Week in review: G Suite security enhancements, Microsoft 365 security

Here’s an overview of some of last week’s most interesting news and articles:

One hundred percent of endpoint security tools eventually fail
Endpoint security tools and agents fail, reliably and predictably, according to the 2019 Global Endpoint Security Trends Report from Absolute.

Microsoft 365 security: Protecting users from an ever-evolving threat landscape
In this age of frequent security and data breaches, the statement “We take our customers’ privacy and security very seriously” has been heard from breached companies so often as to become a point of mockery, anger and frustration.

Attention CISOs: Five steps to get the security funding you need
Going in front of the board to request or increase your security funding is no easy task – especially when the organization is facing budget restraints or, worse, the board does not agree with your sense of urgency in securing the organization.

Building a modern data registry: Go beyond data classification
For organizations, understanding what data they store and analyze is gaining increasing urgency due to new privacy regulations, from the Global Data Privacy Regulation (GDPR) to the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD). But these regulations are not the only reason organizations are focused on privacy.

Bad security hygiene still a major risk for enterprise IT networks
Unpatched vulnerabilities, along with growing network and application complexity pose an ongoing security risk which could threaten the security of enterprise IT networks.

Google introduces many G Suite security enhancements
The big news from Google Cloud Next 2019 is that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification.

As IT security automation increases, so does the need for highly skilled staff
The adoption of automation for IT security functions is on the rise across the US, UK and APAC, the latest DomainTools/Ponemon report has shown.

The perimeter is vanishing, how will you secure your network?
The concept of a network being fully enclosed within a building or virtual organization, and therefore easier to defend, is gone. The concept of a defensible, impermeable perimeter is dead. This is not news to anyone who is in the position to protect an organization from cyberattacks, and we understand the challenges security teams face under these circumstances.

Employee cybersecurity essentials part 2: Lost devices and unsafe connections
Faulting workers for behavior they’ve become accustomed to in their private lives is tricky. It can reinforce ITs added challenge of protecting company assets by having to address employees’ daily habits, some of which can jeopardize the organization’s security posture.

DevSecOps: Fast development without sacrificing safety
DevOps has been a boon to companies looking to shorten the systems development cycle, pushing software developers and IT operations to work together and help their enterprises fulfil their business objectives.

Hackers used credentials of a Microsoft Support worker to access users’ webmail
An unknown number of customers of Microsoft’s webmail services (Outlook.com, Hotmail, MSN Mail) received a notice from the company telling them that attackers had access to their email account for three months.

Google will check apps by new developers more thoroughly
In an attempt to thwart Android developers who are set to distribute malicious apps through Google Play, Google will be taking more time when reviewing apps by developers with newly minted accounts.

The correlation between DDoS attacks and cryptomining
There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month.

Cyber espionage and sabotage attacks pose an increasing threat to the energy industry
Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time.

What’s in a cybersecurity question? Getting to the root of cyber insights
We all know the countless challenges of being on the front lines of cybersecurity. The barrage of new threats, the mundanity of being reactive, and the disconnect between security teams and executives.These problems aren’t new. But they subsist. Stubbornly. Unwavering. Now to the big question. Why?

What is driving organizations’ cloud adoption?
Cloud adoption is gaining momentum, as 36 percent of organizations are currently in the process of migrating to the cloud while close to 20 percent consider themselves to be in the advanced stages of implementation, according to the second annual cloud usage survey by data virtualization company Denodo.

Healthcare orgs have to achieve true cybersecurity, not only compliance
According to a report by CynergisTek, which is based on aggregate ratings from privacy and security assessments performed in 2018 at nearly 600 healthcare provider organizations and business associates across the US, an average of 72% of orgs conform with the HIPAA’s rules and a 47% with NIST CSF controls.

Manufacturing sector most vulnerable to insider threats
Almost three quarters of the 650+ international IT professionals Gurucul canvassed said they are vulnerable to insider threats, and ranked user error (39%) and malicious insiders (35%) ahead of account compromise (26%) as their leading concern.

The top emerging risks organizations are facing
Gartner surveyed 98 senior executives across industries and geographies and found that “accelerating privacy regulation” had overtaken “talent shortages” as the top emerging risk in the Q1 2019 Emerging Risk Monitor survey.

Banks continue to prioritize risk management over customer convenience
Almost three in four banks in Asia Pacific anticipate that fraud in their country will increase in 2019, according to a recent poll by FICO.

New infosec products of the week: April 19, 2019
A rundown of infosec products released last week.