[BreachExchange] Cybersecurity Concerns on the Horizon for 2018

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 15 20:55:05 EST 2018


Vigilance and foresight are two key qualities in the cybersecurity field.
2017 brought many serious challenges, but what lies ahead in 2018 that
needs our intention and strategic thinking? Let’s look ahead at three
factors on the horizon that will impact the network, possibly for years to

Ready or Not, Here Comes GDPR

First and foremost is a known quantity, the General Data Protection
Regulation (GDPR), which will take effect in May 2018. This regulation will
have a major impact on the European Union and on international companies
with access to European citizens’ sensitive data. The GDPR is considered
comparable to the U.S. Security Breach Legislation enacted in 48 states,
but on steroids. Organizations must account for all sensitive data and the
access granted to it. At the same time, it expands the definition of
sensitive data to include online identifiers, such as an IP address or

This regulation isn’t just for huge, multinational enterprises. The GDPR
applies to any organization with more than 250 employees that has the
personal data of EU citizens – whether that organization has a location in
the EU or targets EU citizens or not. This marks the first time U.S.
companies have had to abide by an EU regulation (as opposed to a
Directive), and the fines for non-compliance are steep: up to €20 million
or four percent of annual global turnover, whichever is greater.

These fines are intentionally severe because maintaining data privacy is so
important to the EU, and this gives them the teeth to police compliance.
GDPR compliance language will begin to appear on business websites as
companies seek to assure customers that their data will be safe. But the
bigger shift for businesses will be the need to dig deep into their
processes to comply with this regulation. They will need to have full
visibility into who has access to sensitive data – and as we will see
below, that is rare.

The Need to Secure the Core

Organizations worldwide will continue to face cyber threats and struggle to
maintain a solid and continuous compliance and security posture as
nation-state-sponsored cyber-attacks, cybercriminals and hacktivists
proliferate and innovate.

That may seem obvious, but what is less obvious is that in a world without

perimeters, companies must spend money down to the infrastructure core of
the business to secure their data. While technology is changing at rapid
speeds, many processes remain stuck in the past. Static security measures
like passwords and vaults don’t move with the speed of today’s business and
simply aren’t enough anymore.

Malicious actors love to target static security because they are so
vulnerable. Ideally, significant investment would be made to secure a
company’s technology core as the company is being built. However, it’s not
too late for existing companies to go beneath the OS and build security at
the foundational level with elements like certificates, SSH keys and PAM.

A New Way to Manage Access

CIOs, CISOs, IT security and IT architects across the globe struggle to
maintain privileged access to protected data. It’s a board/business topic.
SSH user key-based access, referred to as the dark side of compliance,
continues to bubble up on the high-risk radar as uncontrolled and unmanaged
elevated access into production. Organizations must consider SSH access
when assessing security because they provide the highest level of access
yet are rarely, if ever, monitored.

Proof of this shortcoming can be found in a recent report from the Cyber
Security Research Institute, which revealed that 61 percent of respondents
do not limit or monitor the number of administrators who manage SSH.
Further, 90 percent of respondents do not have a complete, accurate
inventory of all SSH keys. This means that there is no way to tell whether
keys have been stolen or misused or should be trusted.

With the migration to the cloud, poor key management is simply untenable.
Cloud applications are elastic, scalable and dynamic. Traditional PAM was
designed for static physical servers in much smaller environments. But, as
with passwords and other static security measures, static PAM can’t get the
job done anymore either. Traditional PAM just doesn’t provide the agility
one needs in the cloud and doesn’t handle elastic services well at all. In
fact, it doesn't handle traditional legacy infrastructure very well.
Projects become complex and expensive.

All is not lost, though, as a new kid on the block offers a just-in-time
solution to these issues: next-generation PAM (NXPAM). This NXPAM works
without any permanent access credentials on servers, using only short-term
temporary credentials that are created on demand. There are no passwords to
rotate, no vaults needing to store them and no software that needs to be
installed and patched on individual servers. This makes for a very fast and
straightforward deployment project with unlimited scalability.

Address Risks Now

With the impending implementation of the GDPR and cyber threats that can
gain access to core network areas, organizations need to take a hard and
close look at what security and compliance measures are in place. Are
policies consistently being carried out? Are they effective?

The need to protect the network and all it contains has never been under
greater threat.

However, it is easy to identify a common theme having to do with governance
for your trusted access to protected data. Going into 2018, it is crucial
to start addressing these risks early. Organizations must have complete
accountability of their protected data: who has access to my data? Where is
my data? What laws and regulations impact my compliance program?

Particularly if you are operating on legacy systems, an effective defense
strategy requires embedding security at the infrastructure level. It’s here
that the greatest amount of harm can be done if breached, so controlling
access is essential. Keep the above three factors in mind as you move into
the new year and put security measures in place to create a firm foundation
for your organization and its customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180115/7d99c1b8/attachment.html>

More information about the BreachExchange mailing list