2017 and 2018 were not easy years to be a CIO or CISO, and 2019 isn’t showing any signs of being easier. With so many career-ending-level data breaches in 2017 (e.g., Equifax, Uber, Yahoo, to name a few) and with the stronger regulatory requirements worldwide, CIOs/CISOs have a corporate responsibility to rethink their approach to data security. Regulatory compliance aside, companies have a responsibility to their customers and shareholders to protect data, and minimize its exposure not only to external attackers but also to employees. The most common method of data breach in 2017 was a phishing email sent to a company’s internal employees (See 2017 Data Breach Investigation Report), This makes employees unwillingly complicit in the data breach. Over 80% of successful cyberattacks have a critical human element that enabled them. The average employee who opens the innocent-looking attachment or link, is unintentionally jeopardizing a company’s data. While there is no 100% protection, th
The world set a new record for data breaches in 2016,
with more than 4.2 billion exposed records, shattering the former record of 1.1 billion in 2013. But if 2016 was bad, 2017 is shaping up to be even worse. In the first six months of 2017, there were 2,227 breaches reported, exposing over 6 billion records and putting untold numbers of accounts at risk. Out of all these stolen records, a large majority include usernames and passwords, which are leveraged in 81 percent of hacking-related breaches according to the 2017 Verizon Data Breach Investigations Report. Faced with ever-growing concerns over application and data integrity, organizations must prioritize identity protection in their
security strategies. In fact, safeguarding the identity of users and managing the level of access they have to critical business applications could be the biggest security challenge organizations face in 2017.
Data breaches have become a fact of life for organizations of all sizes, in every industry and in many parts of the globe. While many organizations anticipate that at some point a non-malicious or malicious data breach will occur, the focus of this study is to understand the steps organizations are taking—or not taking--to deal with the aftermath of a breach or what we call the Post Breach Boom.
Sponsored by Solera Networks, The Post Breach Boom study was conducted by Ponemon Institute to understand the differences between non-malicious and malicious data breaches and what lessons are to be learned from the investigation and forensic activities organizations conduct following the loss or theft of sensitive and confidential information. The majority of respondents in this study believe it is critical that a thorough post-breach analysis and forensic investigation be conducted following either a non-malicious or malicious security breach.
Until recently, security teams for organizations in many industries believed they didn’t need to worry about DDoS attacks, but the latest data from the Verizon 2017 Data Breach Investigations Report indicates that businesses of all sizes in nearly every industry run the risk of being attacked.¹ IoT devices are increasingly compromised, recruited into botnets, and offered up by their creators as for-hire DDoS services. Additionally, there are numerous DDoS tools and services that are easily accessible and easy to use, even for the untechnical novice.
Cyberbreaches aren’t just in the news—they are the news. Yet headlines rarely mention the No. 1 source of those breaches: weak or stolen passwords. Whether they involve malware, hacking, phishing, or social engineering, the vast majority of breaches begin with account compromise and credential theft, followed by dormant lateral network movement and data exfiltration. In fact, weak or stolen passwords account for a staggering 81% of breaches, according to the Verizon 2017 Data Breach Investigations Report.
Not surprisingly, a new Okta-sponsored IDG survey finds that identity access management (IAM) is a top priority for nearly three-quarters (74%) of IT and security leaders. Yet the same survey uncovers widespread concern that their current IAM implementations are falling short. Just one worrisome example: Fewer than one-third (30%) of respondents report a good or better ability to detect a compromise of credentials.
The following report explores the gap between respondents’ aspiratio
Campus Cybersecurity is a perennial ‘top of mind’ topic for Higher Education. For the second time in three years, information security topped Educause’s annual Higher Ed CIO Top 10 IT Issues survey. This should come as no surprise according to the latest Verizon Data Breach Investigations Report (DBIR).
The report, which shows cybercriminal activity trending upwards, identifies the three most targeted industries as Financial and Insurance, Healthcare, and Education.
To find out more, download this whitepaper today.
Who Needs Malware? How Adversaries Use Fileless Attacks to Evade Your Security Learn how fileless techniques work and why they present such a complex challenge. The arms race between cybersecurity vendors and determined adversaries has never been more heated. As soon as a new security tool is released, threat actors strive to develop a way around it. One advanced threat
technique that is experiencing success is the use of fileless attacks, where noexecutable file is written to disk. The 2017 Verizon Data Breach Investigations Report found that 51 percent of cyberattacks are malware
Learn how fileless techniques work and why they present such a complex challenge.
The arms race between cybersecurity vendors and determined adversaries has never been more heated. As soon as a new security tool is released, threat actors strive to develop a way around it. One advanced threat technique that is experiencing success is the use of fileless attacks, where no executable file is written to disk.
The 2017 Verizon Data Breach Investigations Report found that 51 percent of cyberattacks are malware-free, so there’s no indication that these attacks will be subsiding anytime soon. Read this white paper to get the important information you need to successfully defend your company against stealthy fileless attacks.
Download this white paper to learn:
• The detailed anatomy of a fileless intrusion, including the initial compromise, gaining command and control, escalating privileges and establishing persistence
• How fileless attacks exploit trusted systems — the types of processe
Vulnerabilities in web applications are a major vector for cyber-crime. In large organizations, vulnerable web applications comprised 54% of all hacking breaches and led to 39% of compromised records, according to the 2012 Data Breach Investigation Report by Verizon Business.
This paper describes how large enterprises can effectively discover, catalog and scan web applications to control this major risk vector as part of their organization’s overall vulnerability management program.
When web applications are breached, enormous amounts of sensitive business data can be lost. According to Verizon’s 2014 Data Breach Investigations Report, web application attacks more than doubled in 2013 to become the #1 cause of security incidents
As information security continues to rise to the top of the enterprise priority list, what used to be an easy-to-control environment, with all data stored behind the corporate firewall, is no longer. Shadow IT, mobile computing, consumer IT, and cloud computing are all transforming enterprise IT. Workers using unsecured networks and devices without encryption are also a concern, as data breaches cost organizations millions of dollars in fines, data loss, investigations, and customer backlash.
Download the Simplifying Employee Investigations white paper and learn about some of the real-world issues businesses face that result in employee investigations, the methodologies used to perform investigations, and then we’ll look at why investigating proactively can help.
Remote employees have more opportunity for distraction, lack of training, and inability to be refocused on task than their in-office counterparts, so companies need to get serious about ways to gain visibility into the activities of their remote employees to gauge productivity
DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Our portfolio of live events, online and print publishing, business intelligence and professional development brands are centred on the complexities of technology convergence. Operating in 42 different countries, we have developed a unique global knowledge and networking platform, which is trusted by over 30,000 ICT, engineering and technology professionals.
Data Centre Dynamics Ltd.
102-108 Clifton Street
London EC2A 4HW