Category: All

Cost of a Data Breach Report 2019

This year’s Cost of a Data Breach Report explores several new avenues for understanding the causes and consequences of data reaches. For the first time, this year’s report details the “long tail” of a data breach, demonstrating that the costs of a data breach will be felt for years after the incident. The report also examines new organizational and security characteristics that impact the cost of a data breach, including: the complexity of security environments; operational technology (OT) environments; extensive testing of incident response plans; and the process of closely coordinating development, security, and IT operations functions (DevSecOps). Continuing to build on previous research, the 2019 report examines trends in the root causes of data breaches and the length of time to identify and contain breaches (the breach lifecycle), plus the relationship of those factors to the overall cost of a data breach. Following the 2018 report’s initial examination of “mega breaches” of greater than 1 million lost or stolen records, we continue this research with comparative data for 2019. And for the second year, we examined the cost impacts of security automation, and the state of security automation within different industries and regions.

Lost business is the biggest contributor to data breach costs*

The loss of customer trust has serious financial consequences, and lost business is the largest of four major cost categories contributing to the total cost of a data breach. The average cost of lost business for organizations in the 2019 study was $1.42 million, which represents 36 percent of the total average cost of $3.92 million.** The study found that breaches caused abnormal customer turnover of 3.9 percent in 2019. Whereas organizations that lost less than one percent of their customers due to a data breach experienced an average total cost of $2.8 million, organizations with customer turnover of 4 percent or more averaged a total cost of $5.7 million – 45 percent greater than the average total cost of a data breach.

Data breach costs impact organization for years

About one-third of data breach costs occured more than one year after a data breach incident in the 86 companies we were able to study over multiple years. While an average of 67 percent of breach costs come in the first year, 22 percent accrue in the second year after a breach, and 11 percent of costs occur more than two years after a breach. The long-tail costs of a breach were higher in the second and third years for organizations in highly regulated environments, such as the healthcare and finance industries. Organizations in a high data protection regulatory environment saw 53 percent of breach costs in the first year, 32 percent in the second year and 16 percent more than two years after a breach.

* The research in the Cost of a Data Breach Report is based on a non-scientific sample of 507 companies. The key findings are based on IBM and Ponemon analysis of the data and do not necessarily apply to organizations outside of the group that was studied.

** Local currencies were converted to U.S. dollars.

Learn more?


How can you raise cybersecurity awareness within your organization? The cybercrime wave that has been the hot topic continues to rumble on. We are in fact in a bizarre situation where we, as well as commercial competitors, have cybercriminals competing with us. The competition, in this case, is for data, an item that straddles all industry sectors.

Cybercriminals make a lot of money from the data they compromise. It is estimated that currently, cybercrime is costing the global economy around $450 billion annually. Some, like Juniper Research, are predicting those costs will spiral to around $2 trillion by 2019. Once you start describing losses in the trillions, rather than billions, you know you really do need to take stock. Analysts, HPS, have shown that cybercrime is truly a globally competitive business, comparing it to the likes of Apple and Microsoft in terms of revenue generation. Cybercrime is a formidable and successful competitor in today’s data stakes.

Source: HPS

With a business model this effective, cybercrime is set to continue as a major threat to normal business operations. Changes in the threat landscape, such as models enabling cybercrime, like ‘Malware as a Service (MaaS)’, make this onslaught of attacks even more likely. We are left with no option but to take this all very seriously. It’s too bad though that the old methods of defense, like anti-virus software, are showing cracks in their armor. With anti-virus vendors like Symantec stating that anti-virus software is only effective against 45% of viruses. We need to move to a new paradigm in our approach to mitigation of cyber threats – the war against cybercrime is now about a simple concept…awareness.

The Biggest Threat is You

Any type of crime, be it real world or digital, has an element of human behavior about it. One of the world’s most famous scams, the Ponzi Scheme, carried out back in 1920 was based on the basic human behavior to accumulate resources – in this case, lots of money. Today, cybercriminal scams also focus on human behavior to elicit knee-jerk reactions. Phishing, a technique based on social engineering, which encourages its target to perform an action that benefits the cybercriminal, is the most successful vector for cybercrime according to a report by Phishlabs. And in 2016 this continues to be the case with the first quarter of 2016 seeing an increase of 250% in phishing attacks.

Phishing is a perfect example of the use of human behavior to exact an outcome. Phishing comes in a myriad of forms, morphing into new ones as older ones become recognizable and less effective. The reason why this method is so successful, with SANS Institute, estimating that phishing is behind 95% of all security breaches, is because the successful cybercriminal uses their knowledge of how we tick as much as they use software code. What this means for us, as business owners, IT staff and company employees, is that we need to be much more aware when it comes to security, especially cyber. With the type of cyber-threat climate we face today, we cannot rely solely on technology to get us out of sticky cyber-situations.

Cybersecurity Awareness

Being security aware is about creating a culture of security within an organization. In practice this will require everyone, from the board to the IT department, to the sales team, out into your extended third party vendor system, to understand the implications of the modern cybersecurity threat.

Security awareness includes understanding the security requirements and impact of common standards and compliance, such as HIPPA and PCI-DSS. However, security awareness is much more than just complying with laws. Security awareness is about knowledge and understanding of what the threat landscape has in store for us, and the techniques used against our organization and ourselves. To be security-aware you need to:

1.     Know the types of attacks being targeted at your specific industry area (check out our industry series covering six industry sectors, and the types and levels of cybercrime they experience)

2.     Use this knowledge to set up the best type of security awareness program to put in place in your company

3.     Use special programs, like phishing awareness to train your staff and extended vendor ecosystem in what a phishing campaign will look like. This can include creating mock phishing attacks. Metrics from these mock attacks can also help you to understand where in the organization to concentrate security awareness training on.

4.     Recognize that security awareness is an ongoing activity. Cybercrime is not a static practice; it morphs and changes to optimize better outcomes. The fact that cybercrime revenue is up there with the most successful companies in the world is a testament to the cyber criminal’s continuous improvement of their business models.

Being mindful of the benefits of security awareness is a modern way of tackling cybercrime. It allows us to form a concentrated defense system, utilizing the very thing that cybercriminals rely on to bring about a breach – ourselves.

Learn more, and download one of our whitepapers today!

Why Privileged Access Management Must Be Part of Your Overall IAM Strategy

This article is written by Patrik Horemans (IBM) Source: Security Intelligence.

In the past, the urgent need to secure privileged accounts has led organizations to implement a privileged access management (PAM) solution as a standalone track. Many companies have invested or are investing in products to help them secure access, get usage under control, provide detailed audit trails and implement processes.

Securing the use of these accounts is, and will remain, a good security practice. After all, a recent survey from Centrify revealed that more than 70 percent of breaches involved the abuse of privileged accounts in one way or another.

Today, however, companies are starting to understand that the management of access to privileged accounts should be an integral part of their overall identity and access management (IAM) strategy. This means it should be built into core IAM processes such as provisioning, deprovisioning, access risk mitigation and segregation of duties. Furthermore, the implementation of such a solution should be integrated into company security processes to gain visibility into risks across the landscape of both privileged and nonprivileged users, and be part of the business’s overall security monitoring and risk mitigation strategy as well.

A Life Cycle for Privileged Account Access

When you implement a PAM solution as a standalone project, you will often face the same challenges that you had before.

In other words, granting access to privileged accounts is not necessarily better than the manual process you had before, and will result in collecting more and more access rights over time, leaving you again in a vulnerable state with too much access. Administrators, developers and third parties need certain access levels to do their jobs, but PAM solutions alone age poorly through the life cycle of giving, maintaining and revoking access to privileged accounts. In fact, they rely on external processes, such as adding the right people to the right groups, either in the PAM solution or directories such as Active Directory.

There has to be a process around the PAM solution to manage the hygiene of access. Companies that do not have the proper automated processes in place will face an issue they had before: permission scope creep, or the expanding collection of access to privileged accounts over time by a user as a result of changing roles, jobs, departments, etc. The challenges these security teams had before with shared passwords and the management of personal administrative accounts are now moved to the access model for privileged accounts. This is why it’s crucial for organizations to implement an automated life cycle process for privileged account access.

Avoid Toxic Access Combinations That Lead to Risk

PAM solutions give you a simple way to know who can access and use privileged accounts. However, the combination of access to systems, devices and applications, as well as any related privileged accounts, often presents a risk to the enterprise.

For example, a user has access to an application that uses a database to store its data. That same user also has access to the privileged account to manage the database. As such, he or she will be able to change things in the database, circumventing the business and authorization controls from the application. If they also have access to the privileged account that manages the operating system, they could clear audit traces. This could be a toxic combination of access that should be avoided from a security and compliance perspective.

Toxic access combinations related to PAM solutions usually fall into three categories:

  1. Combinations related to the PAM solution itself, for example, the capability to create access to a privileged account and the capability to approve.
  2. Combinations related to the privileged account, for example, the capability to manage a server and the application running on it.
  3. Combinations related to business services and privileged accounts, such as in the example described above.

To avoid these toxic combinations of access, security teams should implement segregation of duties (SoD) controls. But these can only be implemented when you have adequate visibility into the access for both privileged and nonprivileged accounts. PAM solutions typically don’t have SoD enforcement capabilities and therefore another system, such as an identity governance tool, should be implemented.

To be able to implement SoD controls, you need visibility across privileged access and normal business user access. You will need a solution that can read and combine information from both sources.

Optimize Recertification Campaigns With Identity Governance Tools

Another area to consider, both as part of the access life cycle for privileged accounts and for compliance reasons, is the capability to recertify access to privileged accounts on a regular basis. PAM solutions typically don’t have this capability. Some companies use manual processes with spreadsheets and emails. While this might work, it is a cumbersome and error-prone process. It also provides little context on why someone would still need that access.

Integration with identity governance solutions can provide capabilities to automate regular recertification campaigns in an understandable business language so that approvers understand clearly what they are approving. Recertification campaigns will help companies to prove compliance as well. Proving compliance and maintaining clean and healthy access requires a solution that can automate recertification campaigns in an optimal way. Integrating campaign results with life cycle automation also improves efficiency and consistency.

By integrating a PAM solution with identity governance and administration (IGA) tools, you will get a holistic view across your enterprise over privileged and nonprivileged users. This will allow you to introduce processes across both domains and manage access seamlessly. It will help to analyze access and permissions, find anomalies, understand risk and consolidate audit and reporting capabilities. Risks such as segregation of duties can also be mitigated.

Integrating a PAM solution with an IGA tool will accomplish the following:

  • Access life cycle to avoid scope creep and good access hygiene.
  • Recertification campaigns to prove compliance.
  • SoD controls to avoid risks across privileged accounts and business infrastructure and applications.

Secure Your Privileged Access Management Solution by All Means

Finally, events related to privileged access should be processed by a security information and event management (SIEM)platform to compare indicators of compromise with other real-time threats to prioritize alerts by risk. User behavior analytics (UBA) can also help organizations flag unusual activity, such as high-risk behaviors or the granting of uncommon access levels.

On last consideration is the area of secured access to the PAM interface. Think about it: A PAM solution contains all the keys to the kingdom. A PAM user can access a whole bunch of privileged accounts during his or her work day. This also means that if a PAM user’s credentials are stolen, the thief has access to these privileged accounts and could have total control of the environment.

Therefore, it’s crucial to secure access to your privileged access management solution with capabilities such as multifactor authentication (MFA) and risk-based access controls. You want to avoid malicious access to your PAM solution — as well as your identity and access management system as a whole — by any and all means.

Source: Security Intelligence.

Learn more and join our Round Table on the 25th of September!

CyberArk wins a Fortress Cyber Security Award

The Business Intelligence Group announced the winners of the 2019 Fortress Cyber Security Awards on the 5th of June. We are happy to see that CyberArk is one of those winners. Congratulations are in order!

The business award program sought to identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers. Working executives from the cybersecurity and information technology fields volunteered to judge the program using a proprietary scoring methodology.

“The security of our online identities and data is rapidly becoming as important as our physical security,” said Maria Jimenez, Chief Nominations Officer, Business Intelligence Group. “We are proud to recognize all of our winners who are working to prepare, defend and respond to this growing threat. Congratulations to everyone.”

Read the whole story, including the winners, on Fortress

Our CyberArk Champion

Every month our partner CyberArk calls out a Champion for their Champions portal. The Champions portal is a place for the community of CyberArk. We are proud to announce that our colleague, Jeroen, has won the prestigious title; May Champion.

Jeroen joined the program in July 2018 during the Berlin Impact event and is currently working toward his Certified Delivery Engineer certification. He was also recently involved with a POC with CyberArk Conjur. In the short time Jeroen joined the community, he showed his brilliance and hospitality towards CyberArk’s Champions portal.

As CyberArk put it:

When we put out a request for things to do and see in Amsterdam (the location of this year’s European Impact), our Netherlands-based May Champion of the month came back to us with a wealth of information we could quite literally cut and paste to share with attendees.

That cooperative spirit sees this Champion frequently contributing in Discussions with detailed and timely responses. Our May Champion is a Security Engineer and has been working with CyberArk for about two years. Our May Champion works at SecurIT B.V. a solutions provider which specializes in Identity & Access Management projects throughout Europe and North America.

CyberArk is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure, and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders.

FIDO2 is on the rise

The Passwordless web is coming

The FIDO alliance is now one of the most influential cross-industry alliance. It launched its FIDO UAF and U2F standard in 2014, recently the FIDO2 specification.

Yubico helped to create FIDO2 to extend the FIDO standard beyond external security keys to include new built-in fingerprint readers and facial recognition technologies.

The promise is to have a solution for MFA that does not need drivers or software to be installed on systems, protection against man in the middle attacks and that the need for passwords are coming to an end. All of this with a low operational support cost and portable everywhere – used for corporate login but also as a consumer.

In this authentication landscape, the YubiKey takes on the important role of a root of trust. As users move between different platforms and computing devices, having this portable root of trust is essential for enabling rapid bootstrapping on new devices and for recovering when devices are lost, stolen or replaced.

Many companies are embracing this technology which led to the recent announcements that Microsoft supports with the latest Windows 10 Windows Hello and Edge. Also Google turned Android 7+ Phones into FIDO2 devices and +500 companies are certified, also Yubico’s newest security keys support FIDO2 for a while.

Join us in this webinar where we will present and demonstrate:

  • The opportunity for companies using FIDO2 for MFA
  • How consumers can benefit
  • How you can enable FIDO2 support for your web and mobile applications
  • What the concern and limitations are
  • The YubiKey, the portable root of trust
  • The impact of enabling FIDO2 support
  • Integration with legacy systems

Practical information

When: 20 June 2019
Where: Webinar
How late: 15:00 CET (not GMT!!)

About SecurIT

Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7). 

SecurIT has appointed a new Chief Operating Officer (COO) and President of SecurIT

The CEO of SecurIT, Rob Bus, announced that the company’s current General Manager/Vice President of North America Kent McKown was promoted to the position of Chief Operating Officer (COO) and President of SecurIT effective the 1st of May.

Previously, Kent has played a vital role in the recent acquisition of PSG and the follow-on integration into SecurIT. In his new role, Kent will focus on the day-to-day operation on both continents working with the VP/General Manager in Europe, Ricardo Kowsoleea, and the VP Global Business Development, Terrah Carawan.

Regarding the appointment, SecurIT CEO Rob Bus said: “Kent’s appointment will further allow me to focus on the strategic direction of the company, key clients, partnerships and strategic alliances and investor relations. Kent will specifically focus on the development and execution of the business plan; working with the leadership team to ensure cohesiveness, traction and values alignment throughout the global organization. Kent and I will also work collaboratively on all leadership and strategic matters of SecurIT.”

Before his most recent position, Kent has led five growth companies as CEO/COO/President. Kent was responsible for clarifying vision and setting the strategic direction to ensure the consistent profit growth and risk reduction; developing a reliable leadership team with the right mix of abilities that shared similar values; and creating visibility of critical measurements to ensure traction, cadence, and accountability. Kent’s past successes have been primarily a result of an organization consistent of a committed team with shared values with a sincere desire to grow themselves and their clients. Significant growth in profits and revenue were a result of these significant achieved initiatives.

Kent earned a Bachelor of Arts from the Citadel and a Bachelor of Business Administration – from National University. He previously served as a commissioned officer in the United States Marine Corps and resigned his commission as a Captain in 1992.

SecurIT Is a global cybersecurity company focused on designing, implementing, and maintaining large Identity & Access Management / Governance infrastructures. We operate in Europe and North America.

The company always strive to provide the best service and IAM solutions for our customers. SecurIT offers its customers high-quality consultancy, solutions, and support services (24/7).

Kent McKown

Zero Trust: Why Your Most Privileged Users Could Be Your Biggest Security Weakness

Your security infrastructure is there to protect your organization from malicious threats. That much is obvious, but what happens when a user’s credentials are compromised and threat actors access your systems? This could expose your company to a data breach and all the reputational damage, operational downtime and financial costs that come with it.

But all access is not created equal. What would happen to your organization if one of your privileged users had their identity compromised? Privileged account management (PAM) helps protect against the most dangerous data breaches because it enables you to closely monitor your most sensitive accounts.

Protecting Your Privileged Users Is Paramount

The majority of security breaches involve the compromise of user and privileged accounts via attack vectors such as phishing, malware, and other means. Once the attacker establishes a foothold in the network, the next step is to find and hijack a privileged account, enabling the actor to move laterally across the network while appearing as a legitimate user.

At this point, the malicious activity can begin. Attackers often search compromised networks for valuable data such as personally identifiable information (PII), intellectual property and financial data. Such sensitive information enables threat actors to commit financial fraud as well as other crimes.

The bottom line is that protecting critical data means protecting your most valuable users. That’s why Gartner recognized privileged account management in its “Top 10 Security Projects for 2019,” along with detection and response, cloud security posture management, business email compromise, and more. The research firm also placed PAM on its 2018 list.

Further demonstrating the criticality of PAM is a Centrify survey that revealed 74 percent of data breaches involve unauthorized access to a privileged account. If privileged access is the most fruitful point of attack for cybercriminals, why are so many companies still not taking even basic steps to prevent this abuse?

For the full article please visit the following link.

Source: Zero Trust: Why Your Most Privileged Users Could Be Your Biggest Security Weakness

TrustBuilder’s latest update enables enhanced identity and access management for Docker and adds new features to support GDPR compliance

TrustBuilder Corporation, the leading IT security solution company for Identity and Access Management, has updated its flagship application, the TrustBuilder Identity Hub (TrustBuilder IDHub) – a state-of-the-art identity and access management tool. The new version introduces wider support across a range of applications and services including the world’s leading enterprise container platform, Docker, new functionality to support GDPR compliance, and a new, integrated workflow.

TrustBuilder ID Hub is a highly effective, user-friendly and trustworthy Identity and Access Management (IAM) tool that combines attribute-based access control with cloud identity and access management. It can deal with both on-premise and cloud applications while catering for pre-defined users and those who want to use their own identity.

Marc Vanmaele, CEO of TrustBuilder said:

“While an increasing number of organizations throughout Europe begin to take advantage of the agility and flexibility that cloud and third party services offer, it is becoming more complex to manage customer identity and user access. Applications or services can be made up of multiple elements, and can be accessed by users on a number of devices.

“The latest version of TrustBuilder IDHub will help reduce the incidences of inappropriate access to cloud resources, while offering simple, flexible and effective identity and access management across our customers’ applications and services.”

Scaling Access Permissions Simply and Centrally with Docker
Docker offers enterprises flexibility with the ability to deploy applications on-demand, but it has also introduced layers of complexity. While a number of practices can be applied, Docker and container managers like Kubernetes and Openshift require a centralized and consistent approach to security. By extending support to Docker, TrustBuilder will enable organizations to control access permissions
centrally and scale identity and access management to millions of users.

Supporting GDPR Compliance
The latest version of TrustBuilder IDHub and TrustBuilder for mobile introduces tools specifically designed to ease GDPR compliance by enabling corporations to gather, record, and manage customer consent.
When a user tries to log onto a company’s application that is protected by TrustBuilder IDHub, they will now be invited to have their data recorded and tracked in line with GDPR. This will also be extended to proxied apps, while the new version adds support to manage Mobile or Web API applications.

For simple reporting, TrustBuilder IDHub will now generate events that can be used to simplify auditing and reporting on compliance. These group together user activity such as authentication, authorization, log-out and session updates, and will be available to extract via a selectable workflow which can process and store these auditing events. This will make data more accessible for auditing, and easier
to interpret within user analytics activities.

Transaction Signing with TrustBuilder for Mobile
The new version introduces Transaction Signing for TrustBuilder for Mobile, the simple, secure application that enables users to authenticate their identity via a mobile device. An increasing number of mobile banking transactions require an additional authorisation factor to ensure security. While Transaction Signing is well established, its use is set to increase as banks and financial institutions prepare for the EU’s Payment Services Directive 2 (PSD2), which will enforce strong customer authentication for certain transactions from September 2019. The latest version enables users to manage Transaction Signing through the platform.

TrustBuilder Identity Hub version 9.4 also introduces:

  • Improved Workflow Designer
    TrustBuilder IDHub has been designed to offer customers a simple, secure login experience. This new version extends this user friendliness to the administrators, featuring major improvements to integrated workflow design that will make TrustBuilder IDHub more intuitive and easy to use.
  • New Graphical Interface
    This new version is subject to a graphical update to the user interface. This update will improve the overall look and feel of TrustBuilder IDHub, and integrate the improved Workflow Designer into the Administrator’s portal.

Source Trustbuilder

The Dangers Within – Your Key to Better Insider Threat Detection

Privileged Access: How Insiders Cause Damage

At least 60 percent of organisations allow third-party vendors to remotely access their internal networks, and just like employees, these external users can turn into exploited, unintentional and malicious insiders. Yet, these users are not managed by your organisation, which makes it difficult to secure and control their privileged access to your resources.

According to a recent survey by the Ponemon Institute, 49 percent of respondents admitted that their organisation has already experienced a data breach caused by a third-party vendor, and 73 percent see the problem increasing.

This white paper uncovers common misconceptions about insider threats, and provides new insight to help organisations better protect against these costly attacks. Read this eBook to learn the who, what, why and how of the insider threat to expose risks you may not be considering and gain guidance to help you prevent and detect these attacks.

Get your white paper here

About SecurIT

Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7).