Details: How do you protect your organization from cyberattacks as they continue to threaten the critical infrastructure of global industries around the world? It’s a precarious and uncertain situation, but fortunately, the key to security remains the same: knowledge, preparation, and constant vigilance. The goal of this masterclass is to impart actionable steps to implement critical measures and keep your systems secure.
The Log4j vulnerability burst onto the scene in December of 2021. One cybersecurity firm reported that the flaw was utilized in attacks on more than 40% of global networks, and that more than 100 breach attempts utilized it every minute when it first came out. At the time, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said it posed a severe risk and was perhaps the most serious threat she had seen in her lengthy career. No wonder government agencies panicked. All civilian federal agencies were ordered to immediately fix this vulnerability. Vendors, too, were concerned, rushing out a series of patches. There were dozens of patches to deploy related to Log4j.
A year on from the initial turmoil occasioned by this zero-day threat, where do we stand? Log4j continues to be exploited. After so many patches were made public by so many vendors, there are still plenty of organizations that have failed to install them. No wonder cybercriminals continue to enjoy success with this potent vulnerability.
Log4j Fundamentals
Log4j allows hackers to perform such things as remote code execution and to be able to access servers. They can use the Java logging library to deliver crypto-mining malware, steal usernames and passwords, access other systems, or cause a local denial of service condition.
Part of the problem for the continuing menace posed by Log4j is that it is embedded in almost all Java-based products or web services. In fact, it is so deeply embedded in Java-based systems that it is proving difficult for IT to find all the versions of it that may be running within its infrastructure, applications, or in the cloud. Hence, it is quite common for some IT departments to believe that they took care of it completely. Yet the reality is that they only dealt with the obvious places where it resides.
Beyond IT systems, Log4j is also heavily used in Supervisory Control and Data Acquisition (SCADA) systems and historian systems within many industrial and infrastructure systems. As these systems often have dependencies on other systems, cybercriminals can potentially use them to infiltrate the enterprise.
Another factor in the scary nature of Log4j is that vulnerable systems could be compromised due to many systems having code that uses this vulnerability to log information an application received from external sources. Hackers could take advantage of this simply by typing malicious text into a web application field, for example. The more creative among cyber-attackers have even been able to leak runtime and environment variables such as API keys or other credentials. And as Java can be used to send code over a network, code execution became possible on a remote basis.
For those wanting more information, the open-source Log4j Java logging component problem was eventually was broken into four vulnerabilities known as CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. These CVEs offer plenty of data on the bug, where to find it, and its various remedies.
Good News and Bad News
The good new news is that Log4j attacks have been trending downward throughout 2022. But organizations cannot relax. The bad news is that there has been evidence of surges in its use by cybercriminals of late. One happened in June and another in August. The latter one saw Log4j playing a part in several high-priority security incidents.
Enterprises are advised, therefore, to check, check, and check again to ensure they have eradicated this problem completely from any and all systems.
CISA issues a series of recommendations for organizations to fix Log4j. Among these, where points such as:
1. Enumerate any external facing devices that have Log4j installed.
2. Download all relevant vendor patches for the applications and operating systems at use throughout the enterprise. Patches are available from Microsoft, IBM, Adobe, Cisco, VMware, and many other vendors to remedy Log4j.
3. Patch them all using an automated patch management system.
Those kinds of actions may require extensive inventorying and patching of enterprise systems. Syxsense can help businesses discover all impacted endpoints, devices, and systems and deploy fully tested patches to wherever they are needed rapidly. Its automation features will save IT departments a great many hours, if not days, when it comes to once and for all dealing with the Log4j scourge.
For more information visit www.Syxsense.com
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Rangel’s extensive worldwide channel leadership experience to drive company’s hyper-growth with partners across key regions
ALISO VIEJO, Calif. November 11 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced the addition of Jose Rangel as Vice President of Global Channels. A B2B cloud and data management industry veteran, Rangel has a proven track record of building, leading, and managing vendor sales channels across the U.S. and EMEA, and will be responsible for global channel growth.
“Syxsense has seen hyper-growth over the last two years as organizations – and the partners serving them – have realized the value of consolidating endpoint security and management into a single solution. As we’ve added new capabilities around mobile device management and Zero Trust, the interest across the channel community has exploded,” said Ashley Leonard, Founder and CEO at Syxsense. “Jose brings a level of experience and leadership that will allow us to capitalize and expand on the channel success we’ve already had and help us build a world-class channel organization that will empower partners.”
Rangel has more than 18 years of channel leadership experience revamping and transitioning channel programs from fulfillment models to partner proactive ecosystems, increasing partner-initiated pipeline and robust deal registration co-sell opportunities by more than 50%. He has worked with established channels from EMC to start-ups like Nasuni, Datadobi, and HYCU, and has extensive experience building global partner ecosystems with VARs, service providers, system integrators, and value-added distributors. Rangel and his channel programs have been recognized multiple times by leading channel publications and he was named a 2021-2022 CRN Channel Chief.
“Syxsense is fundamentally changing how organizations manage and secure endpoints, and this presents amazing opportunities for channel partners and MSPs that are looking to give customers new solutions that save time and money, while increasing security and management efficacy,” said Jose Rangel, VP of Global Channels at Syxsense. “The company is experiencing massive growth, driven by real product innovation. I’m excited to step in and work with the team to help further expand a channel organization that will drive sales, empower partners, and ensure customers success.”
About Syxsense
Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first Unified Security and Endpoint Management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
Black Hat USA, Las Vegas – August 10, 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced Syxsense Zero Trust, a new module within Syxsense Enterprise that enables endpoint compliance with Zero Trust Network Access policies (ZTNA). Zero Trust initiatives require a hyper-focus on endpoint protection, but traditional authentication solutions lack the ability to evaluate device health, ensure granular policy compliance, and automate risk remediation. Syxsense’s new Zero Trust module was designed to serve as an organization’s “Trust Evaluation Engine” for endpoints. Not only does it offer unparalleled visibility and control over network access policies, but also enables security teams to build sophisticated access policies and remediation workflows to ensure ZTNA compliance.
“As organizations work to build a Zero Trust strategy, many are facing implementation challenges. One of those challenges is the ability to ensure that endpoints accessing the network are trustworthy and conform to policies. Most solutions simply accept or deny access without an understanding of the current Device Security Posture,” said Ashley Leonard, CEO of Syxsense. “In talking with customers, they wanted the ability to evaluate endpoint access for ZTNA based on policies and if not compliant, be able to apply fixes or remediate in real time to enable proper access. Syxsense Zero Trust does just that by allowing organizations to have full control of endpoints and automating the end-to-end process.”
The true power of Syxsense Zero Trust lies in three key areas. First, the granularity of hundreds of parameters IT can use to report and act on device compliance. For example, is a laptop accessing your NetSuite server after hours and with an IP address from an unfamiliar location? If so, block it. Second, the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And third, the automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool and making sure it is up to date on patterns, emailing IT about unauthorized access, and much more. When combined with the simplicity of building policy playbooks quickly and simply using the powerful workflow orchestration and automation tool of Syxsense Cortex™, these tools give organizations a uniquely powerful endpoint evaluation and network access solution for Zero Trust.
The specific features of Syxsense Zero Trust include:
Syxsense Zero Trust will be available for purchase in late September 2022, but attendees at Black Hat on August 10th and 11th can experience a product overview at the Syxsense booth #1272. For more information about Syxsense at Black Hat click here.
About Syxsense
Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
ALISO VIEJO, Calif. August 23 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced that Syxsense Enterprise has been recognized as the Best Endpoint Security Solution in the 2022 Tech Ascension Awards. The awards recognize B2B and B2C companies and leaders that drive cutting edge, innovative technologies that solve critical challenges in the market.
Launched earlier this year, Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and facilitated remediation for every endpoint across an organization’s entire environment. It combines Syxsense Secure, Syxsense Manage, Mobile Device Manager, and newly released Zero Trust to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate endpoint vulnerabilities.
Tech Ascension recognized Syxsense Enterprise for addressing the three key elements of endpoint security – vulnerabilities, patch, and compliance. By layering on a powerful workflow automation tool called Syxsense Cortex™ , the platform remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag-and-drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.
“As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network-connected mobile endpoints rising,” said Ashley Leonard, CEO of Syxsense. “The need to manage and secure an increasing number of endpoints, including desktops, servers, virtual devices, mobile phones and other devices, is becoming more and more apparent as complex, sophisticated threats continue to grow. We are thrilled to be recognized by Tech Ascension for our work in endpoint security and look forward to continually evolving our product to keep up with the ever-changing security landscape.”
The Tech Ascension Awards recognized the very best innovations in cybersecurity. The Tech Ascension awards judged cybersecurity applicants based on technology innovation, market research, and competitive differentiators. The class-leading vendors that received recognition from these awards showcased technology that solves critical industry challenges and produces invaluable business outcomes for their customers.
“Organizations are now tasked with navigating the extreme security challenges of new remote and hybrid work environments while combatting a surge in emerging advanced threats,” said David Campbell, CEO, Tech Ascension Awards. “These recognized security industry leaders are producing innovative technology and services to drive cyber forward in a truly evolving digital environment.”
The key features of Syxsense Enterprise include:
For more details on Syxsense Enterprise or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense
About Syxsense
Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first Unified Security and Endpoint Management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com
About the Tech Ascension Awards
The Tech Ascension Awards elevate companies that possess cutting-edge, innovative technology that solve critical challenges in their respective markets. Tech Ascension winners rise above the crowded consumer and enterprise technology industries and receive validation from an independent organization. Applicants are judged based on technology innovation and uniqueness, market research (analyst reports, media coverage, customer case studies), hard performance stats, and competitive differentiators. The awards recognize leaders in cybersecurity, DevOps, big data and consumer technology. For information about the Tech Ascension Awards, please visit www.techascensionawards.com.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
Mobility has progressed, in recent years, to the point where some enterprise users hardly ever need to use a laptop or desktop. Many CEOs, for example, only use their phone. Any desktop duties are typically referred to an executive assistant or secretary. Sales jobs, too, can often be accomplished to a greater degree via smartphone.
Certainly, there are many other jobs where this isn’t the case. But regardless of the title, mobile devices are taking up more and more of the enterprise workload. Mobile Device Management (MDM) technology has advanced to provide the processes and tools the mobile workforce needs to stay productive and secure. Further, MDM provides IT with the ability to more easily provision mobile devices, manage them, inventory them, and protect assets and data.
Here are four of the top trends in MDM:
Bring Your Own Device (BYOD) was an inevitable consequence of the COVID-19 pandemic. With everyone ordering home almost overnight, IT had no alternative other than to allow employees to use the laptops, desktops, tablets, and smartphones they had at home or used for personal tasks. A few of the lucky organizations (or the ones with deeper pockets) had already provided all employees with a dedicated work laptop, tablet and/or smartphone. By doing that, IT could arrange role-based access to enterprise data and email, and provide services such as a secure VPN, GPS tracking, password-protected applications, and access to a host of enterprise security applications. Beyond that, mobile chaos became the norm. BYOD continues to predominate in many organizations.
This has made MDM a more important field than ever. IT policies may have been relaxed with regard to BYOD. But in tandem, IT has had to up its game in managing mobile devices. MDM has stepped into the breach. Organizations use MDM to remotely enroll personal devices into the enterprise systems. This allows them to monitor behavior, enforce security policies, and facilitate productivity, and detect threats and breaches.
The flood of money into MDM tools has encouraged the vendor community to innovate.
MDM solutions are becoming more sophisticated. Machine learning and AI are being incorporated to enable data and systems to be subjected to analysis. MDM systems are appearing that are able to assign or enroll devices with pre-programmed data profiles, VPN access, software, access privileges, and much more. IT now has the ability to track its dispersed workforce more easily, as well as monitor, troubleshoot, and decommission devices when the need arises. Some tools can even wipe device data in the event of theft, loss, or breach.
The marriage of MDM and various forms of virtual reality (VR) is opening new doors for field service, maintenance, and technically challenging occupations. For example, augmented reality (AR) tools are emerging that use special glasses, goggles, and headsets that allow field technicians and support personnel to compare physical equipment to digital specifications, job requests, and other information.
As the technician or field rep looks at the object, component, or system, a digital representation appears within their field of vision to verify it is the right valve to inspect, the correct place to weld, or the exact piece of equipment that needs to be removed. The best systems even allow a less experienced person to show a senior engineer (sitting far away) to see the job site so they can walk the other person through the task or answer questions.
MDM has always had some interest in security. It was unavoidable. To manage mobile devices effectively means providing certain safeguards – if only alerting others in the enterprise to a potential situation. MDM is now heading one step further. It is merging more tightly with security applications. Syxsense, for example, provides MDM within a suite that includes integrated patch management, vulnerability scanning, security threat remediation, and IT management. This greatly enhances security while keeping mobile devices safe from malware and other cyber threats. IT can use the Syxsense Enterprise platform to spot anomalous behavior, detect strange activity at ports, at exfiltration attempts, and more.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
Once upon a time, there was anti-virus. Then anti-spam, adware, malware protection, ransomware protection, mobile device protection, and on and on. As new threats appeared, the vendor community came out with a fix.
According to Gartner, the big trend these days is to bring all, or many, of these tools together in one integrated package. Known as Unified Endpoint Management (UEM), Gartner analyst Dan Wilson says UEM is entering the mainstream. It has achieved a market penetration of between 20% and 50%, depending on the vertical and the size of the organization.
“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Wilson. “UEM tools apply for data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”
In essence, UEM consolidates a disparate collection of tools to bring greater simplicity to endpoint management. It streamlines a great many manually intensive tasks and processes across multiple devices, platforms, and operating systems. And the field continues to evolve. Beyond unified management of a few tools, it is heading more closely towards complete integration of identity, security and remote access services while beginning to a role in support for zero-trust security initiatives. Further, analytics, machine learning, and Artificial Intelligence (AI) are also gradually being incorporated to further the goals of end-to-end automation of scanning, deployment of agents, software, updates, and patches, and remediation of threats and other issues. This not only reduces IT overhead, it helps to improve the overall employee experience while greatly improving the organizational security profile.
Gartner listed some of the advantages:
• Location-agnostic endpoint management and patching.
• Enabling the anywhere workforce.
• Reduced total cost of ownership (TCO) of managing endpoint devices.
• Simplification of device management and support processes.
• Reduced security risk through support for more device types and OSs
• Enhances policy management.
• Integration with identity, security, and remote access tools.
“IT looks to simplify and streamline endpoint deployment, management and patching to enable provisioning of new devices for remote employees, improve device performance and reliability as well as visibility across the endpoint estate, and reduce security risk,” said Wilson.
Market Evolution
There are signs, though, that the market is evolving yet again. Two distinct branches are appearing.
• UEM tools focused on endpoint management and bringing together a diverse range of tools.
• Unified Endpoint Security to unify multiple security tools under one umbrella.
Syxsense Enterprise takes things a stage further. It unified UEM and UES to create the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.
For more information, visit …
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.
In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.
At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.
Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:
JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.
A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Google issued a supply chain attack warning about open-source software. Despite being a proponent of open source, Google voiced its support for the Package Analysis Project of the Open Source Security Foundation (OpenSSF). The goal is to automate the detection of malware introduced into popular open source repositories such as npm for JavaScript and PyPl for Python.
Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.
Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.
Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.
Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.
Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/
A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.
Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. How can IT teams better manage the trade-off between endpoint security and the employee experience?
An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. With the pandemic forcing people to work remotely and to rely on devices beyond the traditional desktop, the study found that cybercrime has jumped overall by 500% since the start of the COVID-19 era. Smartphones, laptops, and tablets became the tools of choice of the work-from-home (WFH) brigade. And this led to a much greater security risk, particularly in highly regulated industries.
The report highlighted a big area of difficulty for IT: the trade-off between endpoint security and the employee experience (EX). At one extreme, things can be made so secure that almost no one can access systems or communicate to anyone else. At the other end of the scale, everything is so easy to access that criminals waltz in unannounced and undetected, steal valuable data, take over user identities, gain administrative privileges, and drain corporate bank accounts.
Researchers make the point that the explosion in mobility and WFH overstretched the capabilities of many IT departments. Security, in particular, fell badly behind in an increasingly distributed and autonomous workforce world. Not only are companies getting hacked in far greater numbers, but employee frustration has risen sharply. They are resigning in greater numbers than we have seen for decades. A talent crunch is emerging right at a time when more staff are badly needed across all functions. IT and security teams are threadbare in many cases. And good IT team members can’t be counted upon to stay loyal as headhunters are always looking to lure them elsewhere with higher pay.
Study Findings
The study discovered that relatively few employees are aware of security risks and corporate policies addressing these risks. 27% of employees only view security policies once per year or less. Similarly, 39% receive security awareness training less than once per year. Out of sight, out of mind appears to be the case. Instead of constant reminders, they get a quick dose of security training or policy awareness which is soon forgotten.
In any case, 41% believe security policies restrict the way they work. They just don’t accept that they shouldn’t use a USB drive or that they should be deprived of convenient online services. For example, 53% consider that they are more efficient using Dropbox and Gmail than their approved corporate tools.
Passwords came up as another major bone of contention. 31% of people use a password management tool. The other 69% select passwords that are easy to remember. There is a link here to EX. Most users have countless passwords, pins, logins and security safeguards they are supposed to remember. For work, most have dozens of passwords when you factor in HR, production tools, financial systems, payroll, benefits, corporate intranet, VPN, and email. And then there are personal accounts which often have to be accessed during work hours such as preferred hotel sites, airlines, personal banking, personal email, and more.
The policy may require 10-character passwords and that Xd! must be included – and must be changed every month. But when so many passwords and characters are in play and password managers aren’t trusted due to being a single point of failure, sloppiness is inevitable.
Bring Your Own Device (BYOD) reared its head as another area of big risk. The study found the use of BYOD has surged over the past two years. These days, 64% of people use personal devices for work. Unfortunately, less than a third of organizations have instituted a program to enhance BYOD security. On top of that, shadow IT has become an even bigger issue. IT has lost control of the use of the approval process for apps. As they often don’t control the devices, they don’t know what’s been put on them. Even when they do have some control, the accessibility of cloud and SaaS resources can make it hard to know if some department head or staffer has subscribed to online services. Some may be very secure. But many aren’t.
Bottom line: 72% of employees values their personal privacy over company security. In such a climate, security must rise to the challenge. It must be comprehensive, but it must also not inhibit the user from performing their duties. By automating security and delivering it over the cloud, Syxsense Enterprise provides real-time vulnerability monitoring and instant remediation for every single endpoint in an environment. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution, Syxsense.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
May 5th of 2022 was celebrated as World Password Day. News stories were everywhere about how to improve password security, the best ways to implement multi-factor authentication, why a stronger password policy was needed, and what tools to use to better educate users. All represent vital actions and approaches. But they won’t be enough. According to a Google study, 24% of personal and professional accounts have used “password,” “Qwerty” or “123456” as their account password. “Admin” is another popular one. And, of course, people often use their date of birth, or that of their spouse, children, or grandchildren – all of these are easily hacked.
The same Google study found that only a third of users change their passwords frequently. Most of the rest hope to never have to change a password ever again. When forced to do so by adding yet more digits as well as capitals, numbers, and symbols, they often feel resentment. Instead of enhancing security, such security policies often have a contrary effect. Some users get even sloppier: Post-It note reminders in open view; and writing down passwords in a log, or in a document in a computer file.
Meanwhile, the bad guys have gotten smarter, faster, and more devious. They have password guessing algorithms that can crack soft passwords in no time at all. That’s why users are regularly prompted to add to more digits to their password. Six digits were once enough. Then eight. Now it is ten or more.
As the number of passwords increases and they become more and more complex, the current industry solution is to use a password management tool. But Google found that less than a third of people use them. Many don’t trust them as they have then no idea about any of their passwords should an emergency arise such as losing their phone or laptop. Thus, more than two-thirds of users continue to select passwords that are relatively easy to remember. Made to use ten digits, they often choose 1Password! to get around the latest security policy inconvenience.
Helpful tips are everywhere attempting to explain to users why they must change their habits. These tips all make sense: Don’t use sequential numbers or letters, avoid the use of your birth year/month/day; combine letters, numbers, and symbols and use unrelated words; avoid the names or words found in dictionaries; use a password manager, and don’t reuse passwords. Yet user habits are proving hard to break.
Password Breaches Are Inevitable
No matter the security policies set, the number of digits demanded, or the multiple authentication factors demanded, there is one sad, inconvenient, and inevitable truth. The bad guys are going to crack a password somewhere in the enterprise – or convince some gullible person to click on a malicious link or attachment. There is no avoiding this fact.
Despite that, organizations must continue to set good password and security policy, enforce it tirelessly, and add as many safeguards as they can to minimize the chances of password breaches. But they must understand, too, that a password somewhere or other will be hacked – and maybe it already has.
That’s why organizations must regularly scan the network and all devices for potential vulnerabilities. Vulnerability scanning is a proven way to prevent cyber security attacks. Scans will quickly detect any signs of a breach: where a password has been compromised, the back doors and ports re-configured by hackers, and any signs of data exfiltration attempts. IT can then prevent serious damage. By scanning authorization issues, security implementations, and antivirus status, vulnerability scans offer insights into any misconfigurations or compliance violations that may be present. By addressing these rapidly, the organization greatly reduces its attack surface and minimizes the chances of a breach.
The Syxsense vulnerability scanner is not only a complete security management package, but it is also effortless to employ with a user-friendly interface. As it is automated, that allows IT to focus on priority tasks while it scans and secures the system. Decide how often and for how long it should run, and the scanner runs monitors and secures the entire network at the pre-determined frequency and time. It also is available in an automated and integrated suite that includes patch management, mobile device management, and IT management.
For more information:
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
