Category Archives: Varonis News

DatAdvantage for Exchange Online Is Here

DatAdvantage for Exchange Online Is Here

We’re thrilled to introduce complete monitoring for Exchange Online as part of our 6.4.50 beta, giving Varonis customers the same coverage we provide with the Exchange on premise system – but now in the cloud.

I’ll let Jeff give you the idea:

Get Started with a Demo of DatAdvantage for Exchange Online

 

With DatAdvantage for Exchange Online, you’ll be able to manage access and monitor email events – and with DatAlert, you’ll get alerted when there’s unusual mailbox activity.

We’ve also added new threat models for Exchange Online – including abnormal service behavior: atypical actions performed on mailboxes owned by other users, and abnormal admin behavior: access to atypical mailboxes.

DatAdvantage for Exchange Online gives you a complete audit trail of exactly who is sending emails (and where they’re going), which users are accessing what email folders, and which users open phishing emails – those kinds of things.  You’ll have transparency and know everything that happens in Exchange Online.

Try it out today and see how DatAdvantage for Exchange Online will help build your email defenses in the cloud, protect against email hijacking and phishing attempts – and keep your data secure.

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Pa...

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Patterns

GDPR Patterns Preview

We’re less than a year out from EU General Data Protection Regulation (GDPR) becoming law, and hearing that our customers are facing more pressure than ever to get their data security policies ready for the regulation.  To help enterprises quickly meet GDPR, we’re introducing GDPR Patterns with over 150 patterns of specific personal data that falls in the realm of GDPR, starting with patterns for 19 countries currently in the EU (including the UK).

Using the Data Classification Framework as a foundation, GDPR Patterns will enable organizations to discover regulated personal data: from national identification numbers to IBAN to blood type to credit card information. This means that you’ll be able to generate reports on GDPR applicable data: including permissions, open access, and stale data.  These patterns and classifications will help enterprises meet GDPR head on, building out security policy to monitor and alert on GDPR affected data.

Try it today and discover how you GDPR Patterns will help prepare you for 2018 and keep your data secure.

IAM & ITSM Integration with DataPrivilege

We’ve been talking a lot lately about unified strategies for data security and management, and the challenge of juggling multiple solutions to meet enterprise security needs.

DataPrivilege puts owners in charge of file shares, SharePoint sites, AD security and distribution groups by automating authorization requests, entitlement reviews and more. DataPrivilege now includes a new API so customers can take advantage of its capabilities by integrating with other technologies in the security ecosystem, like IAM (Identity and Access Management) and ITSM (IT Service Management) Solutions.

Our new DataPrivilege API provides more flexibility for IT and business users so they can unify and customize their user experience and workflows. With the API, you’ll be able to synchronize managed data with your IAM/ITSM solution and return instructions to DataPrivilege to execute and report on requests and access control changes.  You’ll be able to use the integration to externally control DataPrivilege entitlement reviews, self-service access workflows, ownership assignment, and more.

Ask for a demo and see how it works with your current set up.

 

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Put Least Privilege on Autopilot

Getting to least privilege can be a nightmare. The first steps – tracking down inconsistent ACLs and remediating global access groups can turn even the most basic file share clean-up project into a huge to-do.

And so we’re thrilled to announce the upcoming availability of the Automation Engine, which will take the headache out of least privilege by discovering undetected security threats and fixing hidden vulnerabilities without all the manual legwork.

The Varonis Automation Engine automatically repairs and maintains file systems so that you’re less vulnerable to attacks, more compliant, and consistently enforcing a least privilege model.

  • Fix hidden security vulnerabilities like inconsistent ACLs and global access.
  • Revoke unnecessary access that users no longer need or use, reducing your risk profile.
  • Accelerate and automate least privilege.

Interested?  Get a demo now and be the first in line to try it.

What’s past is prologue

One of our earliest patents was our simulation capability in DatAdvantage – which our customers now use consistently to test access control changes against past access activity, highlighting users that would be disrupted or applications that might break if they had made those changes in the past.

We’re extending our simulation capabilities with Analytics Rewind.

DatAlert Analytics Rewind allows customers with three or more months of data to analyze past user and data activity with DatAlert threat models, and identify alerts that they would have gotten in the past. You can not only pre-emptively tune out false positives, but also look back at your data activity history to identify breaches that may have already occurred.

New Threat Models for Exchange and DS

You asked, we listened.  We’re adding more threat models to DatAlert Analytics to detect and prevent impersonation, exploitation, and account hijacking.  The latest set keeps you aware of suspicious mailbox and Exchange behaviors, password resets and unusual activity from personal devices.

Email security and Exchange:  New threat models flag abnormal amount of emails sent to accounts outside the organization, unusual mailbox activity from service accounts, and automated forwarding that might indicate an attacker trying to redirect and exfiltrate data.

Directory Services:  New threat models detect suspicious password resets that may indicate attempts to hijack a user account, unusual access to personal devices, suspicious attempts to access an unusual amount of resources, and unusual login activity that may indicate a credential stuffing attack.

Want to see them in action? Get a demo our data security platform and see how you can stop data breaches.

Varonis + Splunk: Epic Threat Detection and Investigations

Varonis + Splunk: Epic Threat Detection and Investigations

We’re bringing our powerful DatAlert functionality to Splunk® Enterprise to give you comprehensive visibility into data security with our new Varonis App for Splunk – now available for download on splunkbase!

DatAlert can now send alerts to the Varonis App for Splunk, providing Splunk additional context into anomalous file system, email, and Active Directory behavior. Users of the App can view Varonis alerts directly from Splunk Enterprise, and drill into DatAlert for additional insight into what’s going on and accelerate security investigations, reducing mean time to resolution.

At-a-glance Dashboards

Our at-a-glance dashboards set SysAdmins and Security Analysts up for success – correlating Varonis alerts with Splunk events, and providing additional insight and context into potential security threats.

Want to learn more?

You can take a closer look at selected entities in the drill-down dashboard – access a complete list of all alerts on a specific entity (user, asset, threat model, device) within the selected timeframe.

Streamline your investigation with the DatAlert Web UI – and determine whether suspicious activity is malicious or a misconfiguration.

Want to try out the Varonis for Splunk app? Download it directly from splunkbase to get started.

Not yet a Varonis customer? What are you waiting for! Check out a demo of our data security platform today and get a personalized walkthrough of the Varonis App for Splunk while you’re at it.

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Expos...

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Exposed

Today we released the 2017 Varonis Data Risk Report, showcasing an alarming level of exposure for corporate and sensitive files across organizations, including an average of 20% of folders per organization open to every employee.

Using the Varonis Data Security Platform (DSP), Varonis conducted over a thousand risk assessments for customers and potential customers on a subset of their file systems. The assessment provides insight into the risks associated with corporate data, identifies where sensitive and regulatory data resides, reveals over-exposed and high risk areas and makes recommendations to increase their data security posture.

Here is a sample of the risks discovered:

Failure to reduce the use of global access groups, lock down sensitive files and dispose of stale data exposes an organization to data breaches, insider threats and crippling ransomware attacks.  By identifying and reducing exposed data through global access, broken ACLs and unique permissions, organizations are able to decrease their attack footprint and maintain compliance standards.

“We found files with sensitive PII in places it should not have been,” said a Chief Security Officer for a state and local government in a recent TechValidate customer survey.

According to that same survey, 68% of end users perform a risk assessment to validate security concerns, 95% agree that the risk assessment helped them identify at-risk, sensitive and classified data and build a plan of attack to reduce the likelihood of a data breach and 82% rate global access remediation a top priority after seeing the results.

“The initial assessment gets the immediate attention of management, which then assists in building and executing the internal remediation process,” said a Security Manager at a beverage company in the same TechValidate customer survey. “Varonis does an excellent job of identifying internal data security vulnerabilities.”

Download the 2017 Varonis Data Risk Report here and then request your own risk assessment.

The Varonis Connect Customer Conferences Are Coming: Education and Network ...

The Varonis Connect Customer Conferences Are Coming: Education and Network Opportunities

This April we will kick off our annual series of Varonis Connect customer events where attendees will learn about new Varonis product innovations and share experiences and success stories.

The series, in its 6th year, runs through June across 33 cities in North America and Europe.  In fact, we’ve added 11 more cities than last year, and we expect attendance to increase as well!

Varonis Connect attendees, from the company’s rapidly expanding customer base, will learn how to use the Varonis Data Security Platform (DSP) for an increasing range of use cases, including data security, mitigating ransomware attacks, meeting compliance regulations like HIPAA and GDPR, user behavior analytics, archiving, search and file synchronization and sharing. Varonis engineering and product teams will be on hand to provide attendees with personalized consultations.

2017 Connect Event Schedule:

United States & Canada: Europe: 
April 5: San Francisco, CA April 4: Milan, Italy
April 6: Irvine, CA April 19: Amsterdam, Netherlands
April 11: Orlando, FL April 20: Brussels, Belgium
April 12: Fort Lauderdale, FL April 25: Munich, Germany
April 12: Boston, MA April 27: Madrid, Spain
April 18: Salt Lake City, UT May 4: London, England
April 18: Cincinnati, OH May 11: Geneva, Switzerland
April 19: Indianapolis, IN May 17: Luxembourg
April 19: Des Moines, IA May 18: Paris, France
April 20: Minneapolis, MN May 23: Zurich, Switzerland
April 25: Atlanta, GA May 24: Leeds, England
April 27: Washington D.C.
May 2: Calgary, Canada
May 3: Seattle, WA
May 3: Raleigh, NC
May 4: Charlotte, NC
May 4: Portland, OR
May 23: Green Bay, WI
May 24: New Haven, CT
May 24: Chicago, IL
June 1: New York, NY
June 6: Cleveland, OH

Customer Registration:

Varonis Connect 2017 is free and open to Varonis customers. If you would like to inquire about attending or would like to receive an invitation, please email marketingevents@varonis.com.

It’s Not Just Waymo: IP Most at Risk According to Our RSA Survey

It’s Not Just Waymo: IP Most at Risk According to Our RSA Survey

This year, the RSA Conference boasted over 43,000 attendees and 557 exhibitors spread across two enormous and cacophonous halls. Even in the quiet of the hotel room, my ears rang with echoes of the discordant noise about new potential threats. Let’s just say I’ll be eyeing every public outlet from which I charge my phone with suspicion.

Tom Foremski, ex-Financial Times journalist and editor/publisher of Silicon Valley Watcher, summed up the experience nicely via ZDNet:

[G]oing to RSA show will likely cause your mind to race in panic at all the vectors of malice that the security vendors will happily tell you about.

Foremski and those he interviewed discussed the implications of a widening security pit: how we could buy every tool on the market and still not be 100% secure. Forrester Consulting has coined this “expense in depth” in a recently released study, writing:

The reality is that companies have spent a lot of money on individual technology — instead of a unified data security strategy — and are judging their maturity based on money spent.

Or in other terms, companies are focused on threats (as the RSA newsfeeds testified) rather than the data – customer, employee, intellectual property and financial data – any of which would be toxic if stolen or made public (e.g., Waymo IP theft – keep reading).

The RSA Data Security Results

We surveyed security professionals who stopped by our booths at RSA about how their companies identify, classify, protect and monitor data.  The results are in and echo the Forrester study:

  • 72% use 3 or more data security tools (and over 50% use 5 or more).
  • Respondents are not confident in the ability to identify, classify, protect and monitor their enterprise data, with few stats crossing the 50% line:
    • Employee data fares the best with 67% completely confident in knowing exactly where this data resides on the network, 59% enforce a least privilege model against it and only 45% audit access to it and alert on abuse.
    • Less than 50% of respondents can identify the location and monitor for anomalous behavior on customer and financial data.
    • Coming in last for all categories is intellectual property — one of the most toxic and costly data sets. Well under 45% are confident in their ability to identify, classify and restrict access on a need-to-know-basis to this data set: even more concerning, only 30% monitor IP for access and abuse.

While the similarities to the Forrester study are validating, real world examples showing how these data sets quickly turn toxic drive the point home even more. Let’s take a look at one of those examples.

Waymo and the Alleged Toxic IP Leak

Last week, Waymo, pioneers in self-driving car technologies, announced legal action against competitors Otto and Uber for the alleged theft at the hands of several former employees of more than 14,000 highly confidential and proprietary design files.

Mention this theft to any R&D head, CEO or CISO and they’ll cringe at the thousands of man hours, millions of R&D dollars and expected revenue that drove off the parking lot.  To put more context around this, Waymo spent seven years in R&D on self-driving technologies including their own in-house hardware, accumulated 1.5 million miles of experience on public roads and billions of miles in simulation tests.  Self-driving technology is how they make their money; now key components of that technology appear to have fallen into the hands of a competitor.

The loss and future damage of stolen IP is enough to cripple any company, maybe even put them out of business. Yet we see time and again in our risk assessments that sensitive data like IP is not identified, classified or monitored for abuse. Both the Forrester Study and our RSA survey results found that 60% of organizations do not enforce a need-to-know access model for this type of highly confidential information and even fewer monitor access for abusive behavior – like a sudden flurry of access activity on files an employee may not normally access (cue Paul Harvey: “And now for the rest of the story”… employee gives his resignation a few days later).

The allegations of IP theft at the hands of multiple former employees who are now at a competitor is a story we’ve seen (and blogged about) before: an ambitious insider not only steals IP but recruits other colleagues to do the same, and then he takes both to a competitor. The Waymo complaint outlines how the alleged ringleader, the founder of Otto, stole 9.7 GB of highly confidential data and tried to cover his tracks, and it alludes to collusion with several employees who followed suit:

A number of Waymo employees subsequently also left to join Anthony Levandowski’s new business, downloading additional Waymo trade secrets in the days and hours prior to their departure [emphasis mine].

Regardless of the court’s decision in the Waymo case, this serves as a wake-up call for any company who has data that would be toxic to the company’s revenues and reputation if it were stolen or made public.

And Now for the Rest of the Story

Data has real value.  Self-driving technology alone has the power to change the world and save lives. And there are many other types of innovations being worked on and invested in.  Organizations need to start seeing this data and data security as a driver of business growth. Ensuring that the right people and only the right people have access will accelerate bringing this innovation to market and drive competitive advantage – the flip side to this coin is very real, and we see it playing out in the Waymo/Uber case, where too much unmonitored access can give a competitive advantage to the other guy.

The final piece to our RSA survey asked respondents about the benefits they would receive with a unified data security platform – in other words, a solution that would have stopped or greatly reduced the damage of the Waymo IP theft. The top rated benefits include:

  • quicker response to breaches (60%)
  • improved ability to identify data (60%)
  • improved ability to spot anomalous behavior (56%)
  • increased visibility on access and usage of sensitive data (55%)

Want to see what type of data might be overexposed in your company?  Our Data Risk Assessment gives a snapshot of your data security to quickly ascertain the level of risk associated with your data: exposing high risk areas and where you can safely and swiftly pull back access, reducing your risk profile.

Get more details on our Data Risk Assessment.

Introducing a new security dashboard, enhanced behavioral analysis, and mor...

Introducing a new security dashboard, enhanced behavioral analysis, and more

Every day we hear new stories about how our customers are using DatAlert to stop cyberattacks: detecting and disabling ransomware infections, discovering misconfigurations and vulnerabilities, and setting up automatic responses to malware infections.

And so, we’ve updated DatAlert to be more intuitive, powerful, and insightful than ever: 6.3.150 includes major updates to DatAlert, additional platform support, and performance enhancements.

New Security Dashboard: DatAlert is easier than ever to use as a starting point for investigating suspicious behavior, spotting unusual activity on file servers, and finding security vulnerabilities.  We’re introducing a configurable dashboard where you can easily identify and prioritize at-risk areas like global access, stale data, and overexposed sensitive information.

Alert investigation page: A new alert page enables quick triage on individual alerts – drill down on suspicious activity that might indicate that an attack is under way and triage for further investigation.  The alert investigation page offers additional security insights about users, data, time, and affected devices.

Enhanced behaviors and analysis:

  • Behavioral Peers: DatAlert can compare file and email touches of one user – along with other activity – to that of her peers. Behavioral peer comparisons are available directly within the alerts page to streamline investigation and help identify the severity of alerted behavior.
  • Device Insight: Review device context cards, and get insight through the DatAlert UI to see alerts triggered on specific devices.  Insights into devices also help highlight abnormal device usage per user account to pinpoint a computer that’s been compromised for insider activities.
  • Normal Working Hours: Varonis determines normal working hours for each individual based on email & file activity – and compares activity against their peers, to catch suspicious activity more quickly than ever.
  • Flags & Watch list: Customers can now flag suspicious users, putting them on a watch-list for tracking – making it easier to keep an eye on suspicious users and devices. Users can be highlighted based on past alerts or based on information from legal, HR, or other departments.

Want to see DatAlert in action?  Schedule a free demo and see how it works in your environment.

 

 

The Data Security Money Pit: An Independent Research Study from Forrester

The Data Security Money Pit: An Independent Research Study from Forrester

We recently released a study with Forrester Consulting entitled “The Data Security Money Pit: Expense in Depth Hinders Maturity” that shows a candy-store approach to data security may actually hinder data protection and explores how a unified data security platform could give security professionals the protection capabilities they desire, including security analytics, classification and access control while reducing costs and technical challenges.

The report finds organizations invest heavily in individual tools to try to mitigate threats and meet compliance requirements. In fact, 76% of data security professionals believe their organization has a mature data security strategy as a result of these efforts.  Forrester writes:

The reality is that companies have spent a lot of money on individual technology — instead of a unified data security strategy — and are judging their maturity based on money spent.

This fragmented approach to data security exacerbates many vulnerabilities and challenges, and 96% of these respondents believe a unified approach would readily prevent and help them more quickly respond to attempted attacks and actual data breaches, meet regulatory compliance and free up resources to focus on building and enforcing policies, procedures and remediation actions. The study goes on to highlight specific areas where enterprise data security falls short:

  • 62% of respondents don’t know where their most sensitive unstructured data resides
  • 66% don’t classify this data properly
  • 59% don’t enforce a least privilege model for access to this data
  • 63% don’t audit use of this data and alert on abuses
  • 93% suffer persistent technical challenges with their current data security approach

Point products may mitigate specific threats, but when used tactically, they undermine more comprehensive data security efforts. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might – insufficient detective controls and over-subscribed access. Instead of improving detective controls and locking down access – improvements that would mitigate ransomware as well as many other data security threats – organizations sometimes deploy a tactical solution for ransomware and neglect their core controls. This threat-reactive approach appears to have become the norm – many threats; many tools. Expense in depth.

According to the study, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.” Almost 90% of respondents desire a unified data security platform. Key criteria to include in such a platform as selected by the survey respondents include:

  • data classification, analytics and reporting (68% of respondents)
  • meeting regulatory compliance (76% of respondents)
  • aggregating key management capabilities (70% of respondents)
  • improving response to anomalous activity (66% of respondents)

In summarizing the findings, Forrester concludes,

A unified data security platform offers core capabilities to help organizations not just establish a robust technology foundation for their data security strategy but also create conditions that help to push firms toward greater security maturity and value-add to the business.

Read highlights from the Forrester report here – including 4 key recommendations for a unified security platform.

 

I’m Alan Cizenski, Corporate Systems Engineer at Varonis, and This is How...

I’m Alan Cizenski, Corporate Systems Engineer at Varonis, and This is How I Work

Alan Cizenski is a Corporate Systems Engineer at Varonis. Based in our New York City office, he is responsible for making sure Varonis solutions work smoothly for our prospective customers. Alan helps them realize the value we can provide within their environment and maintain these relationships as they become customers.

He’s also a regular panelist for the Inside Out Security show. Listen to him on our most recent episode, Is Security a Benefit or a Feature?

According to his manager Kris Keyser:

“Alan’s a positive, hard-working engineer with a strong sales background, who is always ready to go the extra mile for his customers and managers. Starting on the sales side as a Territory Development Rep, Alan quickly moved to the Corporate Sales Engineering team and continues to excel in his current position as a Commercial Sales Engineer.”

Read on to learn more about Alan – this time, in his own words.

What skills do you find most valuable on a daily basis?

Three skills I use every day are investigating, active listening, and note-taking.

Listening and note-taking may not seem glamorous, but I have found them to be among the most vital aspects of my job in just about every business conversation. On a daily basis I work with customers and partners to solve problems, meet compliance, optimize operations, and protect the most critical assets organizations maintain. As you can imagine, we cannot be successful without actively listening to fully understand the problems and goals that need to be tackled. Throughout these active listening sessions, I take notes so that we can make an informed plan for success. Personally this allows me to keep track of who I am working with, what is important for their situation, the progress of what we are working on, and ease the load on my memory.

Listening and note taking helps me set up for success, but challenges and cyber threats will always come up. This is where investigative skills come in. Every day I spend at least an hour or two investigating an incident with a customer or troubleshooting issues. All the metadata in the world won’t help protect information or solve problems unless it is properly leveraged and presented. It is vital to accurately determine who, what, when, where, why, and how threats emerge to not only secure the present, but also to prepare for the future.

What skills would you recommend to someone looking to become a System Engineer in an organization like Varonis?

Outside of making sure that you have a strong technical understanding, I would definitely recommend working on those skills listed above – active listening, note taking, and investigating. I would also strongly suggest practicing succinct communication, objection handling, and presentation skills. Of course, keeping up-to-date with the latest security practices, classes, and certifications helps a lot too!

What skills do they need to learn to stay relevant in today’s cyber workforce?

Personally, I think continuous practice is the key to staying relevant in today’s cyber workforce. Job requirements of cyber professionals are constantly changing, so you must be able to adapt and learn continuously. People skills are also vital to today’s cyber world because the most effective strategies will have clear and open communication between users who own business assets and the team focused on protecting those assets. Make time to practice your technical and people skills because main differentiators for cyber professionals seem to be knowledge and approach. If you keep up with your knowledge and practice good approaches, you will always be in demand.

Also, learn how to use checklists!

How those skills will be applied on the job from professionals in the field?

Practice speaks for itself, but as an example – we have technical and sales certification quizzes at Varonis to ensure that we can do our jobs effectively. If you do not practice to maintain your skill set and incorporate new skills, you may fail your certification and become less relevant to your customers and the company.

I also stress the people skills because users of the assets we protect have the best knowledge of who should be using them, what is expected behavior, and most importantly who should not be accessing them. Cyber professionals need to be able to communicate with these users to receive and share insights for the most successful holistic cyber strategy.

Checklists changed the way I do everything from installing software to answering RFI’s. Simply checking off steps as I go through an install keeps me focused, ensures I don’t misconfigure something, makes technical challenges easier to address, and saves me a ton of time.

What aspect of your role do you enjoy the most?

How dynamic my role is. I get the opportunity to experience a lot of different aspects of Varonis; from product testing/development, to thought leadership on the Inside Out Security Show, to working with customers to close business and ensure customer success.

What would people never guess you do in your role?

People would probably never guess that I cold call current Varonis customers. I reach out to them to open the lines of communication, touch base on the products they currently have, and make sure they’re successful and happy. Then see if there is a potential for upsells.

How has Varonis helped you in your career development?

I have received so much guidance to become a better salesman, a better engineer, a better analyst, and most importantly a better leader. I am always asking for help to develop more skills for the future and the company has always been happy to offer it. Varonis has also taught me to laugh (a lot).

What advice do you have for prospective candidates?

Be ready to learn because things can move quickly. There are a lot of very talented people to learn from at Varonis, so prepare yourself to pick up all the knowledge you can to execute opportunities when they are presented.

What do you like most about the company? 

The people…I know it’s cliché! The people here really are incredible though. I cannot overstate how instrumental my colleagues have been in my development as an employee and a person.

What’s the biggest data security problem your customers/prospects are faced with?

I would say the biggest challenge is how quickly threats evolve. Implementing new security practices is difficult and time-consuming – especially the kind of change a corporate culture that is typically required to protect data.

When programs are fully implemented, the attackers may have shifted tactics and organizations have to start from scratch, fighting a new type of threat. This is why user behavior analysis is becoming so important for insider threats.

Now for some Fun Facts on Alan!

What’ s your all-time favorite movie or tv show?

Twin Peaks, all the way.

If you could choose any place in the world to live, where would it be and why?

A nice boat with space to tie up a seaplane. That way, I could get a very cool perspective on the world and start every day with a swim.

What is the first thing you would buy if you won the lottery?

A seaplane with pilot lessons.

Interested in becoming Alan’s colleague? Check out our open positions, here!

Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

Everyone makes predictions at this time of year, but who looks back to check on their accuracy? Let’s have a look at some of last year’s omens before directing our forecast lens to 2017.

Our first prediction for 2016: The U.S. Presidential campaign will be affected by a cyber attack.

We were on to something here, but we should have said numerous attacks. From Wikileaks exposing internal campaign emails to allegations that Russia attempted to affect the outcome, security became a front-and-center issue.

We also predicted: Ransomware damage will double.

We had the right direction but the problem actually became far worse than our modest foreboding (a real kick in the crystal ball). While 2015 saw about $325 million in ransom from CryptoLocker alone, 2016 will likely hit $1 billion in ransomware damages according to the FBI.

Amid the hacked ruins, compromised confidences and costly shakedowns of 2016 is the realization that privacy can never truly be assured for modern communications.

Let’s see what 2017 will bring.

1. Extortionware will be the new lucrative thing.

Ransomware’s more targeted, more difficult and more lucrative cousin, will emerge and cause major financial damages because of the sheer size of the payouts demanded when highly sensitive data is threatened with exposure. This will go largely unreported for reasons of discretion, making the prescience of this prediction conveniently unverifiable next year.

2. Ransomware will continue to be a major thing (and backups aren’t enough).

Ransomware will continue to grow in terms of the sheer number and frequency of attacks on organizations. IT best practices for defending against ransomware will expand from backup remediation to early detection and alerting as user behavior analytics become more intelligent and predictive. Stopping an attempted attack – before or right after it starts – is far more efficient and less painful than figuring out which files were affected and restoring them from backup.

3. Threats within will drive the need for smarter security analytics.

Adoption of security analytics will increase, as insider threats continue to get CXO and board-level attention. Insiders have legitimate access to systems and data, so preventing initial access is more than impractical. Detection is the next line of defense for employees or contractors who abuse their access, and to reveal insider credentials that are stolen.

4. Goodbye, ads. Hello, blockers.

The use of ad blockers will skyrocket after another major media site becomes a distributor of malware (as Forbes was in 2016) and users take more deliberate command of their own protection against growing malware threats.

5. Weaponizing IoT will become a regular occurrence.

IoT (Internet of Things) devices such as DVRs and security cameras will become more frequent targets for attackers. While the devices themselves may not all contain valuable data, they represent potential stepping stones on a hacker’s path to steal digital assets. The Mirai botnet, capable of some of the biggest attacks yet and able to reach high volumes with minimal ramp-up time, will threaten the adoption of IoT applications as device makers realize they must make security a design principle or lose their markets.

6. You’re hired, Ms. IT Security Candidate.

With $1 trillion predicted to be spent globally on cybersecurity between 2017 and 2021 and more than 200,000 security jobs currently unfilled in the U.S., computer security skills will continue to be the hottest kind in the IT job market in terms of the number of unfilled jobs and the compensation levels.

7. Organizations will need to save users from themselves.

User education on password hygiene and recognizing potential attacks will continue to increase but the reality will sink in that vigilance alone will not suffice, as phishing and malware become more and more difficult for even careful employees to detect. Organizational remedies will become more widespread to protect their employees, customers, partners, and themselves.