SPONSORED CONTENT
Select Page
Sponsoren
Securing the workplace

The hybrid workplace has become the accepted norm. But being outside the corporate perimeter can make home workers a tempting target for cybercriminals – here’s how to fight back.

View here

Hoe zero trust de gaten in de beveiliging van endpoints kan dichten

Computerworld, door de redactie

Opvallende ransomware-aanvallen op grote bedrijven – zoals die op Albert Heijn, waarbij hackers het kaaspakhuis platlegden, trekken veel aandacht. Het MKB ontspringt daar de dans niet. Het loopt evenveel risico. Een aanval op een kaaspakhuis mag als een grap klinken, het is echter een serieuze zaak. Er zijn meerdere bedrijven in Nederland getroffen door de fall-out van de Kaseya-inbraak en de Universiteit van Leiden kreeg te kampen met een ransomware-aanval.

Een recent rapport laat zien hoe groot de bedreigingen zijn waarmee kleine bedrijven te maken krijgen. Uit gezamenlijk onderzoek van het Nederlandse Openbaar Ministerie en de politie, blijkt dat een verbluffende 46% van de kleine en middelgrote ondernemingen werd geconfronteerd met ransomware, wat leidde tot aanzienlijke kosten. Hoe pakken kleinere organisaties dit ransomware probleem doeltreffend aan?

De Covid-19 pandemie is een drijvende kracht achter veel van deze aanvallen. Het HP-rapport Blurred Lines and Blindspots laat zien hoe het toenemende aantal thuiswerkers direct leidde tot een overeenkomstige toename van het aantal aanvallen. Dit impliceert dat de meeste endpoints niet langer veilig achter de firewall van het bedrijf staan. Een situatie die niet snel verandert.

Werknemers thuis hebben toegang nodig tot belangrijke gegevens: operationele data, klantgegevens, financiële documentatie, factureringsinformatie, om er maar een paar te noemen. Niet bij deze gegevens kunnen staat gelijk aan verlies van werkeffectiviteit. Kortom, alle gegevens zijn dus in gevaar en er is maar één klik nodig is om ‘besmet te raken’. Het is het makkelijk voor te stellen dat dit een grote kans is voor criminelen.

Een traditionele aanpak van veel beveiligingsexperts is gegevensbeveiliging door toegangsbeperkende maatregelen te treffen. Ook wordt gelaagde authenticatie toegepast. Deze beperkingen zijn vaak ongecoördineerd ingezet. Het verhoogt de veiligheid, maar zal de thuiswerkers snel frustreren, aangezien ze geen of beperkte toegang krijgen tot de gegevens die nodig zijn om goed te kunnen werken.

De eerste verdedigingslinie voor bedrijven is de werknemers op te voeden om niet op vreemde links te klikken, geen e-mails van dubieuze bronnen te openen en geen spelletjes op hun werk-pc’s te downloaden. Op kantoor wordt dat over het algemeen begrepen, maar in een thuisomgeving gaan de regels het raam uit. Er hoeft maar één persoon onvoorzichtig te zijn om zo schade te berokkenen.

Dan zijn er nog de traditionele technische manieren om laptops en PC’s te beveiligen, zoals malware beschermingssoftware. Het is een goed idee deze aanpak als tweede verdedigingslinie te gebruiken, al is niet afdoende om ransomware bij uw gegevens weg te houden. Zero day exploits of door machines gegenereerde malware zijn er wel tegen bestand. Ook de beschikking hebben over next-gen detectie brengt geen soelaas. De slechteriken hebben dat ook, en zij hebben de malware dusdanig verfijnd dat deze ondetecteerbaar is.

Hoe nuttig ook, de traditionele beveiligingswijzen zullen uiteindelijk falen. Bedrijven moeten voorbereid zijn op de mogelijkheid dat er malware binnenkomt. Het gaat juist om de vervolgstappen, zodra besmetting een feit is. De malware moet automatisch worden tegengehouden zodra deze gegevens probeert te bereiken. Dat kan alleen met een systeem dat een zero-trust houding heeft bij elke actie.

Kwaadwillige acties kunnen vanuit vele mogelijke endpoints komen. Niet alleen vanuit een gebruikersaccount, maar ook vanuit firmware, de applicatie of het besturingssysteem. Het systeem moet elke toegang tot middelen beoordelen op basis van de context. Wie is de gebruiker?  Welk apparaat gebruikt hij/zij gewoonlijk? Op welke plaats bevindt de persoon zich? Correleert de actie van deze persoon met zijn dagelijkse werk? Alleen wanneer afwijkingen automatisch en in real time worden opgespoord en geïsoleerd, heeft een bedrijf een kans tegen de steeds professioneler wordende ransomware.

Bedrijven die de beste bescherming willen, benutten de mogelijkheden van Zero Trust.  HP kiest hier voor een bijzondere aanpak en probeert bedreigingen zo dicht mogelijk bij de bron aan te pakken om risico te beperken. HP Wolf zoomt met name in op specifieke bedreigingen: het openen van bijlagen, onveilige USB-sticks en onveilige links. Hier is eindpuntbeveiliging het sleutelwoord.

Vanzelfsprekend is de strijd hiermee niet gestreden: HP Wolf Security, brengt daarom kunstmatige intelligentie, in-memory breukdetectie en zelfherstellende firmware, samen op één platform.Alleen een integrale aanpak zal ondernemingen in staat stellen om  de strijd aan te binden tegen het soort ransomware-aanvallen dat we de laatste jaren hebben gezien.

Multi-layer defence is critical to reduce cyber risk

By Computerworld, Contributing Editor

Cybercriminals are rubbing their hands with glee right now. They live in a world the attack surface is getting larger by the day. First, employees get a host of new devices, like smartphones, tablets and laptops, that they can take beyond the company firewall. On top of that, with many people working from home, company data is in danger, as cybercriminals sharpen their phishing spears and finetune their ransomware attacks.

At a boardroom level the severity of this threat is not always recognised. The budgets for cyber security remain low and IT and security leaders do not get a free hand in securing the company data.

There are plenty of examples of what can happen when ransomware does get through. This year alone, the world has seen some massive attacks on well-established organisations. Probably the most notorious was the assault on the Colonial Pipeline business in the US. But there have been plenty of other examples in the past few months: Axa France, PC vendor Acer, and the Irish Health and Safety Executive have all been hit.

The Netherlands has not been spared by the cyber criminals. Recently, we’ve seen the REvil attack, that got in through software from Kaseya. And don’t forget the Rotterdam Maersk terminal that shut down for weeks. So, there are plenty of examples to confirm how serious such attacks are.

Besides the severity of the threat, executives should be aware that the threat landscape is constantly moving: it transforms and evolves. This means it is no solution to have a static security system in place and to be done with it. In fact, this is a recipe for disaster because complacency creeps in and employees think they’re safe when they’re not

Security should also be continually evolving, while security professionals should be aware of what is happening everywhere in the world. It’s therefore essential for businesses to work with partners who are aware of the latest developments in security and the global threat landscape.

But the first thing to do is letting the CSOs or CISOs do their jobs. Give them the responsibility and the ability to get secure. The first thing they will do is a risk assessment. What data is under threat?  What will be the cost when it is compromised? How can the threat be mitigated? This assessment should be a continuous process as nothing stands still.

There’s a need to put security procedures in place. CSOs/CISOs must ensure that everyone has responsibility when it comes to security and must know what to do … or not do when it comes to encountering shady sources.

And on the technical side, any security partner should get its threat information from a worldwide network of endpoints so it can recognise malware as quickly as possible.

But no matter how good security is, it should always be prepared for the eventuality the malware does get through. Therefore, security should be based on the principle of Zero Trust. This means not one action is trusted without question. All access to resources is assessed based on context. Is the user in Russia or China, while he was in Amersfoort just a few seconds ago? Is accessing the data he tries to handle part of his everyday job? Does he usually use a device like the one he is on now?

But this Zero Trust security also looks at what the firmware is doing, or the operating system, or a printer. It has to look at every action possible. When these assessments of actions happen in real time, malware can be isolated immediately.

All those layers must seamlessly work together to protect data. This is where the HP Wolf Security platform comes in.  Enterprises need a solution that can fight against all levels of cyber attacks, all within a single platform. And most importantly, works effectively in the workplace and external environments, like the home.

HP Wolf Security will be a first line of defence against ransomware attacks. It will make extensive use of AI technology as a way of combatting the most relentless attackers.

It can render malware harmless through threat containment, which shrinks the addressable attack surface by delivering protection against the most common attack vectors. Wolf Security also offers self-healing firmware, in-memory breach detection and automated alerting helps IT and security teams to monitor, manage and recover from remote firmware attacks.

Added to this, cloud-based intelligence and data gathered via endpoints enhance threat data collection to turn a traditional weakness –the endpoint –into an intelligence gathering strength.  Of course, CIOs can always manage this themselves but HP Wolf Security provides everything in one platform.

Enhanced endpoint security, what you need to know

By Computerworld, Contributing Editor

It sounds like stating the obvious, but working from home is very different from working in an office. It’s not just the lack of commuting – or the fact that there’s a fridge close to hand – but a difference in working practices too.

The blunt truth is that many workers use their work devices for personal matters. They even let other members of the household use them, for homework or games. And how wrong this may seem, you cannot blame them for it, as working from home means folding your professional life with your life at home and the people you love.

The figures bear this out. According to HP’s Blurred Lines and Blindspots report, 76% of office workers say that working from home during the pandemic has blurred the lines between their personal and professional lives. Half of all employees now say that they now see their work device as their own personal device, and 46% admitting to using their work laptop for ‘life admin’.

Still, criminals know all this just as well and they’ve raised their game as a result. Of course they do, because there is something to be gained here. The company data is out there in the open, outside the corporate network. So attackers are targeting home workers, and they are fine-tuning their methods along the way.

So, there’s a need to have control of the endpoint, but that is easier said than done. When you let overactive security experts have their way, you get all kinds of layers of authentication. In the end, productivity will be the victim of this, as workers cannot access the data they need to get their work done.

What is needed is a layered approach. The first layer is prevention. The user needs to be aware of the danger and take responsibility. This means keeping Windows up-to-date and knowing they cannot click on any link they see, open emails from untrusted sources or download games on their work devices. They also need good passwords and change them ever so often. Just these steps will save a good deal of trouble.

The next layer is detection. Here, old school anti malware software is not enough to protect against new malware and zero day exploits. It should be next generation detection based on artificial intelligence. However, the bad guys have it as well and they can fine-tune their malware so it will not be detected. So, therefore, there’s a need for another layer that takes care of the response.

In this layer, threads are immediately isolated. This layer of security should be built up from the hardware. Depending on the malware, the attack can come from anywhere in the endpoint. From the user account, an application, but also from the firmware or the operating system or even a printer. Actions, that are out of the ordinary, wherever they come from, should be stopped and contained.

All those layers must seamlessly work together to protect data. This is where the HP Wolf Security platform comes in.  Enterprises need a solution that can fight against all levels of cyber attacks, all within a single platform. And most importantly, works effectively in the workplace and external environments, like the home.

It can render malware harmless through threat containment, which shrinks the addressable attack surface by delivering protection against the most common attack vectors. Wolf Security also offers self-healing firmware, in-memory breach detection and automated alerting helps IT and security teams to monitor, manage and recover from remote firmware attacks.

Added to this, cloud-based intelligence and data gathered via endpoints enhance threat data collection to turn a traditional weakness – the endpoint – into an intelligence gathering strength.

Do you want to experience the possible solutions for these challenges? Go to: https://www.idc.com/eu/events/68172-idc-security-benelux

Cybersecurity podcast series: Current state and future preview

The modern enterprise has to face various security threats. From ransomware to phishing, these potential attacks cause headaches for CISOs. In this series of podcasts, a number of security experts talk with leading executives from HP about the current state of the cyber-security industry, how companies can face up to the threats, how to prepare users and what to expect in the future. 

How zero trust can plug critical gaps in endpoint security

By Computerworld, Contributing Editor

High profile ransomware attacks on major businesses – like the one on Albert Heijn, where hackers knocked out the cheese warehouse, get plenty of attention. But SMBs should not be complacent; they’re equally at risk. An attack on a cheese warehouse sounds like a joke but it’s serious business. At least two Dutch companies were hit in the fallout from the Kaseya breach and the University of Leiden was also hit by a ransomware attack.

A recent report shows the level of threats that small businesses face. The survey, produced jointly by the Dutch prosecutors office and police, revealed that a stunning 46% of SMBs had to deal with ransomware, necessitating a considerable financial cost. So, how do smaller organisations handle this problem and deal with ransomware effectively?

The Covid-19 pandemic is the driver for many of these attacks. The HP report Blurred Lines and Blindspots reveals how the increasing numbers of home workers has directly led to a corresponding increase in attacks. This means that most endpoints are no longer safely behind the company firewall, but out in the open.It’s a situation that is not likely to ease any time soon.

Workers at home will still need to access all the important company data: operational data, customer data, financial records, billing information, you name it. If they cannot reach it, they cannot get any work done. So all data is under threat. And as it usually takes only one click to get infected, you can imagine this is a great opportunity for criminals.

Traditionally, many security experts think it is a good idea to secure the data by restricting access and several layers of authentication. These are too often added in an uncoordinated way. While increasing security, this will quickly frustrate home workers as they will not be able to access the data they need to do their work properly.

The first line of defence for any business is to educate employees not to click on any strange link, not to open emails from dubious sources and not to download games on their work PCs. In the office, that’s generally understood, but get into a home environment and rules go out the window. It takes just one person to be careless and the damage is done.

Then there are the traditional technical ways to secure laptops and PCs, like malware protection software. It is certainly a good idea to have it in place as a second line of defence, but it is not nearly enough to keep ransomware away from your data. It does not, for example, protect you against zero day exploits or machine generated malware. And even when you have next generation detection in place, you cannot rest assured. The bad guys have it as well, so they can fine-tune their malware so it will not be detected.

However useful, the traditional ways of looking at security ultimately fail. Companies should be prepared for the eventuality that malware gets through. It is all about what happens next, in other when they do get infected. The malware should be stopped automatically when it tries to get hold of any data. And this is only possible when there’s a system in place that has zero trust in any action.

The malicious action can come from anywhere in the endpoint. Not only from the user account, but also from the firmware, the application or the operating system. The system should assess every access to resources based on context. Who is the use?  What device does he usually use? What location is he in? Is what he is doing part of his usual job? Only when anomalies are automatically and in real time detected and isolated, does a company stand a chance against the ever more professional ransomware.

Companies who want to get the most protection, will have to use the potential of  Zero Trust.  Here’s where HP has taken a particular approach and looks to meet any threats as close to the source as possible, as that way they cause fewer threats.  In particular, HP Wolf zooms in on specific threats: opening attachments, insecure USB sticks and unsafe links. Endpoint security is the key word here.

Of course, that’s only half the battle: HP Wolf Security, also brings together artificial intelligence, in-memory breach detection and self-healing firmware, into one platform, only then will enterprises be able to fight against the type of ransomware attacks that we’ve been seeing in the past few years.