Category: Privileged User

12 Feb
2015

When it comes to data security, identifying what you consider your crown jewels is the first step in the data security recovery program. Legacy products can be expensive and negatively impact performance. Organizations need to realize that the complexity and fear of access control is a thing of the past. ClickToTweet: Why a Data Security Platform is an Enterprise Priority #DefenderOfData http://bit.ly/1uLLONG Before we get started on recovery, here are a few things you need to ask yourself: How much […]

A GUIDE TO THE CIO’S TOOLBOX

Posted By: Alan Kessler, @kessalan
03 Feb
2015
Categories : Cloud Computing, Cloud Security, Data Breach, Insider Threat, Key Management, Privileged User            Leave a comment           

In my blog from September 2014, I wrote “encryption and access controls are your front-line defenses for defending data-at-rest. Given today’s threat environment, encrypt everything possible, everywhere possible.” While lots of things change in 6 months – the projected World Series Champion, the Super Bowl front-runner, Taylor Swift going from tweeting about dating to tweeting about hacking – this recommendation remains constant. <ClickToTweet>: IT Security Improvement – A Guide to the CIO’s Toolbox from @kessalan #DefenderOfData http://bit.ly/1yz8Hjy Data-at-rest is susceptible […]

22 Jan
2015
Categories : Data Breach, Data Protection, Data Security, Insider Threat, Privileged User            Leave a comment           

While news about the malicious hacking trade and the actions of elusive cyber-criminals continue to grab headlines, the third of our annual Insider Threat reports confirm that the risk posed by those legitimately ‘inside the fence’ continues to top business data security concerns. Of course, there can be no denying that the breadth and depth of private and public sector breaches in the past few years that have resulted from trusted insiders turning rogue or being compromised by perpetrators of […]

15 Dec
2014

I try to keep on top of the news, particularly as it relates to the nature and severity of cyber attacks taking place. Sadly, there’s been no shortage of reading material lately. Last month, there were reports on breaches at Kmart and Dairy Queen (my family loves Blizzards). Updates then came out about a massive breach at Home Depot. Then more recently, there’s been the spate of nation-state attacks on the USPS, National Oceanic and Atmospheric Administration (NOAA), Sony Entertainment […]

From the CEO’s Chair: 2015 Data Security Predictions

Posted By: Alan Kessler, @kessalan
01 Dec
2014
Categories : Big Data, Cloud Security, Data Breach, Data Security, Encryption, Privileged User            Leave a comment           

It’s the most wonderful time of the year! That’s right, it’s that time for my predictions about where things are headed in 2015. Before you break out the eggnog, don a sweater and settle in front of that roaring fire, I thought it might be fun to do a very brief “year in review” based on a year’s worth of blogs. <ClickToTweet>: 6 key #DataSecurity Predictions for 2015 from @kessalan CEO of @Vormetric http://bit.ly/1B7bA0g Early 2014 saw me counting down […]

The Twin Drivers to Reprioritize IT Security Spending Now

Posted By: Andy Kicklighter, @akicklighter (Twitter)
13 Nov
2014
Categories : Cloud Computing, Data Encryption, Data Security, Encryption, Privileged User            Leave a comment           

A bit over a week ago some of our senior executives were in New York for a CSO summit. Our own CSO (Sol Cates) and CEO (Alan Kessler) were among those attending. One observation from the summit – this year’s sad (and still growing) total of data breaches is causing people to pause and reflect about how their security dollars are being spent, and how they could be used more effectively. <ClicktoTweet>: Twin Drivers to Reprioritize IT Security Spending @akicklighter […]

The Long Game of “Encrypt Everything”

Posted By: Alan Kessler, @kessalan
06 Oct
2014

Data encryption is increasingly at the forefront of American conversations around cybersecurity. In fact, Fusion’s Daniel Rivero, citing government intrusion and overreach, went so far as to call it “the second amendment battle for the digital age.” Given October is National Cyber Security Awareness Month, it only seems appropriate to explore the benefits of encryption – a strategy that helps keep businesses accountable to their customers, partners, employees and stock holders. Click to Tweet: The Long Game of Encrypt Everything […]

In mid-April, Verizon released their annual Data Breach Investigations Report. The report accounts for not only breaches, but also “incidents” unlike previous years which only covered reported breaches. The new 10 year trend summary explains that servers accounted for the highest number of breaches and greatest percentage of breaches by asset type—accounting for around 45% in 2013. This signifies that the number of breaches from servers is up nearly 300% from 2009 – less than 200 in 2009 to nearly 800 […]

Categories : Cloud Security, Data Security, Privileged User            2Comments            Tags: , ,

In my last post I outlined the difficulty organizations are having in preventing insider threats, despite increased incidents and awareness. Much of this stems from the nature of the “privileged user,” which changes as organizations grow, requiring additional access at a time when their own corporate networks grow increasingly complex. Right now CISOs are spending up to 80% of their security budget on perimeter defenses such as anti-virus software, firewalls and limiting outside connections to the network. The problem is […]

Categories : Data Breach, Data Security, Encryption, Privileged User            Leave a comment           

Speaking to the Wall Street Journal a few days ago, a spokeswoman for Target confirmed that the attack was facilitated by credentials stolen from a third-party vendor. This latest revelation undoubtedly demonstrates the significant risk posed by unsecured, unmonitored access credentials and the importance of securing ‘privileged user’ accounts. Attackers have clocked the easy way in; they’re going after the weaker spots on the network to get a foot in the door. Low-level employees or temporary outside contractors are often […]