Knowledge Center

Making an ROI Case for SecureCircleMaking an ROI Case for SecureCircle
August 6, 2020

Making an ROI Case for SecureCircle

Many of our customers have budgeted projects to improve or replace existing data protection solutions, so the ROI (return on investment) case has been made upfront. Typically this results from customers having poor experiences with DLP (data loss prevention), utilizing new cloud-based workflows, and needing better protection for sensitive or regulated data. A company board often reacts to an internal data breach event or an event at a peer or competitor, which strikes a nerve that a breach could happen to them. 

IBM's Cost of a Data Breach Report 2020 lists the average cost of a data breach to be $3.86M (worldwide). In the US, the average expense is $8.64M, the highest of any country. The financial impact of a data breach is why organizations that recently have a security event are always willing to pay for additional security—the cost of a security solution pails in comparison to the value of the data breach.

The threat of a GDPR fine also looms over companies. The EU has issued GDPR fines of over €100M fourteen times in the past 19 months. The most substantial penalty to date is still British Airways at over €204M. 

With the recent push to employees working from home, many companies spent a lot of money increasing VPN (virtual private network) capacity. Using VPNs to virtually place devices on the corporate network is a flawed security model. Under a Zero Trust security model, organizations have to assume threats already exist within the corporate network. Spending the money on the implementation of the fundamentals of Zero Trust would be a better alternative. 

If your company doesn't have a Zero Trust initiative, here are some tactical ways to show a quality ROI?

  • Do not renew existing products such as DLP, IRM (information rights management), Disk Encryption, File Encryption, and CASB (cloud access security broker). Depending on the data workflow, removing these products becomes an option for companies. In the case of DLP, DLP also requires discovery and classification tools, which SecureCircle does not need.
  • DLP requires ongoing rule creation and management. Rules allow or reject every action. The operational overhead burdens organizations with hundreds of hours of work each year. SecureCircle's Zero Trust model protects by default and doesn't require the overhead other solutions require.
  • One solution many organizations use is VDI (virtual desktop infrastructure). Customers create VDI walled gardens to keep sensitive data such as source code protected. Developers hate VDI because it is slow and restricts productivity. VDI licenses are also costly. 

Each of the three suggestions creates a positive ROI that also provides superior protection, mitigation for data breaches and insider threats, transparent end-user experience, and without the burden of legacy operational overhead.


Read Article
Blog
Hackers Targeting Small EnterprisesHackers Targeting Small Enterprises
August 4, 2020

Hackers Targeting Small Enterprises

For an average hacker, small enterprises can be the perfect target. Many small enterprises tend to have less sophistication in their company's cybersecurity or assume that they are too small even to attract hackers. These reasons pave the way for hackers to attack small enterprises efficiently. According to the 2020 Verizon Data Breach Investigations Report, almost a third of data breaches involved small enterprises. 

Many small enterprises lack the security that many larger organizations have to protect their data. Small enterprises are more vulnerable because they often do not have the budget to take on higher security measures. On the other hand, some may not want to spend their budget on cybersecurity, assuming that hackers will have little to no interest in their data. When small enterprises overlook the value of their information, they give hackers a more significant advantage. Unfortunately for these small enterprises, hackers will attempt to take any personably identifiable information of customers. According to the Verizon report, phishing is the biggest threat for small organizations. The increasing number of small enterprises using cloud and web-based applications and tools allows them to become prime targets for hackers. 

Many small enterprises involved in successful data breaches struggle to stay open. When small enterprises are not prepared enough to handle a cyberattack, they may shut down. Almost 60% of small enterprises close their doors within six months of the attack. Many of which are due to the lack of money and customer trust. 

Security researchers have uncovered that Magecart, a group of malicious hackers, was able to infect over 570 e-commerce sites worldwide over the past three years. The group targetted small enterprises assuming that they were less well-defended. Along with that, the group was able to compromise about 700,000 customer cards and made millions. This example shows how essential cybersecurity is to small enterprises. Without it, they can face many consequences, such as lost revenue, compliance fines, and negative impacts on reputation.

With SecureCircle, small businesses will have a cost-effective solution to protect their data. As the impacts of data breaches are rising, small enterprises should take on higher security measures. SecureCircle's Data Access Security Broker (DASB) protects data at all times, including at rest, in transit, and in use. With DASB, your control will never be compromised while enabling access. 


Read Article
Blog
Security Weekly Virtual Hacker Summer Camp InterviewSecurity Weekly Virtual Hacker Summer Camp Interview
August 4, 2020

Security Weekly Virtual Hacker Summer Camp Interview

For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control, and audit data that egresses form these services onto endpoints. SecureCircle protects data that egresses from cloud services and allows you to have control over it.

Read Article
News
The Missing Link For Zero TrustThe Missing Link For Zero Trust
July 30, 2020

The Missing Link For Zero Trust

The future holds endless possibilities. The next great moment, widget or experience is just around the corner. In cybersecurity, we have heard promises for a better future for decades. Different product categories have come (and, in some cases, gone). Many products were merely features and not a solution to a fundamental problem.

Marketing campaigns paint a picture that one solution fixes all your problems. The reality is there is no magic solution. One product isn't going to protect against phishing, malware, ransomware, lost or stolen devices, accidental sharing, malicious insiders, misconfigured permissions and secure collaboration.  

What the industry has been aiming for is a zero-trust solution. To implement zero trust, you need to have control over authentication, network, device and data. Today you can achieve control over authentication, device and network, but there is no control over data.

Once a user authenticates their identity, device and network, how do organizations protect data the user downloads from their SaaS solutions, like finance, human resources, sales or even software source code? Organizations need to add control over their data to achieve zero trust.Authentication occurs over many protocols, but one of the most popular today is security assertion markup language (SAML). SAML centralizes identity and access management across cloud and endpoint. Identification must be managed centrally for all access control. Managing multiple authentication systems leads to data breaches, such as misconfigured authentication to cloud applications.

Achieve device control via mobile device management (MDM) and endpoint detection and response (EDR). MDM enforces that endpoints have a proper security posture, ensuring EDR and DASB installation. Administer the posture before the device gains access to cloud solutions such as Salesforce, Workday, GitHub or QuickBooks. Without a standard baseline security posture, a computer that downloads sensitive data may be at risk or may already be compromised. EDR will maintain security on the device and protects for malware, antivirus, key loggers and suspicious insider behavior. EDR can automatically monitor and disable suspicious devices and block the device and user from accessing any sensitive data based on historical usage profiles. An EDR is not looking for a specific risk signature but is looking for suspicious or unexpected behavior.

Transport layer security (TLS) ensures network control. TLS has replaced the secure sockets layer (SSL). The combination of MDM and SAML can ensure a device is connecting from a secure network location before accessing sensitive cloud data.

Read Full Article at https://www.forbes.com/sites/forbestechcouncil/2020/07/30/the-missing-link-for-zero-trust/#951a1613ce55


Read Article
News
Cybersecurity Strategies (Infogram)Cybersecurity Strategies (Infogram)
July 30, 2020

Cybersecurity Strategies (Infogram)

The 2020 IBM Security Cyber Resilient Organization Report surveys more than 3,400 IT and security professionals from all over the world to determine their ability to detect, prevent, contain, and respond to cybersecurity incidents. SecureCircle offers the most innovative method of protecting any data using many of the strategies listed. 
Read Article
Blog
Data Security is Not Data Privacy Data Security is Not Data Privacy
July 27, 2020

Data Security is Not Data Privacy

Often the terms data security and data privacy are misused or interpreted as the same thing. Since data security and data privacy are both essential components of data protection, it is vital to know the difference between the two. Think about it this way. You protect your house with a door.  If the door is glass, does the door provide privacy? Two related but different concerns.

Data security protects valuable company and customer data and prevents the data from leaving the house. Data security applies specific controls, standard policies, and procedures via administrative tools, physical security, logical controls, organizational standards, and more. All of which leads to the protection of unauthorized access, accidental loss, and destruction of your data. 

Data privacy, on the other hand, is concerned with the proper handling of your data. For instance, when enterprises and organizations use data or information provided or entrusted to them, the data should only be used with consent from the owner. The data owner will have to provide information such as what types of data will be collected, for what purpose, and whom it can be shared with. The European Unions' GDPR (General Data Protection Regulation) requirements include the consent of subjects for data processing. Another critical element for privacy compliance with GDPR and CCPA (California Consumer Privacy Act) is allowing users to opt-out and have their data removed from any database.

With SecureCircle, your organization can achieve data protection over data in the cloud and local endpoints. SecureCircle's Data Access Security Broker (DASB) protects data without changing user behavior or business workflows. DASB protects all data by default and creates an opt-out security model that does not rely on discovery or classification.

SecureCircle’s data access security broker (DASB) automatically tracks data within a file. When data from a protected file is copied and pasted into a new document, the new document automatically is protected with the same permissions as the original file.

While SecureCircle protects data from leaving the house, it can also aid in data privacy. Data privacy is based on internal workflows to segregate users and processes which can access data. Often, a database or SaaS application stores sensitive data, and users export and download the data to their computer for utilization.  Organizations lose control of the data once it leaves the SaaS application. Control is also lost when users email and transfer the data to coworkers and even external 3rd parties. DASB automatically protects the data that egresses from the cloud service or SaaS app and tracks the information as it moves. Organizations can report on all users that have accessed specific files and their derivatives.  Organizations can also disable files that contain data that no user should have access to as part of GDPR or CCPA data hygiene.

Data security and data privacy are different. Luckily SecureCircle solves data protection for cloud and local data without impacting users or workflows. DASB aids companies in meeting data privacy requirements such as GDPR and CCPA. With SecureCircle, the glass door on the house becomes a wooden door. The wooden door is able to protect your house as well as secure your privacy. SecureCircle allows you to have both data security and data privacy. 








Read Article
Blog
Targets on Large EnterprisesTargets on Large Enterprises
July 27, 2020

Targets on Large Enterprises

Large enterprises have always been targets for hackers. Most hackers are mainly attracted to the massive amounts of capital and the customer base of large enterprises. According to the 2020 Verizon Data Breach Investigations Report, almost two-thirds of data breaches involved larger enterprises. 


Even though most large enterprises can afford to take on higher cybersecurity measures, why do they encounter so many data breaches? Well, unfortunately for enterprises, it is virtually impossible to prevent cybercriminals from attacking. According to the Verizon report, phishing is one of the top threats towards more substantial enterprises. Since larger enterprises have more employees than smaller enterprises, a lot more mistakes can occur.  Human errors allow data to be left vulnerable.  The challenge for large enterprises is to scale security.  


Along with the more substantial amount of employees, large enterprises also have more suppliers and partners. By acquiring another company, large enterprises also risk any vulnerabilities and security issues their third-party may have. Many possible human errors that could occur in large enterprises allow a lot of data to be left vulnerable.


Hacking larger enterprises can be more difficult for cybercriminals compared to smaller ones. However, if the hackers are successful, they can gain so much more from it.  Per the Verizon report,79% of cybercriminals' motivation for attacking large enterprises is financial gain.  Many hackers can make a fortune just from gaining loads of personal data to sell on the dark web.


So far this year, many data breaches involving large enterprises have occurred. Many enterprises, such as Marriott, Microsoft, and Nintendo, have suffered from a cyber attack. All of which have compromised millions of users and their private data. Even though many larger enterprises can survive their cyberattacks, most have lost trust from their customers. 


Even though large enterprises deploy cybersecurity, many still struggle to prevent cyber attacks. With SecureCircle, large enterprises will have a cost-effective solution to protect their data. As data breaches continue to rise, larger enterprises should take on more effective security measures. SecureCircle's Data Access Security Broker (DASB) protects data at all times, including at rest, in transit, and in use. With DASB, it empowers you to enable secure access and full data control with no impact on applications, workflows, overhead, or end-user experience.


Read Article
Blog
Secured Files on Adobe Creative CloudSecured Files on Adobe Creative Cloud
July 22, 2020

Secured Files on Adobe Creative Cloud

Millions of designers rely on Adobe Creative Cloud to share and collaborate with others on their work. Without proper protection, many designers risk their work being leaked to the public. This would allow anyone to view and claim the designs as their own. Designers use Adobe Creative Cloud for many different purposes. Some may use their designs as renderings for upcoming products such as a new phone, drone, toy, etc. While others may use this tool for their commercial campaigns and advertisements. With all of the possibilities on Adobe CC, extreme security measures should be taken to assure designers that all their data is safe and secure. 


Adobe CC users historically have had limited options to protect their data. Symantec Endpoint Protection is one option, however, it does not protect files from the Creative Cloud application suite such as Photoshop, Illustrator, InDesign, Premiere Pro, and After Effects. Symantec, Data Loss Prevention (DLP), and Rights Management solutions are reduced to simple file encryption solutions when the applications and file formats are not supported by the data protection solutions. Even though file encryption protects the data while in-transit, once the recipient receives the data it becomes vulnerable. Recipients can forward the unprotected file to anyone they want without the original designer’s consent. Without the proper protection, sharing creations to certain individuals can risk sharing it with almost anyone. 


With SecureCircle, all file types, file sizes, and applications are supported. Data remains protected at all times; at rest, in-transit, during migration, at the new storage location, and in-use. SecureCircle ensures that only authorized users are able to view the protected data. The original designer has the ability to update the permissions on shared data or to revoke them at any time. 


With SecureCircle, users will be able to protect their data while maintaining existing workflows and applications. Users of the Creative Cloud, would not have to rename any files or change extensions in order to protect their data. With SecureCircle, designers are able to protect themselves and their work on the Adobe Creative Cloud.


Read Article
Blog
Brazil’s Version of GDPR is LGPD Brazil’s Version of GDPR is LGPD
August 5, 2020

Brazil’s Version of GDPR is LGPD

Brazil’s version of GDPR is LGPD 


Brazil initially passed LGPD (Lei Geral de Proteção de Dados) in 2018 to go into effect in February 2020. The implementation date pushed to August 16, 2020, which is about a month away. Is your company ready?

Let's compare LGPD to the European Union's General Data Protection Regulation (GDPR).

Personal Data

  • Both LGPD and GDPR have a similar scope of personal data. LGPD is technically a broader definition that includes any data that, by itself or combined with other data, could identify a natural person or subject them to a specific treatment.

Data subject rights

  • These are necessarily the same. LGPD broke our 'the right to information about public and private entities with which the controller has shared data' out of the more generic GDPR 'right to be informed' right.

Data protection officers

  • LGPD implies that any organization processing data require a data protection officer (DPO). GDPR has precise rules for when a DPO is required.

Legal basis for processing

  • GDPR lists six lawful bases for processing data. LGPD lists ten, and the most unique from GDPR is 'to protect credit (referring to a credit score).'

Reporting data breaches

  • GDPR has a specific 72-hour notification requirement. LGPD does not have a firm deadline.

Fines

  • A GDPR violation can cost companies up to 20 million Euros or 4% of the annual global revenue, whichever is higher. LGPD is less severe. Maximum fines in Brazil are 2% of the company’s revenue in Brazil from the prior fiscal year, excluding taxes, up to a maximum of 11 million Euros. The 11 million Euro fine is not a concern for any of the world's largest data processors.

At the highest level, LGPD and GDPR are the same with small differences.  It will be worth watching how Brazil enforces LGPD since GDPR is not enforced strictly in Europe.



Other GDPR and regulation-based articles

Insider Threats

Data protection needs to be agnostic like Switzerland

California Consumer Privacy


Read Article
Blog
Source Code - Holy Grail of Data ProtectionSource Code - Holy Grail of Data Protection
July 15, 2020

Source Code - Holy Grail of Data Protection

Source Code - Holy Grail of Data Protection

CISOs and CTOs have almost given up on the idea that protecting the company crown jewels - source code - is possible. Legacy data protection solutions encumbered developers to the point developers refused to work. Developers are the most demanding employees asking for more freedom to work in the way they want. The software development workflow is also very complex. Code lives in multiple online repositories that are both public and private. Developers clone code to their local machines. Source code data exists everywhere. How do you protect data that is stored and used in so many places?

Traditional protection software like Information Rights Management (IRM) and Data Loss Prevention (DLP) may work for office productivity files. But there is no application integration with Integrated Development Environment (IDE) tools such as Xcode and Virtual Studio. Classification fingerprints used by DLP are very fragile, and even the smallest change results in files not being appropriately classified.

Many organizations try to contain source code by deploying virtual desktop infrastructure (VDI) to developers. Developers work in a VDI environment that never allows data to leave. These environments are incredibly costly, impact developer performance, as well as increase operational management. Developers complain VDI restricts their ability to work quickly.

Read: How a Cyber Security Company (CSC) replaced VDI with SecureCircle.

SecureCircle's Data Access Security Broker (DASB) provides an alternative to IRM, DLP, and VDI that doesn't impact the developers while retaining control of source code at all times. Let's walk through a simple workflow and how DASB protects source code.

  • A developer clones a project from the company GitHub repository to her local machine. DASB has a policy to automatically protect any data downloaded from the repo to a local computer. The entire project is protected.
  • As she updates her project, MagicDerivative automatically protects all changes. MagicDerivative protects content as it moves from file or application even with copy-in-paste or SaveAs.
  • The developer can use any allowed IDE or application to edit source code. SecureCircle monitors the applications that attempt to access protected data. If the user, device, and application are permitted, the developer accesses the content as if no protection was in place. 
  • Protection is persistent, so even if the developer copies all the data to a USB or AWS and gives access to a friend, the friend will not be able to access any of the protected data. 
  • DASB's data-centric approach allows access control to follow data regardless of location.

With SecureCircle, CISOs and CTOs finally have a solution to protect core company assets such as source code without impacting developers.




Additional source code related articles

Securing Source Code & Intellectual Property While Working from Home

AWS Source Code Leak


Read Article
Blog
VPN False Sense of SecurityVPN False Sense of Security
July 9, 2020

VPN False Sense of Security

VPNs (Virtual Private Networks) made headlines last week after the National Security Agency (NSA) warned corporations could be vulnerable to cyber-attacks if not correctly secured. The warning comes as organizations adapt to office closures, and employees continue to work from home.

Foreign hackers could exploit Palo Alto Networks' vulnerability. "Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML (Security Assertion Markup Language) is in use. Foreign APTs (Advanced Persistent Threat groups) will likely attempt exploit soon," the U.S. Cyber Command said on Twitter.

The vulnerabilities allow attackers under certain conditions to take control of a device without needing a password. Once control over a device is lost, hackers can gain access to the rest of the network. The issue is a critically severe flaw gathering a maximum possible risk rating of 10. 

VPNs allow remote devices to securely connect to a corporate network and act as if the remove device was on the local network with access to local servers, applications, storage, and printers. While VPNs provide a level of protection, VPNs do not protect data from malicious or accidental insiders that already have access to the corporate network.

With employees more likely to be working from home, data protection needs to move from a perimeter or device concept to a data-centric approach. A data-centric data protection solution will persistently protect the data. Data can originate on an employee's endpoint or from a SaaS solution like Salesforce, Workday, Github, or Quickbooks.

A recent Digital Guardian report highlighted a 123% increase in the volume of data copied to USB drives during the COVID-19 pandemic. The same story also shares an 80% increase in data egress across all channels during the same period.

SecureCircle's Data Access Security Broker (DASB) protects data at times, including at rest, in transit, and in use. DASB is the only Data Loss Prevention (DLP) solution focused on data. Data is monitored and tracked as it moves between files and applications. If protected information is copied and pasted into a new document, DASB will automatically protect the new document with the same permissions as the original content.

The key to any security solution is the solution must be transparent. Legacy approaches ask employees to change their behavior and reduce their productivity. Compatible with any application, DASB is entirely transparent to users and doesn't require any change to the workflow.

After patching the Palo Alto Networks VPN, consider SecureCircle to protect data within the corporate network, on endpoints, and in your SaaS applications.

Read Article
Blog
Remote Workforce? Protect Your Data Wherever It LeaksRemote Workforce? Protect Your Data Wherever It Leaks
July 6, 2020

Remote Workforce? Protect Your Data Wherever It Leaks

Security that follows the data is the only solution

Companies need to enable their teams to work from any location across the world, including work from home. Remote distributed workforces have grown 44% over the last 5 years, enabling access to specialized talent, reduced office overhead, flexible freelance-based staff, and of course an increased ability to adapt to unforeseen world events.

Enabling remote work requires security diligence. The risk of a data breach within an enterprise is already high - add to this the potential of data leaking onto remote workers’ personal devices, cloud applications, and public shares, and your risk is amplified exponentially. Supporting remote work also requires additional layers of compliance, typically to show data is protected by default and tracked and audited at all times. 

Search “securing remote workforce” on Google and you will find lots of articles preaching traditional security best practices: have remote workers log in via virtual private network (VPN), ship secure devices to remote workers, classify all your data and set up data loss prevention (DLP) to monitor and block data sharing, set up a cloud security access broker (CASB) to restrict access to non-sanctioned cloud applications, etc.  Some of these measures are important, some offer partial protection, and some are a significant impediment to worker productivity. 

Why are remote workforce security measures insufficient?

Most data protection tools focus on putting up walls around the data, rather than protecting the data itself. Unfortunately, each solution that puts up walls, such as a DLP, is very complex and error-prone. There are just too many possibilities where the security team can fail to configure some aspect of the technology appropriately and leave a gap, especially in today’s continually changing landscape where sharing and collaboration tools that focus on productivity are far ahead of legacy security tools. There are just too many possibilities of the data being misclassified, where DLP incorrectly allows the data to pass unfettered. 

Traditional security measures can also be insufficient if they don’t scale. For example, in the case of a significant weather event or pandemic, a remote workforce may put too much strain on the corporate VPN. 

Why does remote security reduce productivity?

Given all the potential protection gaps in data protection, as the remote workforce increases, the risks increase. The security team starts to add more heavy-handed DLP rules, forcing staff to use a very narrow set of applications and workflows and slows down from false positives. Many will attempt to lock down a remote workers’ experience entirely with virtual desktop infrastructure (VDI). VDI can be very secure, but it comes at considerable cost in the form of usability and productivity. As staff feels increasingly pressured to get their jobs done despite all of these blockers, they increasingly find workarounds, literally undoing the security team’s work. This leads to a vicious cycle, a downward spiral of security gaps and productivity drains. 

The solution is data-centric protection.

The only way to break the vicious cycle of insufficient security and hampered productivity is to shift the data protection strategy from attempting to secure every possible endpoint to securing the data itself, by default. 

The Data Access Security Broker (DASB) platform provides data-centric protection. With DASB, any data is automatically protected by default, and this protection is persistent no matter where the data goes or how it is accessed. Moreover, once DASB is implemented in the enterprise, it automatically protects any other similar data it comes in contact with, expansively extending DASB’s protection to any new and existing data in the enterprise automatically. 

Most importantly, DASB requires no changes to the user experience. Employees, no matter where they are working from, use the applications they want, in the way they want, with no plug-ins, pop-ups or special viewers. Unlike other attempts at remote security such as VDI, DLP, orDigital Rights Management (DRM) that force constrained workflows and put unfair limits on file types, applications, and versions, end-users are not even aware that DASB is protecting data behind the scenes unless they attempt to violate business policy. 

The organization has persistent access control even in the event that data leaks onto an unauthorized device or cloud, or into the wrong hands. DASB tracks every action taken on protected data and reports it to your Security Information and Event Management (SIEM), turning every action into an auditable event. 

When data is protected by default and stays protected and audited wherever it goes, even if it leaks into the wrong hands, it stops the vicious cycle of insufficient security and reduced productivity. Companies can finally get off the hamster wheel of constantly trying to discover and classify new data, and constantly trying to find and plug vulnerabilities in your remote security infrastructure. And only then,  when thousands of remote workers are accessing data daily from their personal devices and cloud applications, the CISO remains confident that data is airtight.


Read Article
Blog
Healthcare Internal Threat SolutionHealthcare Internal Threat Solution
July 6, 2020

Healthcare Internal Threat Solution

The rate of internal threats is on the rise, leaving many organizations at risk. In some industries, they occur way more frequently whether it's accidental or malicious. The healthcare industry is one of the most commonly threatened according to Verizon’s 2020 Data Breach Report. They are leading with a 48% rate of internal threats while many others range from around 25-30%. 


Internal threats can be just as - if not more - dangerous than external threats. This is because insiders have added advantages such as security access, knowledge of procedures, and organizational trust that aren’t attainable to outsiders. Access to these resources, allow the insiders to maliciously attack the healthcare industry. A common motive for this is financial gain. With healthcare data attracting a high price on the black market, employees may be tempted to engage in malicious activity. Healthcare insiders mainly aim to steal protected health information and healthcare records in order to profit from thieves who use it for financial fraud. 


Although many internal attacks are malicious, the majority of them are from employee errors and negligence. These threats include the accidental loss/disclosure of sensitive patient information, sharing login credentials, writing down login credentials, incorrect disclosure, sending data to the wrong recipient, and responding to phishing messages. Careless workers may be well-intentioned but, the negligence of sensitive data can be just as destructive as a malicious attack. 


Healthcare organizations have not been able to detect many internal threats, leaving breaches unnoticed for many months or even years. Because of this, internal threats in healthcare are continuing to rise and threaten many organizations and patients with severe consequences. The amount of risk with these internal threats is shocking, considering the value of the data that is being handled on a daily basis. A patient's record can sell for up to $1,000 due to the amount of information found in the documents. The documents include the patient's date of birth, credit card information, Social Security number, address, and email. The risk to healthcare data and the compliance requirements around PHI should force us to rethink our data security program. 


With SecureCircle, the healthcare industry is able to diminish internal threats from occurring. SecureCircle’s Data Access Security Broker allows you to have continuous protection over your data even after granting access to users, processes, and applications. DASB works transparently and ensures that your data is protected whenever it is consumed, created, stored, and modified. With SecureCircle, healthcare organizations have complete visibility over their data and will be able to monitor the activity that takes place to their data. 


Read Article
Blog
The Ransomware Protection SolutionThe Ransomware Protection Solution
June 19, 2020

The Ransomware Protection Solution

Ransomware continues to be a daily headline in the news. In the past week, we have

seen Honda, CFO, and Microsoft. In 2019,the Internet Crime Complaint Center (IC3)

received 2,047 ransomware complaints, with losses over $8.9 million.


To prevent ransomware from infecting an organization, deploy SecureCircle and an

Endpoint Detection and Response (EDR) solution such as Crowdstrike. SecureCircle

will ensure that unauthorized users cannot access any data that leaves an organization.

EDR will block known ransomware and stop the execution of ransomware via

unpatched vulnerabilities. SecureCircle and EDR provide a productive ransomware

protection solution.


There are a few types of ransomware attacks.

Crypto ransomware encrypts valuable files on a computer so that the

organization cannot access them. Thieves ask for money to get their files back

Locker ransomware does not encrypt files. It locks the victim out of their device,

preventing them from using it.

Data theft ransomware may or may not encrypt the data on a computer, but it will

transfer the data to an offsite location. The thieves ask for money to not release

the data to the public.

SecureCircle prevents data theft attacks such as the Grubman Shine Meiselas and

Sacks law firm. Data is always protected, and if data transfers to an offsite location, it

would be protected, and the thieves would not have any access to the content. Celebrity

legal content would not be published online.


Remediate the crypto and locker types of attacks with proper backup solutions. Backups

need to be isolated, so the attack does not compromise the backup data. The retention

window needs to be long enough that clean backups are available. While restoring data

can take time as well as reimagining computers to remove the attack, this option

provides a viable path to recovery.


SecureCircle recommends companies do not pay ransoms. There is no guarantee

paying payments will return data. Only 26% of US companies paying the ransom got

their files unlocked.


Companies have been desperate to find solutions to ransomware attacks, including

using decrypters found on the web. This week a fake STOP Djvu ransomware decryptor

was found that deploys new ransomware.


Paying a ransom or reversing the ransomware should not be relied on to keep

organizations safe. Instead, prevent ransomware with SecureCircle and a proper EDR

solution.


Read Article
Featured
NYPD Privacy BreachNYPD Privacy Breach
June 19, 2020

NYPD Privacy Breach

The New York City council demands an investigation to determine how the mayor's daughter's arrest record was released on Twitter. They believe there are two guilty parties; those who committed the privacy breach from NYPD and those who knew about it and did not notify any city officials. 


Among the millions of people protesting over the killing of George Floyd, a few were arrested. One of the individuals, Chaira de Blasio, known as Mayor Bill de Blasio's daughter, was arrested for refusing to leave the street of the protest. 


The union, the Sergeants Benevolent Association, used Twitter to release the report documenting the arrest of Chiara de Blasio. This report contained personal information of Blasio, which exposed her date of birth, address, height, weight, and driver's license details. Because it was a violation of privacy and could endanger an individual's safety, Twitter removed the post and suspended the account. Even though the post was removed, many people were still able to view and copy the document.  


Major Bill de Blasio was not notified of the arrest until it was published on Twitter. The S.B.A stated that the tweet intended to question the mayor's strategy towards policing the protests. They suspect that the mayor is holding back the police department due to his daughter protesting. 


With SecureCircle, organizations would have visibility over every user that opens a specific file. Even though authorized users will be able to access the protected data, every attempt in doing so would be logged. The logs would show users, devices, and applications that attempted to access the data. If this privacy breach occurred with SecureCircle, they would quickly discover the individual who publicly exposed the data. 


Read Article
Blog
Popular App Mathway Leaks Users RecordsPopular App Mathway Leaks Users Records
June 19, 2020

Popular App Mathway Leaks Users Records

Mathway, a popular app to assist students with math, suffered a massive data breach. More than 25 million user records have potentially been sold on the dark web by hackers known as the ShinyHunters. 

According to an interview with ZDNet, the hacker claims to have breached the app in January 2020 but began selling data in May 2020. The data has been up for sale for the equivalent of 4 thousand dollars on the dark web. This data included the users’ emails, hashed passwords that may have been cracked, and back-end system data. The creators of Mathway have now alerted users that may have been affected by the breach to change their passwords. 

As a college student, I have been using Mathway for a couple of years now to assist me with some complex math problems. Mathway allows you to create an account with them and if you are someone who constantly uses the app like me, you have a choice to purchase a subscription with them. This subscription assists you even more than the free version but charges you up to twenty dollars a month which obtains all of your credit card information when doing so.

On May 29, 2020, I was notified that my account with Mathway may have been affected by this data breach. I was informed that I should immediately change my password in the app in case any of my data was stolen. While doing so, I realized that I use the same exact passwords for many different sites and apps such as Facebook, emails, Instagram, and many others. Because of this, if my passwords were actually stolen, hackers would easily be able to gain access to multiple different accounts of mine. 

Lesson 1: Always use unique passwords. It is very important to have completely different passwords for different accounts in situations like these which can leave your data in a vulnerable position.

After working at a SecureCircle for about 6 months, I learned why these data breaches should never occur in the first place. SecureCircle’s Data Access Security Broker (DASB) moves access control policies from the storage system of the data to the data itself.  Transforming data protection from device-centric to data-centric. This access control works with local and remote storage systems and cloud file systems without requiring a change to applications. 

Lesson 2: With SecureCircle, Mathway could have protected its users’ data wherever and whenever it was moved. 

Data breaches like these could easily be avoided with trustworthy data securities like SecureCircle. It is very common for these hackers to target many popular apps such as Mathway because of how many people use the exact same logins for other websites.


Read Article
Blog
What is Data Loss Prevention?What is Data Loss Prevention?
June 19, 2020

What is Data Loss Prevention?

Data Loss Prevention (DLP) is a broad topic. Many products claim they're DLP solutions, including DLP, Information Rights Management (IRM), and encryption. All focus on different aspects of security. The DLP goal is to prevent data breaches and protect data, including intellectual property and personal information in all forms, including Personally identifiable information (PII), credit card information known as Payment Card Industry (PCI), Protected Health Information (PHI), and much more. Regulations like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) exist because data breaches made news headlines daily, and governments decided corporations need oversite.

DLP went mainstream in 2007 when Symantec bought Vontu. At the time, Vontu was the Gartner Magic Quadrant leader in Content Monitoring and Filtering and Data Loss Prevention. The core DLP feature was blocking sensitive data from being copied.

"The ultimate goal of data-loss prevention is to change employee behavior," director of product marketing at Vontu said in an interview regarding the release of Vontu DLP 8 in 2007.

Regardless of the features, data types, and brands involved in the DLP market, the idea employees need to change their behavior in the name of security has been present. Because altering employee behavior is so difficult, a workflow evolved within the DLP world: Discover, Classify, Protect. The result is to identify only the subset of data that is important and needs protection.

There are two main flaws with this approach. First, changing employee behavior is a herculean task. Second, this workflow relies on employees making data classification decisions. For DLP, IRM, and file encryption, users have to decide what is essential to protect. Users, however, aren't good at making these decisions. Most users will classify the data so that it is easy for them to do their work, such as sending reports externally to customers or partners. Even if employees are diligent in making decisions, data that is not important today may be sensitive tomorrow. Employees OPT-IN to security in the legacy DLP model, deciding what should be secured.

How does SecureCircle achieve data protection?

For SecureCircle, we take a fundamentally different approach to data protection than legacy DLP. We protect data by default. Employees must OPT-OUT of security in the SecureCircle model.

Transparent

Unlike the goal of legacy solutions to change users' behavior, SecureCircle believes security should be transparent to users and business workflows. Authorized users work with protected data in the same method as before. Unauthorized users are the only users to see error messages when trying to access data without proper permission.

Data-Centric

Legacy technologies focus on protecting the device or the file. Legacy DLP tries to prevent the file from leaving the device, blocking the ability to copy a file to a USB drive, blocking Save-As, or removing attachments from email.

SecureCircle protects data, not files or devices. A data-centric approach to data security focuses on the information that needs protection instead of the network, device, or application.

SecureCircle's data-centric protection allows files to move anywhere, including removable media and cloud storage. The data is persistently protected at rest, in transit, and in use. Unauthorized users can't access protected documents.

Proactive

SecureCircle doesn't rely on fragile data classification. Instead, SecureCircle's MagicDerivative(TM) autonomously protects data based on content. MagicFolder(TM) and MagicProcess(TM) autonomously protect data based on context.

MagicDerivative autonomously monitors protected data and protects similar data with the same permissions as the initially protected content. If an authorized user accesses a protected spreadsheet and copies data from the spreadsheet to a new presentation file, the presentation is autonomously protected with the same permissions as the original spreadsheet since the data has moved to the presentation. Save-As automatically creates a protected file since the contents of the new file are similar to the contents of a protected file. Even when a user manually recreates the content of a document, the new document will be autonomously protected.

MagicFolder and MagicProcess automatically protect data based on context. Enterprise Resource Planning (ERP) finance reports generated and placed into the Finance folder on a file server are automatically protected. The Finance folder is a MagicFolder, and all files placed into that folder automatically are protected. The files and data remain protected when users download the files from the file server to their computer.

MagicProcess enables applications to protect all output autonomously and allows complete protection for finance, HR, design, CAD, media, source code, and any other application that creates data that should never leave an organization.

How does this benefit my organization?

SecureCircle's unique features and overall approach to data loss prevention allow organizations to protect data without impacting end-users or changing business workflow. Organizations can support a wide range of use cases such as accidental and malicious insiders, intellectual property and source code protection, lost or stolen devices, data visibility for regulated data, third party collaboration, and more.

SecureCircle is proactive data loss prevention, at scale, that is transparent, and data-centric.

Read Article
Blog
Distributed-Workforce | Case StudyDistributed-Workforce | Case Study
June 19, 2020

Distributed-Workforce | Case Study

A digital marketing firm (“DMF”) with Fortune 500 customers and an entirely distributed team of employees and freelancers.

The Challenge

Headquartered in the Bay Area, California, DMF utilizes a distributed team of employees and freelancers to provide their services. A distributed team allows DMF to select the best employees while managing cost. However, ensuring data security and privacy with a distributed workforce is a challenge. 

DMF is trusted with developing marketing campaigns and advertising for new products. None of the information is public knowledge, so keeping their customer’s data private is extremely important. Leaking information would ruin their relationship with customers and risk future projects.

Like many enterprises today, DMF can’t simply lock down their sensitive customer IP with traditional security tools. They need a way to share IP securely with their distributed workforce, while always maintaining control of the data, being confident that it could never be leaked. And the kicker - since work happens at such a fast pace, they need their security to be completely invisible to the distributed team, so that each team member is free to use their preferred tools and productivity is never slowed down. 

Security that enables complete protection and control of data even as it flows into a distributed team, while being completely invisible, ensuring unfettered productivity, has not been possible in the industry. Until now.

The Solution

Upon implementing SecureCircle, DMF protects confidential project data regardless of where the information is created, stored or consumed. All distributed team members  work at maximum productivity using their preferred tools, because the security is invisible. Besides the SecureCircle agent, no additional software  nor integrations are  required. File names and extensions are never changed. In fact, the only time employees notice SecureCircle is when they attempt to access data that they do not have permission to access. And DMF’s administration can see every action on every file, with instant  awareness of any malicious activity from insider or external threats.

SecureCircle’s competitive advantage is transparent and automated protection which doesn’t impact end user or business workflow.

DMF quickly onboarded employees and freelancers by inviting them into various Circles. Circles are a collection of data, users, and devices which have the same access control. DMF deployed multiple Circles to segregate its customer’s data. Employees working on one customer’s projects are not  able to see projects for other customers in which they are not involved. Users who are working on both customers’ projects are simply added to both Circles. As new customer projects emerge and others finish, DMF can easily revoke and change staff permissions in real-time. Freelancers can be quickly onboarded or removed from a project.

DMF has a file server that all the employees use to share files and store final projects. The file server is a virtual Windows server hosted in Amazon Web Services (AWS). DMF installed the SecureCircle client on the Windows server to manage data policies on the Windows server. Each customer folder was designated a MagicFolder™. MagicFolders allow any data placed into the folder to be automatically protected and added to an existing Circle. So all files uploaded to the customer folder were automatically protected and added to The Circle.

SecureCircle tracks protected data as it moves. As employees download files to work on their devices, the data remains protected at all times. SecureCircle’s patented transparent protection allows files never to be decrypted. Files are encrypted in transit, at rest, and even in use. As data is created and edited, derivative works are automatically protected by SecureCircle’s patented MagicDerivative™. MagicDerivative will automatically safeguard data as it moves from file to file via copy-paste or even if manually recreated. Creating duplicate copies of the data or Save-As will result in protected files. Employees are free to use any application to complete their work and can store and send files via existing tools like Dropbox.

SecureCircle’s competitive advantage is transparent and automated protection which doesn’t impact the end user or business workflow. SecureCircle can be deployed quickly and protect any data, the highest return on investment in a security world full of heavy enterprise tools that require huge effort and yield little return. Since workflows are not changed, employees do not need to be trained on how to use the solution and there is no ongoing IT or security burden to maintain the solution.

Benefits

• Transparent data protection which doesn’t impact end users or business workflows. Distributed teams can use the tools they want to optimize productivity and results. 

• Automatically tracks protected data and protects derivative works.

• Data is always protected. Files are never decrypted

• Data is persistently protected no matter where it goes, even in public shared folders like AWS, a common attack vector

• Revoke and change permissions in real-time. Freelancers can be quickly onboarded or removed from a project

• Works with Windows, Mac, Linux, iOS, and Android


The Outcome

SecureCircle enables DMF to secure data with a distributed workforce without requiring employees to change their workflow. DMF maintains complete protection and control over their sensitive customer IP.


Read Article
Case Study
Follow the Data Breach and DLP MoneyFollow the Data Breach and DLP Money
June 19, 2020

Follow the Data Breach and DLP Money

The average cost to an organization with a data breach was $8.19M in the US last year.  Up from $3.54M in 2006.  As the impacts of data breaches increases, it makes sense organizations are spending more money to prevent costly breaches. Worldwide Data Loss Prevention (DLP) market revenue growth will be from $1.24B in 2019 to $2.28B in 2023.  Investing in DLP solutions to prevent data breaches makes sense.  

Hidden Cost

A 10,000 employee organization may pay up to $500,000 a year for their DLP license, configuration, and support.  To make DLP work, organizations must follow the discover, classify, and protect paradigm.

In this example, the same 10,000 employee company purchases licenses, support, and professional services: $150,000 for a discovery tool and a $200,000 for a classification tool.  Let's also assume the company spends $150,000 for a user behavior analytics (UBA) tool.  In total, the company pays $1,000,000 per year.

Why are those solutions so expensive?  DLP is a competitive space.  Competition should keep prices in balance.  What you find for many of the legacy DLP, classification, discovery, and UBA tools is that they make most of their revenue from services.

Professional services are needed to configure, monitor, re-configure, and generally make the solutions work.  The tools are so cumbersome that companies need to hire professional services to set up and maintain the solution.

The current Symantec DLP admin guide is over 2500 pages.  DLP also manages everything by rule.  Admins need to set up hundreds or thousands of rules to allow or deny various workflows.

Varonis is a popular UBA solution with over a $2B market cap and makes over 50% of its revenue through services.

SecureCircle Alternative

SecureCircle's technology and approach are entirely different from legacy DLP.  Other articles describe the technical merits of SecureCircle versus DLP. From a numbers point of view, SecureCircle doesn't require discovery, classification, or UBA tools to function.  Immediately eliminating $1,000,000 spend a year for our example 10,000 employee company.

SecureCircle manages policies by exception, so the initial configuration and daily management are minimal.  Admins manage changing user permissions in the company's Active Directory, so no additional tools to learn.

CISOs and IT departments have growing demands and limited budgets.  Free up money and resources by selecting the proper DLP solution.



Sources:

Ponemon Institute 'Cost of a data breach' 2019

Statista Worldwide DLP Market Revenue Forecast

Varonis 10-K


Disclaimer:

Software license costs are estimates and vary by volume, features, vendor, etc.

Read Article
Blog
Law Firm Leaks Celebrity DataLaw Firm Leaks Celebrity Data
June 19, 2020

Law Firm Leaks Celebrity Data

The New York law firm of Grubman Shire Meiselas and Sacks that serves some of the many well-known celebrities such as Lady Gaga, Madonna, Mariah Carey, and U2 appears to have fallen into a REvil ransomware attack. The REvil hackers are threatening to publish the stolen documents from the Grubman clients in nine staggered releases unless they fulfill the demand of $42 million in ransom.   

The attack links to a domain the law firm used with an unpatched Pulse Secure VPN server. Vulnerability data confirmed that the law firm had a vulnerable server for almost two months. Unfortunately for them, during that time, many threat actors were actively scanning for unpatched VPN servers. 

The vulnerability scan for open internet ports for vulnerable VPN servers cannot confirm that REvil hackers used it to plant ransomware and encrypt files. The REvil hackers are known for targeting unpatched VPN servers, which may have led them to Grubman. REvil is also known to use these servers to gain access to networks and steal their credentials, plant malware, and attack. 

Ransomware has two main approaches. One is to encrypt all the data in place at the victim’s site and demand ransom for the decrypt key. The second is to transfer all the data to an alternative location and demand ransom for not releasing the data to the public.  

SecureCircle Data Access Security Broker (DASB) customers who have faced similar attacks or malicious insiders only need to worry about the first ransomware approach. The case of releasing sensitive information to the public is not possible with SecureCircle. The hackers will have stolen protected data encrypted with AES-256. Even with a 100 petaFLOPS supercomputer, the hackers would need 3.67x1052 years to break a single key. With SecureCircle, each file uses a unique key.

The first type of attack which encrypts data in place is still possible with SecureCircle. The hacker would encrypt an already encrypted file. Recover from an encrypt-in-place attack by implementing a proper backup solution that isolates the backup data and keeps multiple revisions of files.

With SecureCircle, minimize ransomware attacks to annoyances similar to SPAM email. Annoying and not productive, but nothing making CNN and TMZ headlines.








Read Article
Blog