camp of basic security first, then let’s assess.   

 One of the first conversations I have with any customer is a request for the customer to assess their  security on a scale from 1-5 with a 1 being almost completely insecure.  If a company rates themselves as a 1 or 2, that means they know they are not secure or very easy to compromise.  I feel like we should immediately discuss how to get them some form of security before talking about a security assessment:  At a minimum some firewall protection and maybe multi-factor authentication but in this case, my experience has shown that the low-hanging fruit security gaps become easy targets.   

 This may go against conventional wisdom, and I have often been the champion of the security assessment first, but I worry that by delaying any action on securing an environment, we may leave the door open too long for an enterprising criminal to exploit another company.  The thought of another company being victimized while I am trying to help them is too much.  Let’s move the minimum security bar higher in all of our environments and make the criminals’ job that much harder.

Cyberthreats Are Turning Assets Into Liabilities

For a business, assets are anything that can be marketed and sold, while liabilities are debts that must be paid. The sooner organizations understand the potential of company assets turning into liabilities, proactive action can be taken to protect the business. Board members, owners, CEOs, investors, and CFOs need to heed this call to action. Ntirety CEO Emil Sayegh discusses the importance of recognizing these dangers in this piece, originally published in Forbes, Cyberthreats Are Turning Assets Into Liabilities. 

Cyberthreats Are Turning Assets Into Liabilities

 In the world of business technologies, the prevailing pace of evolution is directly aligned with increased technology investments, yet security incident headlines reinforce how for a good chunk of that history, security was nearly an afterthought. Protecting the organization’s information assets was seen as something for IT to do while it focused on ensuring applications and storage were up and available. Well, cybercriminals apparently didn’t get the memo about whose job it was to protect data; they kept busy looking for ways into the network, stealing data, and holding hostage everything from (very) private pictures to financial records. Earlier this year, conference software provider Zoom found themselves in a position of misplaced trust and paid a hefty price to the tune of $85 million, following their repeated crashes in 2020. 

IT Assets and Liabilities 

Every organization has information technology assets on one side of the ledger and liabilities on the other side. In the simplest context, IT assets are properties of an organization that includes software and hardware. Users outside and inside the organization get value out of these assets and rely on their integrity and availability. The right technology, when used properly, is an enabler of business growth and profitability. Gaps in diligence and cybersecurity planning, however, can make these assets leap from one side of the ledger to the other into liabilities. The offenses can include gaps in training, ongoing support, upgrade planning, cybersecurity programs, user training, and more.  Liabilities are the weak points throughout the chain that affect the value of the asset to the business. 

Zoom Out 

Over the course of the global pandemic, Zoom became a household name – exploding in use by schools, students, businesses, and more. Due to lockdown restrictions, this tool filled a significant need, making things such as classrooms, weddings, memorial services, court proceedings, and fitness classes a new virtual possibility.  

The enormous spike in users increased attention on the program’s security and privacy flaws. Eventually, a class action lawsuit came along, alleging that Zoom violated users’ privacy rights. Zoom agreed to pay $85 million to settle the case. The allegations included sharing personal data with Facebook, Google, and LinkedIn, while allowing “Zoom-bombing,” the practice of hackers disrupting meetings with inappropriate language, pornography, and other disturbing content. 

Crossing the Line into Liability 

Executives are now on notice that they need to treat cybersecurity as a business risk. They need to know more than just how susceptible their organization is to attack. They also need to understand what is at risk, including its assets, and they must recognize when they become liabilities. That’s not always straightforward since companies often use the same technology for both corporate and personal tasks. A recent survey by research firm Gartner found that 29% of employees in organizations with end-user devices allowed workers to connect their own personally owned devices (including laptops, tablets and smartphones) to the network – with less than half of them restricting access solely to business or work purposes.  

A comprehensive approach to cybersecurity should include monitoring software updates across the entire business, not just for IT systems but every aspect of the commercial software supply chain, from development through deployment onto production networks.  

Protecting software assets and products of an organization requires a comprehensive security approach. This includes building a plan upon the components of a proactive security foundation and practices which start with four steps that can create a more secure cyber infrastructure:  

  • Identify threats through an audit
  • Secure your application environments through a ground up security solution including Secure DevOps and Zero Trust
  • Set up a recovery mechanism in case of a hack
  • Build an assurance program that enables future compliance and resilience

Zoom In 

Clients of Zoom and other similar software services must recognize the inherent risk contained in the practices of the service they choose to implement. Organizations can satisfy regulatory requirements for preventing or minimizing data breaches while also mitigating their vulnerability footprint through proper implementation of security measures for software.   

In addition, security teams have to start working with business units across the enterprise on how they manage vendor relationships. In order for InfoSec experts to do their job properly, they need to scrutinize all third-party components that are introduced into systems – whether that’s commercial off-the-shelf software or any type of service that gets connected. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Capco Gains IT Visibility and Accurate Security Monitoring with Ntirety

Global technology and management consultancy Capco specializes in driving digital transformation in the financial services industry worldwide. With a growing client portfolio comprising of over 100 global organizations, Capco needed to optimize and better secure their IT environment.  

The consultancy’s legacy IT systems were causing their team and outside security provider to chase false positives in monitoring applications and environments. The system in place did not give Capco visibility to see what their legacy security provider could see and vice versa. 

Ntirety’s solution implemented collaboration, clear communication and visibility of changes that are made. The Ntirety solution gave Capco the ability to create and customize specific security rule sets to limit accessibility to applications and ensure the intended users are the ones using them. 

Read more about how the Ntirety solution secured Capco’s IT infrastructure in the full case study here.