September Newsletter 2019
Quote of the Month
“There are two reasons why we don’t trust people. First – we don’t know them. Second – we know them.”
Trust but verify, the old Russian proverb advises us. And while this once could have been the maxim for IT security, organizations are increasingly embracing the zero trust approach to keeping their systems and data safe.
The term “zero trust” was coined in 2009 by Forrester as a new model of information security. This concept upends the old “castle-and-moat” mentality that focused on defending the perimeter against attackers, while assuming anything already on the inside was safe and cleared for access.
Zero Trust as a Defense Against External Cyberattacks and Insider Threats
Zero Trust centers on the belief that organizations should not trust anything either inside or outside the perimeter. Instead, the zero trust model stresses that everything and everyone attempting to connect to systems must be verified before granting access. As stated in the October 2018 Forrester report Five Steps To A Zero Trust Network, “a Zero Trust (ZT) architecture abolishes the idea of a trusted network inside a defined corporate perimeter.”
The focus on external threats at the expense of insider threats proved to be a flawed concept. According to the 2019 Verizon Data Breach Investigations Report, 34% of data breaches involve internal actors. Meanwhile, Cybersecurity Insiders’ 2019 Insider Threat Report revealed that 53% of organizations suffered an insider attack over the previous 12 months.
By now we’re all keenly aware of the costs that cyberattacks and malicious insiders can inflict on organizations. Even so, the numbers can still seem staggering. One estimate pegs the cost of worldwide cybercrime at $600 billion a year.
And keep in mind, these exorbitant figures come despite companies spending more and more on cyber defense. IDC estimates that businesses will spend $101.6 billion on cybersecurity in 2020. That’s up 38% from 2016.
 No More Chewy Centers: The Zero Trust Model Of Information Security, Forrester Research, Inc., March 23, 2016
Infosys Gurucul Customer Story: Automating Real-time Threat Detection with Behavior Analytics
|Ransomware Implications for Medical Devices and the Healthcare Industry. The threat of ransomware attacks on medical devices stems from changes in manufacturing. In recent years, manufacturers began including popular operating systems (OSs) on these devices. Formerly, medical devices used proprietary firmware or other exclusive features. That meant medical devices were rarely targeted in cyberattacks. Read More.|
|5 Signs You Need an Insider Threat Program. Earlier this year, we conducted an Insider Threat survey to find out how prevalent the Insider Threat is in the minds of cybersecurity industry experts. After gathering and tallying up 700 responses, we looked at the results, and boy, were they fascinating!. Read More.|
|Famous Insider Threat Cases. Insider threats are the biggest security risk for organizations because they can cause the most destruction. September is Insider Threat Awareness Month and we are sharing famous insider threat cases to expose the serious risk of insider cyber attacks. Read More.|
|ABCs of UEBA: K is for Known. In the world of cyber security, there is the concept of known threats and unknown threats. Known threats are threats you know about, and methods exist to remediate said threats. Unknown threats are the things you don’t yet know about – like zero-day threats. Read More.|
|A Quarter of Workers Spend at Least 3 Months a Year Surfing the Web at Work. It’s common to think of cyber threats as normally originating from outside the organization. However, data breaches often stem from those on the inside – whether their actions are intentionally malicious or careless mistakes. Read More.|
FS-ISAC 2019 Americas Fall Summit. November 17-20, 2019. Washington, DC. Join Gurucul at this event for actionable information on how to address evolving threats, develop new strategies and meet changing regulations.
Health-ISAC 2019 Fall Summit. December 2-6, 2019. San Diego, CA. Up your game with Gurucul! We offer Behavior Based Security Analytics and Intelligence to predict, detect and stop insider threats, healthcare provider fraud, and consumer fraud.
RSA Conference. February 24-28, 2020. San Francisco, CA. The 2020 RSA Conference theme is “Human Element” which is perfect for Gurucul. Our behavior based security analytics and intelligence detects and prevents risky, anomalous behavior – by malicious insiders or external hackers. Visit our booth for details!