G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: www.scorpionnewscorp.com SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta... Banknote Watch offers essential advice as old £5 i... » As of Friday 5th May 2017, the paper £5 note was officially withdrawn from circulation and no lo...



Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.


Case Studies

PHOENIX:  BeyondTrust has unveiled the results of its Federal Cyber-Security Threat Survey Report 2017. Based on a comprehensive survey of senior Federal IT professionals, the study exposes an aging Federal computing infrastructure which has led to an environment with an alarmingly high risk of breaches.

105 senior IT professionals working for federal agencies were asked about their computing infrastructure, security, breaches and IT modernization. A summary of the findings is included below.

Federal IT managers concerned about antiquated infrastructure.

An overwhelming majority of Federal IT managers (81 percent) say aging IT infrastructures have a somewhat to extremely large impact on their cyber-security risk. Further, three of five (61 percent) say aging infrastructure is a roadblock to achieving federal cyber-security mandate compliance.

We found ample examples of aging infrastructure in our survey. For example, a surprising 47 percent of Federal agencies still use Windows XP, driving a third of respondents (35 percent) to report that this kind of aging infrastructure had a somewhat to large impact on their ability to affect vulnerability patching.

The impacts of aging federal infrastructure don’t stop there …

· Three of four say aging infrastructure is a somewhat to extremely large risk to their ability to achieve their mission.

· The biggest impacts include inefficiency, increased cyber risk and problems with compliance.

· Specific to cyber-security, the top impacts of an aging infrastructure are difficulty with patching, password management and privileged account management (PAM).

· Respondents cite aging infrastructure as the top roadblock in the way of achieving federal cyber-security mandates

Aging Infrastructure Leads to Breaches

Aging infrastructure is not just a problem in theory; aging infrastructure makes federal systems more vulnerable to attack, which has led to an environment that could be rife for breaches.

· 42 percent have experienced a data breach within the past 6 months.

· A staggering one in eight has experienced a data breach within the past 30 days.

· Put another way, the typical federal IT system experiences one breach every 347 days.

· Respondents report that the typical data breach costs more than $91,000.

· The total cost due for data breaches is $637 million every year.

· The most frequently reported costs include loss of productivity, loss of reputation and pure monetary damages.

Privileged Account Management: Gap Between Theory and Practice

We asked respondents what tools were most important to them in terms of securing their information environment. Here they ranked privileged access management and vulnerability patching as most important. This is significant as these technologies restrict user privileges and close off security weaknesses in systems.

Yet, despite understanding the importance of such measures, most (56 percent) use alternate solutions to manage privileged passwords and nearly two-thirds (63 percent) report less than fully mature vulnerability remediation programs. In fact, 6 percent have NO remediation plan, and another 14 percent do only the bare minimum required by compliance mandates.

What IT Can Do Mitigate the Security Risk of Aging Federal Infrastructure

The BeyondTrust 2017 US federal government study points to four best practices that any agency can implement.

· Manage privileged credentials with greater discipline, eliminate administrator rights and enforce least privilege

Thirty percent of respondents believe that insider threats pose a significant threat and 35 percent believe their users have more privileges than are required. To mitigate insider threats and the exploitation of privileges, adopt a least privilege model by removing admin rights from users and storing all privileged credentials in a secure safe. Known escalation attacks have been around for years and are still being used. These attacks require local administrator rights. It’s not just about insiders. Enforcing least privilege prevents lateral movement within an organization if a breach does occur.

· Isolate Legacy Systems to reduce attack surfaces

Modernization of federal IT infrastructure is a priority for most survey respondents, but realistically this will not happen quickly. These aging systems have known risks. Reduce the attack surface by isolating legacy systems. Segment these systems to force all traffic through a proxy to reduce attack vectors. Deploy an automated password and session management solution that provides secure access control, auditing, alerting and recording for any privileged account. This will provide segmented access to critical systems, manage passwords, and monitor when tasks and operations are committed to a managed system.

· Improve the maturity of vulnerability management through automated patching

Even in today’s sophisticated threat landscape, the majority of attacks target known vulnerabilities that can be easily patched. Effective patch management goes a long way in reducing a network’s overall attack surface. To be truly effective, patch management requires intelligent prioritization and broad coverage for common business applications. To improve the efficiency and effectiveness of an agency patch process deploy a solution that provides integrated, automated patching. Implementing a solution that delivers analytics and trending across the threat lifecycle for multi-dimensional reports on assets, vulnerabilities, attacks and remediation allows prioritized patch management based or risk profile.

· Unite threat intelligence from multiple sources to better prioritize risks across the environment

Since the asset risk-to-user privilege risk pattern is a common attack vector, deploy solutions that correlate asset-based risk with user-based activity to gain a more complete picture of risks, gaining needed prioritization of the most impactful risks. For example, advanced persistent threats (APTs) can be analyzed against privileged password, user, and account activity, along with asset characteristics such as vulnerability count, vulnerability level, attacks detected, risk score, applications, services, software and ports. Consuming multiple data feeds from in-place solutions into a single console can help mitigate additional costs and reduce complexity.

“The federal government is moving to modernize its aging infrastructure,” said Kevin Hickey, President and CEO at BeyondTrust. “But that takes time, and in the meantime, federal systems face a real risk. These are simple steps IT can take today to help mitigate that risk.”

Federal Cyber-Security Threat Survey Report