On the 23 March 1989, an asteroid missed the Earth by an astronomical whisker. Travelling at a speed of more than 45,000mph, the asteroid came within 500,000 miles of collision. Had it hit, it would have obliterated everything within a 40-mile radius of the impact site.
In astronomy circles, 23 March is now fondly referred to as ‘Near Miss Day’. To mark the occasion, we have gathered insight from industry experts on the security strategies businesses should implement to avoid their own 'near misses'.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“Just like the astronomers in 1989, who didn’t discover the asteroid until eight days after it passed the closest point to earth, most companies never even know about cyber security ‘near misses’. In our 2015 Web Application Security Statistics report, 24% of the survey respondents had actually experienced a data or system breach. But how many more had a near miss? Well, according to the same report, more than half of the surveyed companies in the Retail and Healthcare industries exhibit at least one major application security vulnerability every single day of the year. Unless we accelerate the remediation of application vulnerabilities, near misses will eventually turn into devastating hits.”
Wieland Alge, VP & GM EMEA at Barracuda Networks:
“Just like consumers, organisations are increasingly adopting SaaS applications such as Office 365 and Salesforce. But while the popularity of these applications grows, there is one issue that is not widely publicised – SaaS data protection. Most SaaS vendors backup data to protect against application downtime, but they cannot protect companies from themselves; if a field within the application is changed, either accidentally or on purpose, the overwritten data can be lost forever.
“Companies must demand the same level of data protection for their SaaS deployments as they have for their existing on-premise applications. So if there’s one ‘near miss’ you take steps to avoid, make sure that SaaS application data is protected from both technology and human errors.”
Thomas Fischer, Principal Threat Researcher at Digital Guardian:
“Every day countless employees will receive malicious phishing emails. As we’ve seen in the recent Seagate, Snapchat and continued Dridex attacks, without the right protection in place there’s always a chance that someone will be fooled and sensitive data will be breached. By having an understanding of the processes and behaviour that are common to malware attacks, organisations can reduce the risk that a ‘near miss’ becomes something far more damaging.
“Companies should implement user awareness programmes and solutions that warn the user when an unauthorised program attempts to download a file from the Internet, or write a file to disk. This will help users recognise when an attacker is trying to access the system and prevent malicious processes going on in the background.”
Richard Beck, Head of Cyber Security at QA:
"A recent study revealed that when it comes to IT security, human error is the second biggest concern among IT decision makers. And that’s not surprising when you think about it. Statistics vary but Verizon’s latest Data Breach Report found that human errors are involved in almost 30% of all security incidents. A similar study from CompTIA cited human error as being the root cause of 52% of security breaches. When it comes to cyber security companies often put technology first, and training trails behind in second place. But both should be deployed in equal measure. The best technology in the world won’t protect against the actions of an employee who, whether intentionally or through an innocent mistake – opens the door to attack.”
Daniel Raskin, SVP Product Management at ForgeRock:
“The IoT is particularly vulnerable to ‘near misses’, as security and identity standards for connected devices are still being established. Organisations face significant financial, reputational and legal consequences if personal user data is leaked to the public or is hacked by cyber criminals. Relationships cultivated for years are lost in seconds when customer trust is compromised. Security for digital organisations must go beyond simply checking username and password.
“Businesses must be able to extend digital identity to all IoT devices in order to secure their digital ecosystems. The right digital identity platform provides continuous security across all users, devices and cloud services. Credentials are no longer enough to ensure security. Now, context is required to understand the true nature of the digital interaction. Does the customer usually log in from Norway? Do they have a wearable device that is allowed to access their health data? Around what time does this login usually occur, and what kind of system do they use? Customer digital interactions must be constantly monitored.
“Protecting personal data is essential for retaining customer trust. With billions of IoT devices going online and countless digital relationships developing, all identities in the digital ecosystem must be continuously authenticated."