Tag Archive for: common

8 Most Common Causes of a Data Breach

/in


Data breaches are a rising global threat. According to IBM and the Ponemon Institute, data breaches reached a record high in the last two years. Over 2,200 cyberattacks happen daily, costing large companies $4,24 million with each attack. The most frustrating part of these recurring events is that the causes of data breaches remain pretty much the same for private persons and companies alike.

The mitigation of data breaches strictly depends on how high you regard the data managed by your company. Don’t underestimate the importance of data loss prevention-it’s key given the ongoing proliferation of cybercrime. Learning about the most common causes of data leaks is useless unless you take action to prevent these events. In the following lines, we discuss eight common causes of security breaches and how to solve these issues with effective measures.

Weak Passwords

What is the number one cause of data breaches? You’ll likely find that weak passwords are the top reason. According to the Harris Poll, 75% of Americans are duly frustrated with maintaining secure passwords. Out of that number, over 24% use common passwords such as sequential numbers, a single word, or a combination of three letters and three numbers. 49% of password users only change a single character or digit on their password when they’re prompted to update them.

Keeping a strong password isn’t that difficult. Many cybersecurity experts agree that combining a single sentence with different cases and numbers is more than enough. A single word won’t do the trick since you usually choose something inherent to your character. Hackers with experience in social engineering can pick up on that to figure out your digital keys. If keeping track of your passwords is a chore, we suggest you invest in a reliable password manager service to make life easier. 

Criminal Hacking

Criminal hacking—it’s what causes the majority of data breaches. These are planned attacks by cybercriminals always looking to exploit computer systems or networks. Some common techniques include phishing, password attacks, SQL injections, malware infection, and DNS spoofing. Cyber actors know their way around these methods, and they know how…

Source…

Key findings from the DBIR: The most common paths to enterprise estates

/in


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, Verizon released the 2022 Data Breach Investigations Report (DBIR), analyzing over 5,212 breaches and 23,896 security incidents. 

The report highlights that attackers have four key paths to enterprise estates; credentials, phishing, exploiting vulnerabilities, and malicious botnets. 

Hackers can use any of these entry points to gain access to a protected network and launch an assault. Generally, they’ll do this by exploiting the human element (including errors, miuse, and social engineering), which accounted for 82% of intrusions this year. 

More specifically, the research also shows that 50% of breaches revolve around remote access and web applications, while 25% were contributed to by social engineering, and credential reuse was involved in 45% of breaches. 

The new threat landscape: ‘breaches beget breaches’ 

One of the most important revelations of the report is that supply chain incidents are providing threat actors with the materials they need to access downstream enterprise’s systems, which explains why 97% of firms have reported being negatively impacted by a supply chain security breach in the past. 

Verizon’s DBIR suggests that threat actors use supply chain breaches because they act as a force multiplier, enabling them to breach upstream organizations and service providers before using the access and information they’ve gained to break into the systems of downstream organizations.  

Or as Senior Information Security Data Scientist on the Verizon Security Research Team, Gabriel Bassett describes it, “breaches beget breaches.” “Breaches at a partner can lead to your own breach, as with supply chain breaches. Access paths can be acquired by threat actors and sold on criminal marketplaces.”

Bassett explains that most of the time, hackers exploit the human element to gain initial access, through the use of phishing scams or credential theft and reuse. 

“After purchasing the access, the new attacker monetises it…

Source…

Emotet becomes most common malware family in Q1 2022

/in


Emotet becomes most common malware family in Q1 2022 | Security Magazine




Source…

Common values, shared threats in India-Australia cyber security ties

/in


Western and media attention may be focused on the conflict between Russia and Ukraine, but countries have not taken their eye off the Indo-Pacific where there is clear evidence of the changing world order. This is manifest in the signing of the India-Australia Economic Cooperation and Trade Agreement in goods and services earlier this month.

The botched US withdrawal from Afghanistan followed by China taking a serious interest in creating new economic, military and political alliances, and the impending energy crisis demand that nations recalibrate their strategic as well as long-term interests. The India-Australia ECTA is a concrete example of the bilateral faith in common values, and understanding of threats and goals. A reflection of this is cooperation in cyber security.

The Russia-Ukraine conflict has shown how cyber threat actors, both state and non-state, have become significant players in hybrid or “unrestricted” warfare. Both countries have let loose malicious elements in the information as well as operational space, while non-state actors like the hacktivist group Anonymous claimed to have caused significant damage to critical Russian and Belarusian financial and military infrastructure.

China is accused of having amassed a large number of cyber weapons and has allegedly carried out sophisticated operations aimed at espionage, theft of intellectual property, and destructive attacks on internet resources of some countries. Australia and India have been at the receiving end of several such campaigns by the so-called Advanced Persistent Threat (APT) groups, supported by or assumed to be located in China.

At the June 2020 virtual bilateral summit, Prime Minister Narendra Modi and his Australian counterpart Scott Morrison elevated the bilateral relationship to a Comprehensive Strategic Partnership. The new cyber framework includes a five-year plan to work together on the digital economy, cybersecurity and critical and emerging technologies. This will be supported by a $9.7 million fund for bilateral research to improve regional cyber resilience.

An annual Cyber Policy Dialogue, a new Joint Working Group on Cyber Security Cooperation and a joint working group on ICTs…

Source…