Tag: Costs | Page 3

Social Engineering Gains Lead to Spiraling Breach Costs

June 7, 2023/in Internet Security

A full three-quarters of data breaches in the last year (74%) involved the human element, mainly caused by employees either falling for social engineering attacks or making errors, with some misusing their access maliciously.

Social engineering incidents have almost doubled since last year to account for 17% of all breaches, according to Verizon’s 2023 Data Breach Investigations Report (DBIR) released June 6 (which analyzed more than 16,312 security incidents, of which 5,199 were confirmed data breaches). The report noted that this preponderance of human fallacy within incidents comes along with findings that the median cost of a ransomware attack has doubled since last year, reaching into the million-dollar range. The evidence taken together points to a gaping need for organizations to get in control of the security basics — or else face a spiraling cycle of inflation when it comes to data breach costs.

Chris Novak, managing director of cybersecurity consulting at Verizon Business, noted that in order to rein in the trend, organizations need to focus on three things: employee security hygiene, implementing true multifactor authentication, and collaboration across organizations on threat intelligence. The first is perhaps the most impactful issue, he said.

“The fundamentals need to improve, and organizations need to be focusing on cyber hygiene,” he said, during a press event in Washington DC. “It’s probably the least sexy recommendation I can give you, but it is one of the most fundamentally important things that we see organizations still missing, and of all shapes and sizes. And it’s usually because they want to focus on the new flashy technology in the industry, and they forget the basics.”

Financially Motivated External Attackers Double Down on Social Engineering

In addition to social engineering growing in volume, the median amount stolen from these attacks hit $50,000 this past year, according to the DBIR. Overall, there were 1,700 incidents that fell into the social media bucket, 928 with confirmed data disclosure.

Phishing and “pretexting,” i.e. impersonation of the sort commonly used in business email compromise (BEC) attacks, dominated the social engineering scene, the…

Source…

Twitter to charge for a basic security feature that costs nothing on other platforms

February 19, 2023/in Mobile Security

What you need to know

Twitter’s SMS-based two-factor authentication will now cost you a monthly subscription fee.
The security feature will be restricted only to Twitter Blue subscribers starting March 20.
Accounts with SMS 2FA still enabled will automatically lose this feature after that date.

After locking some of its longstanding features, such as the blue check mark, behind a monthly subscription, Twitter will now charge you for SMS-based two-factor authentication.

The social networking platform surprised users by announcing (opens in new tab) that only Twitter Blue subscribers will be able to secure their accounts using this security option after March 20. After that date, the feature will automatically be disabled, assuming you haven’t done so by then.

It should be noted that disabling SMS 2FA does not automatically remove your phone number from your account.

Twitter is shutting down the SMS-based 2FA option for free users because it has seen “phone-number based 2FA be used – and abused – by bad actors.” This form of authentication is widely regarded as the least secure due to the rising cases of SIM swap attacks, which allow hackers to steal your phone number by contacting your carrier and then tricking them into activating a SIM card in their possession. When fraudsters gain control of your phone number, it’s all over for the security measures you’ve put in place for your online accounts.

Security experts have long been promoting authentication apps and security keys as more secure alternatives to SMS. However, text messages remain a popular choice among Twitter users.

According to the company’s transparency report (opens in new tab) for the period July 2021 to December 2021, almost 75% of users were using SMS for 2FA. Meanwhile, authentication apps account for nearly 29% and physical authentication keys represent a paltry 0.5%.

This makes Twitter’s decision to remove that option quite alarming from a security standpoint, unless you’re paying $8 a month for Twitter Blue ($11 a month on iOS). Otherwise, now is the time to switch to generator apps or a security key.

Additionally, it’s possible to enable multiple 2FA methods on your account, which is strongly recommended,…

Source…

Ransomware attack costs school board more than $300K

January 24, 2023/in Internet Security

Huron-Superior Catholic District School Board is projecting a deficit due to cyberattack; board also doling out cash for credit monitoring, cybersecurity measures

SAULT STE. MARIE — The Huron-Superior Catholic District School Board will operate with a $325,000 deficit for its 2022-2023 budget due to a ransomware attack that crippled the board’s information systems in mid-December and compromised personal information belonging to a number of its employees.

“This deficit is a result of the cyber incident,” said business superintendent Justin Pino in an email to SooToday Monday. “Before the incident the board was projecting a balanced budget.”

Additional expenses related to the Dec. 15 cyberattack covered by the board’s cyber insurance are not being disclosed.

The English Catholic school board is also spending USD $69,212 annually for three years on software from SentinelOne, a California-based cybersecurity company, in order to protect it from potential cyberattacks.

A two-year credit monitoring service for affected school board employees through TransUnion will run the board $30,000 following the Royal ransomware attack, which resulted in the theft of personal information — including social insurance numbers and banking information — for staff members employed by the board between 2019 and 2022.

Board officials are not disclosing whether or not the school board paid a ransom to the attackers.

Source…