Tag Archive for: Stats

Two Law Firm Data Breaches And New Breach Stats

/in


Ed. note: This is the latest in a new article series, Cybersecurity: Tips From the Trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services.

Two New Law Firm Breaches in the News

On April 22, it was reported that midsized law firms McCarter & English and Stevens & Lee had suffered data breaches.

McCarter & English said it is actively investigating a network security incident that “impacted the availability of [its] computer systems.”

Leaders at the New Jersey-based firm said they restored key systems in the week after the incident occurred the weekend of April 9, including access to email. Their lawyers’ ability to perform services for clients was “not significantly impacted,” according to the firm.

“Upon discovering the incident, we took proactive measures to contain the incident and initiated an investigation. Law enforcement was also notified,” the firm said. “The investigation into the incident remains ongoing.”

According to the American Bar Association’s 2021 technology survey, solo and small firms continue to lag behind larger firms when it comes to their tech budgets, with only 43% of solo and 50% of small firms responding that they budget for technology, compared to the 65% of all firms indicating they budget in technology.

Our own experience is that even those who budget for technology don’t separately budget for cybersecurity defenses. While small and midsize firms consistently believe that they are not at great risk, they do not understand the mindset of cybercriminals. Law firm size doesn’t matter as much as the clients they serve and the extreme likelihood of weak security in smaller firms.

We know we harp on two-factor authentication, but it appears that McCarter & English’s data breach highlights the critical role that two-factor authentication can play in a firm’s cybersecurity. McCarter & English already had a multifactor system for authentication. However, after the incident, the firm migrated to data security company Duo for onsite as well as remote access to the firm’s systems.

A report released by Duo states that multifactor authentication has grown significantly…

Source…

Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats

/in


Last year I wrote two FORBES articles* that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cybersecurity in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.   Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cybersecurity throughout the coming year.

  • Alarming Cybersecurity Stats: What You Need To Know For 2021       

Alarming Cybersecurity Stats: What You Need To Know For 2021 (forbes.com)

Cybersecurity and Business

The past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.

Cyber risks top worldwide business concerns in 2022 Cyber risks top worldwide business concerns in 2022 – Help Net Security

“Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.

Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak…

Source…

Apple Makes Case Against App Sideloading by Comparing iPhone Security to Android Malware Stats

/in


Of the two major mobile operating system vendors, Apple enjoys a reputation for being the more private and safe option. The company attributes iPhone security to its “walled garden” approach, restricting app sideloading and making the App Store the only simple and straightforward way to get software onto its devices.

In the face of court decisions that may ultimately force it to loosen this policy, Apple is engaging in a PR campaign that has commissioned research to connect the more open architecture of Android to increased risk of malware. Among other claims, Apple says that an Android device is up to 47 times more likely to contract malware and that allowing app sideloading would attract a wave of cyber crime to the iOS platform.

Apple touts iPhone security ahead of regulatory decisions

Apple’s latest research-driven pamphlet touts the “critical importance” of iPhone security, making the case that a smartphone tends to be the type of device that contains the greatest amount of sensitive personal information. The central theme is that app sideloading would cripple its carefully-structured security protections and expose users to attacks.

The statistics it presents certainly cast Android in a poor light. Apple claims that its rival mobile OS experiences 15 to 47 times more malware infections, totalling six million attacks per month and about 230,000 new malware infections per day.

Apple also claims that allowing app sideloading would be detrimental to its users in a number of ways. Cupertino predicts a wave of cyber crime coming to its ecosystem, even if app sideloading was restricted to approved third-party app stores, along with reduced control over apps for users and the removal of “core components of iPhone security” from iOS due to requirements created by certain sideloading initiatives. Apple also predicts users being tricked by fake third-party app stores and forced into sideloading of apps by employers and schools.

While it is in Apple’s financial interest to paint as dire a picture as possible, the company is not factually wrong on some of its core assertions. However, it also may be exaggerating the case. As the Pegasus spyware…

Source…