POPULARITY
In this episode of The Segment, we dive deep into the critical intersection of cybersecurity, resilience, and organizational strategy with the renowned Dr. Larry Ponemon, founder of the Ponemon Institute and a pioneer in privacy and security research. With over 20 years of groundbreaking studies, including the IBM Cost of a Data Breach Report and the Global Cost of Ransomware Study, Dr. Ponemon shares valuable insights into the evolving cyber threat landscape and what businesses can do to stay ahead.We also talk about: The origins and evolution of the Ponemon Institute's research.Why prevention isn't enough, emphasizing containment and resilience in cybersecurity.The rising costs of data breaches and attackers' growing focus on disrupting operational resilience.How organizations can leverage research data to secure leadership buy-in and develop effective strategies.The importance of Zero Trust frameworks in addressing modern security challenges.The role of robust leadership, strategic planning, and redundancy in enhancing resilience.The evolving responsibilities of CISOs and unifying accountability within organizations.Emerging trends like artificial intelligence and global contributions to cybersecurity innovation.Metrics for measuring the effectiveness of security controls.The Global Cost of Ransomware Report: https://www.illumio.com/resource-center/cost-of-ransomware Listening Notes:[2:30 - 6:00] Advice for Mitigating Ransomware Risks[6:00 - 11:00] Role of Zero Trust in Security[11:00 - 16:00] Accountability in Security Strategies[16:00 - 21:00] Research Wishlist: Metrics and Trust[21:00 - 25:00] Long-Term Industry ObservationsTune in to learn how to shift from a prevention mindset to one of resilience and adaptability in an ever-changing digital world!
Send us a textCameron and Gabe return after a brief hiatus to explore major developments in security, privacy, and resilience. They dive into insights from the IAPP conference and VeeamOn, examining how AI governance and outdated privacy tools are reshaping the industry landscape.• AI governance frameworks dominated IAPP discussions with companies "building the plane as they're flying"• Verizon's Data Breach Report debunks overblown AI security fears, showing real risks are data leakage and poor access controls• Growing frustration with outdated privacy management tools is driving demand for better solutions• Security posture isn't about using recognized brands but about architecture without dangerous gaps• Sam Altman's virtual appearance at IAPP disappointed attendees expecting an in-person keynoteStay tuned for our bonus episode covering even more developments from this busy week in privacy and security! Support the show
We consider the incongruency of a U.S. Strategic Bitcoin Reserve, the latest crypto exchange hack, and how most participants lost money on the Trump meme coin. Given all that, we review some areas where cryptocurrency is helping individuals and businesses.Topics CoveredWhat is the U.S. Strategic Petroleum ReserveWhy it makes little sense for the U.S. and individual states to create and participate in a Strategic Bitcoin ReserveWhat led to the latest and largest cryptocurrency exchange hack in historyHow financial and other data breaches impacted over 1 billion people last year, costing over $15 billionHow quantum computers could disrupt the security of cryptocurrency and traditional financial systemsWhy most speculators lose money on meme coinsWhat are some current ways cryptocurrency is helping individuals and businesses achieve greater financial stability and lower costsEpisode SponsorsDelete Me – Use code David20 to get 20% offStawberry.meInsiders Guide Email NewsletterGet our free Investors' Checklist when you sign up for the free Money for the Rest of Us email newsletterOur Premium ProductsAsset CampMoney for the Rest of Us PlusShow NotesAll Information (Except Text) for S.4912 - BITCOIN Act of 2024—Congress.govHouse Bill No. 4087—Michigan Legislature2025 South Dakota Legislature House Bill 1202—South Dakota LegislatureState of Arizona Senate SB 1025—Arizona State LegislatureQuantum computers and the Bitcoin blockchain by Itan Barmes, Bram Bosch and Olaf Haalstra—DeloitteBybit Hack, Crypto's Biggest Ever, Spoils Coinbase's SEC Victory Party by Olga Kharif, Muyao Shen, and Emily Nicolle—BloombergCost of a Data Breach Report 2024—IBMITRC Annual Data Breach Report—Identity Theft Resource CenterPost by @realDonaldTrump—Truth SocialTrump MemeEarly Investors in Donald Trump's Memecoin May Have Been Tipped Off, Experts Claim by Joel Khalili—WiredExclusive: Trump's meme coin made nearly $100 million in trading fees, as small traders lost money by Tom Wilson and Michelle Conlin—ReutersMemecoin scandal rocks Argentina's Javier Milei by Ciara Nugen—The Financial TimesTether Brings Its $140B USDT Stablecoin to Bitcoin and Lightning Networks by Krisztian Sandor—CoinDeskRelated Episodes488: Should You Invest in an Ethereum ETF?462: Now Should You Buy a Bitcoin ETF?410: Is Cryptocurrency Dead?373: Are Stablecoins Safe? Should You Own Them?See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today's organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases. Host: Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT, The IIA Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner Key Points Introduction [00:00-00:00:07] Overview of identity and access management [00:00:08-00:00:31] The financial impact of data breaches [00:00:32-00:01:26] Challenges in detecting and responding to security incidents [00:01:27-00:02:26] Common identity and access management risks for auditors [00:02:27-00:03:26] Weak governance and its implications [00:03:27-00:04:26] Siloed organizations and identity and access management complexities [00:04:27-00:05:26] Regulatory frameworks and standards [00:05:27-00:07:26] Identity and access management controls and data governance [00:07:27-00:09:26] Real-world use cases and security incidents [00:09:27-00:11:26] Horror stories and lessons learned in identity and access management [00:11:27-00:13:26] Best practices for managing user access reviews [00:13:27-00:16:26] Continuous authentication and its challenges [00:16:27-00:18:26] Privileged access management and audit considerations [00:18:27-00:21:26] The impact of AI and machine learning on identity and access management [00:21:27-00:23:26] Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26] Closing remarks [00:25:27-00:31:43] The IIA Related Content Interested in this topic? Visit the links below for more resources: Intermediate IT Auditing Auditing IT Change Management GTAG: Auditing Identity and Access Management, 2nd Edition Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program Implementing The IIA's New Cybersecurity Topical Requirement Cybersecurity Topical Requirement Visit The IIA's website or YouTube channel for related topics and more. Resources Mentioned The IIA's 2025 Analytics, Automation and AI Virtual Conference The IIA's Updated AI Auditing Framework NIST Cybersecurity Framework (CSF) NIST AI Risk Management Framework IBM Cost of a Data Breach Report 2024 CISA and NSA Guidance on Identity and Access Management Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2024 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
Dans cet épisode de Déclic Numérique, nous explorons pourquoi les données sont souvent comparées au pétrole du XXIe siècle. Qu'est-ce qui les rend si précieuses ? Comment sont-elles utilisées dans des secteurs comme la santé, le divertissement ou les transports ? Et surtout, quels risques ces gigantesques volumes de données entraînent-ils pour notre sécurité, notre vie privée et l'environnement ? Découvrez les bases pour mieux comprendre et gérer vos données au quotidien.Sources citées :DOMO, Data Never Sleeps 10.0 : DOMO ReportStatista (2023), Global Data Economy Trends : Statista Data TrendsIBM, Cost of a Data Breach Report 2022 : IBM Security ReportDocteur Imago, Impact environnemental du numérique en santé : Docteur Imago ArticleCNIL, Données personnelles : comprendre vos droits : CNIL Resources----------------------------------DSI et des Hommes est un podcast animé par Nicolas BARD, qui explore comment le numérique peut être mis au service des humains, et pas l'inverse. Avec pour mission de rendre le numérique accessible à tous, chaque épisode plonge dans les expériences de leaders, d'entrepreneurs, et d'experts pour comprendre comment la transformation digitale impacte nos façons de diriger, collaborer, et évoluer. Abonnez-vous pour découvrir des discussions inspirantes et des conseils pratiques pour naviguer dans un monde toujours plus digital.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
In this episode of Power Producers Podcast, David Carothers is joined by Ryan Smith, founder of RLS Consulting, to discuss the evolving world of cybersecurity and how insurance professionals can better navigate this complex space. Drawing on Ryan's extensive experience, they delve into actionable strategies for producers to engage clients on cyber risk, overcome objections, and build meaningful solutions that go beyond the policy. Key Points: The Intersection of Cybersecurity and Insurance Ryan highlights how cybersecurity and cyber liability are complementary solutions addressing the same problem: mitigating and transferring cyber risk. Understanding both perspectives helps producers connect the dots and provide more value to clients. Education Over Fear The conversation emphasizes the importance of educating clients about their cyber risks without resorting to fear-based selling. Producers are encouraged to focus on business impacts rather than technical vulnerabilities, fostering a consultative approach. Assessing Risk and Incident Preparedness Ryan shares insights on helping clients assess their cyber risks and prepare for incidents. He stresses the importance of asking key questions about incident response plans, compliance requirements, and the company's readiness for cyber threats. Shifting Client Mindsets The discussion tackles common objections, such as overconfidence in IT departments or the belief that “it won't happen to us.” Ryan suggests producers approach these scenarios with empathy and education, aligning solutions with clients' business priorities. Valuable Resources for Producers Ryan points to trusted industry reports, such as Verizon's Data Breach Investigations Report and IBM's Cost of a Data Breach Report, as tools to support client conversations and reinforce the importance of proactive cyber risk management. Connect with: David Carothers LinkedIn Ryan L. Smith LinkedIn Kyle Houck LinkedIn Visit Websites: Power Producer Base Camp RLS Consulting Killing Commercial Crushing Content Power Producers Podcast Policytee The Dirty 130 The Extra 2 Minutes
Integrity360, one of the leading pan-European cyber security specialists, has announced the launch of its Managed Cloud Native Application Protection Platform (CNAPP) Service, designed to deliver automated cloud workload protection, unparalleled visibility into cloud environments, proactive threat and exposure detection, and compliance alignment. The service addresses the growing complexity of securing multi-cloud environments and protecting cloud-native applications against evolving risks. Cloud environments are increasingly the target of cyberattacks, with 82% of breaches occurring in the cloud and 39% spanning multiple environments, according to the IBM Cost of a Data Breach Report 2023. Integrity360's Managed CNAPP Service directly addresses these risks, providing organisations with advanced tools and services to strengthen their cloud security posture and protect their cloud environments with greater efficiency. Integrity360's Managed CNAPP Service combines agent and agentless methodologies to deliver visibility into threats and exposures across cloud environments. This dual approach enables organisations to monitor and protect every layer of their cloud infrastructure, from workloads and configurations to APIs and sensitive data. Granular insights into misconfigurations and potential vulnerabilities also allow organisations to identify and address risks proactively, reducing the likelihood of breaches. Integrity360's Managed CNAPP Service offers 24/7 real-time threat detection, leveraging AI-driven insights to identify active threats and prioritise risk findings. By distinguishing between two critical categories, exposures and threats, the service focuses security operations, improving the speed and accuracy of threat management and alleviating the burden on internal security teams. The service integrates seamlessly across multi-cloud setups and provides 24/7/365 protection through Integrity360's Security Operations Centre (SOC). It is backed by robust SLAs, ensuring that critical threats are acknowledged within 15 minutes, triaged within one hour, and investigated within two hours. This rapid response capability enables businesses to contain threats quickly and minimise potential damage. The service also addresses common vulnerabilities in cloud environments, such as misconfigured assets and excessive permissions, which have been at the centre of recent breaches. For instance, the high-profile Microsoft Midnight Blizzard attack, in which attackers exploited a non-production cloud tenant lacking MFA to gain access to production systems, highlights the critical need for proactive security measures. "Traditional cloud security tools often operate in silos, leaving blind spots in organisations' defences," said Ahmed Aburahal, Technical Product Manager at Integrity360. "The need for advanced, unified security solutions is critical, particularly as Gartner predicts that 95% of cloud breaches will stem from user misconfigurations by 2025. Our Managed CNAPP Service bridges these gaps, providing a unified platform that ensures continuous monitoring, streamlined risk management, and robust threat protection." Integrity360's Managed CNAPP Service offers tailored solutions to prevent such incidents, including continuous configuration monitoring and enforcement of security best practices. The flexible options empower businesses to select the level of protection that best aligns with their cloud strategy, whether securing a single public cloud or managing complex multi-cloud infrastructures. Ongoing optimisation enables organisations to adapt to evolving threats and maintain an agile, resilient cloud environment and while the service leverages advanced automation and AI-driven tools, its human-centred approach is critical to its success. Integrity360's SOC team provide expert configuration and change management support, ensuring that each customer's CNAPP deployment is aligned with their unique security and compliance needs. Month...
What's the true cost of a data breach?
In this conversation, I discuss various topics including the US Army's failed $11 million marketing deal with the UFL and Dwayne 'The Rock' Johnson, the state of ransomware in state and local government organizations, the Mimecast Global Threat Intelligence Report, the reliance on a few tech companies for critical aspects of the economy, the need for campaigns to report cyber breaches, the vulnerabilities in open source software, and the findings from the IBM Cost of a Data Breach Report.
Is OpenAI about to release their biggest AI project? In Episode 16 of Mixture of Experts, host Tim Hwang is joined by Nathalie Baracaldo, Kate Soule, and Shobhit Varshney. Today, the experts chat IBM's 2024 Cost of a Data Breach Report and analyze how gen AI could reduce the cost of cyber threats. Next, rumors are circulating the internet about OpenAI dropping “Project Strawberry,” what they internally reference as a “level 2” model. Are the rumors true? Tune-in for more.The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.Segments:0:01 — Intro00:52 — Cost of a Data Breach 202412:33— Project Strawberry
Israël is akkoord om verder te spreken over een staakt-het-vuren en het vrijlaten van de gijzelaars. Dat heeft het bureau van Israëlische premier Benjamin Netanyahu bekendgemaakt. Verschillende media meldden de afgelopen dagen dat Netanyahu het hervatten van de gesprekken tegenhield. Volgens Israël-correspondent David de Jong lijkt een deal heel dichtbij. ‘Maar met Netanyahu en Hamas weet je het nooit.' Van de gezochte Catalaanse ex-premier Carles Puigdemont is nog altijd niet duidelijk waar hij is. Gisteren gaf hij gepland een korte toespraak in Barcelona en keerde daarmee voor het eerst in zeven jaar terug naar Spanje. De politie had hem graag gearresteerd, maar na zijn toespraak nam Puigdemont direct de benen. 'Eigenlijk was het de toegift van een show dit al jaren duurt. Het leek een klap op de vuurpijl, maar het liep met een sisser af', zegt Sebastiaan Faber, hoogleraar Hispanistiek verbonden aan het Oberlin College in Ohio. Er wordt steeds meer data gestolen en de kosten daarvan stijgen flink. Daarom moeten bedrijven ook steeds langer herstellen van zo'n cyberaanval. Dat blijkt uit de jaarlijkse Cost of a Data Breach Report van het IBM. De wereldwijde gemiddelde kosten van een datalek liggen nu op 4,44 miljoen euro. Dat komt doordat de inbreuken steeds ingrijpender worden en de eisen voor security teams hoger worden. See omnystudio.com/listener for privacy information.
Send us a Text Message.According to IBM's Cost of a Data Breach Report, nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks emanating from the supply chain had a longer lifecycle than average.The increased costs and complexities of addressing supply chain attacks is not a surprise when you consider that these intrusions not only impact the targeted company, but the logistics, distribution and retail elements that are dragged along on this difficult and painful ride. To help dive into the factors associated with supply chain attacks and other cybersecurity challenges, we welcome Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra to the show.Watch/listen as we discuss:The three primary soft spots from which supply chain hacks emanate - software, devices and people.Why people are the most neglected of the three, and how they can be trained to identify attacks.The expanded role AI is playing in email compromises that help fuel supply chain attacks.Why IT and OT need to become more aware of each other's requirements and risks.The important role cybersecurity plays in ensuring operational reliability.The growing need for ransomware response plans, and how a national supply chain hack helped reinforce this need for all enterprises, regardless of size or sector.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies. Takeaways -Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs. -Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures. -Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit. -Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes. -The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/ajqbA9zPUbA ----------------------------------------------------------- Documentation: https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/ ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
CyberIntel - Talking Cybersecurity and Compliance (Presented by VikingCloud)
In this episode of CyberIntel, Brian Odian shares some key figures from IBM's Cost of a Data Breach Report. If you have any questions you want answered on CyberIntel, email us at cyberintel@vikingcloud.com and our experts will be in touch - we may even make it the subject of a future episode! CyberIntel provides a deep dive into the world of cybersecurity and compliance. Hosted by Brian Odian, VikingCloud's Director of Managed Compliance Services APAC, amongst other cybersecurity and compliance expert advisors, we explore the nuances of various compliance standards and the latest in cybersecurity news, trends and threats. New episodes every two weeks! CyberIntel is presented by VikingCloud. VikingCloud is leading the Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions - faster. VikingCloud is the one-stop partner trusted by 4+ million customers every day to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruption to their business.
Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2023 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
As in years past, we dive into IBM's 2023 Cost of a Data Breach Report. This annual study sheds light on the ever-evolving landscape of data breaches and provides valuable insights for organizations looking for ways to focus their efforts and money to help prevent and reduce the costs associated with a data breach. More info at HelpMeWithHIPAA.com/419
A zero-day attack of undetermined origin targets government offices in Norway. Russia accuses the US of cyber aggression. Data breaches exact a rising cost. 74% of survey respondents say their company would pay ransom to recover stolen or encrypted data. Executives and security teams differ in their perception of cyber threat readiness. Mr. Security Answer Person John Pescatore looks at risk metrics. Joe Carrigan on a new dark market AI tool called Worm GPT. And Apple issues urgent patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/140 Selected reading. Norway says Ivanti zero-day was used to hack govt IT systems (BleepingComputer) Norway investigates cyberattack affecting 12 government ministries (Record) Norwegian government IT systems hacked using zero-day flaw (BleepingComputer) Putin ally accuses US of planning cyberattacks on Russian critical infrastructure (Al Arabiya English) Cost of a Data Breach Report 2023 (IBM Security) Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments (Coveware) 2023 Cyber Threat Readiness Report (Swimlane) Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Apple fixes 16 security flaws with iOS 16.6, two actively exploited (9to5Mac) Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs (The Hacker News) Apple fixes new zero-day used in attacks against iPhones, Macs (BleepingComputer) iOS 16.6: Apple Suddenly Releases Key iPhone Update With Urgent Fixes (Forbes)
IBM Security today released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 - an all-time high for the report and a 15% increase over the last three years. Detection and escalation costs jumped 42% over this same time frame, representing the highest portion of breach costs and indicating a shift towards more complex breach investigations. According to the 2023 IBM report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of studied organisations have experienced more than one breach, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%). The 2023 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March 2023. The research, sponsored and analysed by IBM Security, was conducted by Ponemon Institute and has been published for 18 consecutive years. Some key findings in the 2023 IBM report include: · AI Picks Up Speed - AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. Organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 108 days shorter compared to studied organisations that have not deployed these technologies (214 days versus 322 days). · The Cost of Silence - Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack. · Detection Gaps - Only one third of studied breaches were detected by an organisation's own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organisations that identified the breach themselves. Elaine Hanley, Security Services, IBM Ireland, said: "Across the globe, and very similar to the UK, this report confirms what we are seeing as ordinary citizens in Ireland. Across all industries studied, customer personally identifiable information was the most commonly breached record type and the costliest. In Ireland, we are seeing a surge in phishing emails and texts in recent months. Globally, we are seeing that firms with a smaller number of employees were disproportionally affected by higher breach costs, which in the context of Ireland, means that most of the indigent industries operating here need to pay attention to cybersecurity. Globally, we saw that only about half of those who suffered a breach actually plan to invest more in their cybersecurity programme post-breach. The pandemic has accelerated digital transformation in Ireland, and although this can be seen as generally positive, it does incur additional cybersecurity risks. However, AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. So now is the time to understand the technologies and strategies that best protect your data." Additional findings in the 2023 IBM Data Breach report include: · Breaching Data Across Environments - Nearly 40% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud, and on-prem - showing that attackers were able to compromise multiple environments while avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs ($4.75 million on average). · Costs of Healthcare Breaches Continue to Soar - The average costs of a studied breach in healthcare reached nearly $11 million in 2023 - a 53% price increase since 2020. Cybercriminals have started making stolen data more accessi...
I top manager sembrano essere più pericolosi dei pirati informatici, anche perché ogni dato perso può costare molto di più di un caffè espresso al bar!E tra incidenti di sicurezza, costi nascosti cercheremo di mantenere la calma per analizzare le cose a bocce ferme.Tutti i miei link: https://linktr.ee/br1brownFonti:Cost of a Data Breach Report 2022 | IBMCybersecurity: quanto costa un dato e perché a pagare sono anche gli utenti"I top manager sono una minaccia sempre più grave alla cybersicurezza"TELEGRAM INSTAGRAM Se ti va supportami https://it.tipeee.com/br1brown
Guest post by Rob Allen, who is an IT Professional with almost two decades of experience assisting small and medium enterprises embrace and utilise technology. Worrying trends are emerging in how ransomware is being not just more narrowly targeted, but tailored and sophisticated too According to Security Intelligence, one of the top 10 most costly cyber attacks of 2022, took place in April, where ransomware crippled the US Austin Peay State University. The attack brought the university to a halt just before final exams began, reducing faculty, staff and students to personal devices to access email and other university resources. The university cancelled final exams and closed all computer labs. Ransomware: narrowing the focus for more targeted attacks It was forewarning of later attacks seen in the same sector here at home in 2023. It is becoming easier for ransomware to target specific sectors and individual organizations, with elements of artificial intelligence (AI) and automation being incorporated, adding to developments such as ransomware-as-a-service. It does not have to be the devastating strike it used to be. A combination of policies, controls and layered protections can stop ransomware, minimising damage and ensuring your business can carry on. There is little doubt that ransomware is becoming more prevalent, and more costly. Gartner reports that as many as a third of organisations globally have experienced some kind of ransomware attack. As reported by BCS, while 2022 saw a slight global fall in ransomware incidents, Europe saw a 63% increase. IBM's "Cost of a Data Breach Report" 2022 found that the share of breaches caused by ransomware grew 41% in the period and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by more than $430,000, making the global average cost of a ransomware attack $4.54 million. The volume and impact of ransomware is further multiplied by technological developments. Ransomware-as-a-service has already been observed and is well documented. Now, cybersecurity experts suspect that AI and machine learning (ML) may be deployed to increase efficacy, and perhaps facilitate automation. Automating significant elements of the ransomware process could mean an even greater acceleration of attacks, argues Mark Driver, a research vice president at Gartner. 'It's not worth their effort if it takes them hours and hours to do it manually, but if they can automate it', Driver reasons, "it's terrifying." While it has not yet been definitively identified in the wild, security expert Mikko Hyppönen has said there may be a few, highly successful ransomware gangs with the resources to hire AI talent and develop the capability. Experts see distinct patterns emerging within ransomware attacks due to these technological developments. TechTarget reports that the three sectors of media/leisure/entertainment, retail, and energy/oil/gas/utilities, accounted for more attacks than any other sectors. These ransomware attacks are increasingly tailored for a specific sector or industry, with utilities, in particular, seeing more narrowly focused methodologies, instead of the 'scatter gun' approach of old. This has led to speculation that if the trends of as-a-service platforms, and sector specific adaptation converge with embedded AI and ML, automation, , then ransomware incidents such as the Colonial Pipeline attack in the US could not only become more common, but more coordinated and effective. If such tactics and tools were to be used by a nation-state, entire sets of critical infrastructure could be at risk of crippling attacks. However, it is important to point out that while ransomware is a growing menace, it is often the final stage of an attack. Gartner's "Anatomy of a Ransomware Attack," it depicts the initial stages as ingress- through the likes of phishing, email, credentials dumps, etc, compromise followed by burrowing and lateral movement - prior to ...
On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT
On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT
On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT
336,000 servers remain unpatched against critical Fortigate vulnerability Patchless Cisco flaw breaks cloud encryption for ACI traffic Google changed its privacy policy to reflect Bard AI's data collecting Top 10 cybersecurity findings from Verizon's 2023 data breach report Ron Reiter, Co-Founder and CTO of Sentra talks data security and improving your Security Posture. Host: Louis Maresca Guest: Ron Reiter Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: discourse.org/twit cs.co/twit bitwarden.com/twit
336,000 servers remain unpatched against critical Fortigate vulnerability Patchless Cisco flaw breaks cloud encryption for ACI traffic Google changed its privacy policy to reflect Bard AI's data collecting Top 10 cybersecurity findings from Verizon's 2023 data breach report Ron Reiter, Co-Founder and CTO of Sentra talks data security and improving your Security Posture. Host: Louis Maresca Guest: Ron Reiter Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: discourse.org/twit cs.co/twit bitwarden.com/twit
In this week's episode, we're diving deep into the latest headlines in the world of cybersecurity. We kick off our discussion with an examination of the recently discovered MoveIT vulnerability that was exploited in a ransomware attack. What makes this vulnerability a prime target, and how can organizations fortify their defenses? From there, we turn our attention to the biopharma industry. As this sector increasingly becomes a hotbed for cyber attacks, we'll dissect why this industry is attractive to cyber criminals and what measures companies can take to bolster their cybersecurity. We'll also delve into the recent ransomware attack on Eisai, a leading pharmaceutical group. What lessons can other organizations learn from Eisai's experience? And more importantly, how can such incidents be prevented? Finally, we wrap up with a discussion on the financial implications of ransomware attacks. A recent study by Verizon places the median cost of a ransomware incident at $26k. But is that the whole picture? We'll explore the hidden costs of ransomware and why prevention is always better than cure. Tune in to stay informed and learn actionable strategies to protect your organization from these evolving cyber threats.
Cyber attacks are almost entirely responsible for today's data breaches, and, increasingly often, the details of these breaches are vague—leaving security experts with a growing list of questions. Sharon Nelson and John Simek talk with James Lee about the Identity Theft Resource Center's latest Data Breach Report. They discuss current trends, the challenges of nebulous data breach notices, and what all organizations should be on the lookout for in the coming year. James E. Lee is Chief Operating Officer at the Identity Theft Resource Center.
Cyber attacks are almost entirely responsible for today's data breaches, and, increasingly often, the details of these breaches are vague—leaving security experts with a growing list of questions. Sharon Nelson and John Simek talk with James Lee about the Identity Theft Resource Center's latest Data Breach Report. They discuss current trends, the challenges of nebulous data breach notices, and what all organizations should be on the lookout for in the coming year. James E. Lee is Chief Operating Officer at the Identity Theft Resource Center.
Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2022 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
In 2021, the estimated number of data compromises in the United States hit an all time high. The newest measurement of cybercrime for 2022 was just released Wednesday morning. KMOX's Megan Lynch spoke with James Lee, Chief Operating Officer of the Identity Theft Resource Center.
Host: James Hilliard Guests: Dr. Keith Nelson, Director of Healthcare Strategy, Connection Steve Nardone, Senior Director of Security & Network Solutions, Connection Tim Allen, Director of Operations and Technology, Connection The value of patient medical information makes healthcare entities prime targets for cybercriminals. According to IBM's 2022 Cost of a Data Breach Report, the average cost of a healthcare data breach is $10.1 million, the highest across all industries. With many healthcare providers expanding beyond the four walls into remote and virtual care, now is the time evolve your organization's cybersecurity posture. Hear from our cybersecurity and healthcare experts on what measures will help you better protect your patients' data and healthcare practice. For additional cybersecurity resources, visit: https://www.connection.com/cybersecurityawarenessmonth. Thank you for listening. You can hear us on Apple Podcasts, Amazon Music, Spotify, and Podbean. Follow Connection on Twitter, Facebook, Instagram, YouTube, LinkedIn, or read our latest insights.
In this episode, we discuss the IBM Security Cost of a Data Breach Report 2022. It's actually a really interesting report that goes into some detail on how much a Data Breach costs, and what things you can do as a defender to drive those costs down (and what things you're doing that increase those costs!) We break down some of the high level statistics, and then we discuss what are the top things you can be doing to drive down the costs if your company gets breached. Highly actionable information in here. Report Link - Cost of a Data Breach Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!
The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: IBM's and Ponemon's annual Cost of a Data Breach Report summary, analysis, and implications for healthcare Updated NIST guidance on HIPAA compliance approaches and expected practices Facebook (Meta) and healthcare providers targeted with multiple lawsuits over health data privacy practices GAO report warns of catastrophic financial loss due to cyber insurers backing out of covering damages from cyberattacks $100m cost reported for Tenet Healthcare's 2022 cyberattack Major breaches with healthcare vendors OneTouchPoint and Avamere impacting more than 1.5m people Cloud Security Alliance weighs in on third-party risk management in healthcare Large-scale cyberattack campaign targeting over 10,000 organizations in phishing and financial fraud scheme HHS Health Sector Cybersecurity Coordination Center alert about an increase in web application attacks on the healthcare sector New ransomware task force report targeting government interventions to disrupt ransomware attacks OCR issues 11 new financial penalties over HIPAA Right of Access failures
Ben Taylor, Executive Director of Cannabis ISAO, channels his inner Wolverine and makes his third stop on the Gate 15 podcasts as he joins Andy to talk about all things Cannabis as well as the collaborative effort to publish a joint security analysis around the Hard Reset. Dave then joins Andy to talk about recent cyber reporting and the value that they provide to organizations as they go beyond the numbers. Ensuring the episode hits key all-hazards, Andy and Dave discuss monkeypox and the lessons that can be applied from COVID that can help individuals and organizations make responsible, risk-informed decisions. Cannabis ISAO: Cannabis MSO Shares Cyber Threat Report: https://cannabisisao.org/2022/07/directors-cut-july-1-2022/ Risky Biz News, with Catalin Cimpanu (everyone with interests in cybersecurity should be subscribed to this), from 06 Jul 22: https://riskybiznews.substack.com/p/risky-biz-news-china-faces-its-first Cannabis ISAO on the Hard Reset: https://cannabisisao.org/2022/07/directors-cut-july-15-2022/ Andy's tweet on the Hard Reset report: https://twitter.com/andyjabbour/status/1550252329378713602?s=21&t=Kbwk6HAVKIkKf7xGrRUXrQ Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde. https://gate15.global/nerd-out-security-panel-discussion-ep-27-the-hard-reset-and-uvalde/ Cannabis ISAO website: https://cannabisisao.org Cannabis ISAO blog and Director's Cut posts Ben's previous pods Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO! https://cannabisisao.org/home/blog/ The Gate 15 Interview: Ben Taylor, on Cannabis ISAO, Cannabis Industry security, cybersecurity, rescue dogs and more! Monkeypox WHO Director-General's statement at the press conference following IHR Emergency Committee regarding the multi-country outbreak of monkeypox - 23 July 2022 CDC Monkeypox Statement from Raj Panjabi, Director of White House Pandemic Preparedness Office, on World Health Organization Declaration on Monkeypox FACT SHEET: Biden-Harris Administration's Monkeypox Outbreak Response IBM Cost of a Data Breach Report Proofpoint State of Phish Report SEKOIA.IO Mid-2022 Ransomware Threat Landscape ENISA Ransomware: Publicly Reported Incidents are only the tip of the iceberg & ENISA Threat Landscape for Ransomware Attacks. Kim Milford, Executive Director, REN-ISAC interviewed in How Are K-12 and Higher Education Faring Against Ransomware? Andy's thread with KELA and noting The Record: Ransomware group demands £500,000 from British schools, citing cyber insurance policy The Gate 15 Interview: Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more! Homeland Security Today: hstoday.com
IBM reports on the cost of a data breach. Personal apps as a potential business risk. Over on the dark side, there's help wanted in the C2C labor market. An employee engagement study reaches predictably glum conclusions. Betsy Carmelite from Booz Allen Hamilton on reducing software supply chain risks with SBOMs. Our guest is Elaine Lee from Mimecast discussing the pros and cons of AI in cybersecurity. And Why so much attempted DDoS, but not so much ransomware? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/143 Selected reading. IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High (IBM Newsroom) Cost of a Data Breach Report 2022 (IBM Security) Netskope Threat Research: Data Sprawl Creating Risk for Organizations Worldwide as Personal App Use in Business Continues to Rise (PR Newswire) Financial Incentives May Explain the Perceived Lack of Ransomware in Russia's Latest Assault on Ukraine (Council on Foreign Relations) Tessian | 1 in 3 Employees Do Not Understand the Importance of Cybersecurity at Work, According to New Report (RealWire)
Guest post by Will North, chief information security officer, MHR International The days when security was only important to financial services and defence organisations are long gone. With the substantial increase in data breach fines in light of GDPR and the devastating operational impacts of ransomware on organisations – from local councils and retailers to oil pipelines – information security is now a major concern for organisations across all industry segments and sizes. The cost of failure can be substantial. The influential IBM Cost of a Data Breach Report 2021 put the global average cost of a ransomware breach at $4.62m, which excludes the ransom. The war in Ukraine has intensified threat levels significantly, with governments around the world warning of an increased risk of cyber-attacks from Russia. Boards are asking more questions than ever about security and want answers in a language they can understand – profit and loss. Many years ago, the IT Director had to add security to their responsibilities, with specialist cyber-knowledge residing with a relatively junior member of the team. This meant information security focused primarily on technical IT solutions. There were often insufficient resources to fully understand the security posture of the organisation and how to improve it. Nobody senior had the job of driving the security agenda against the operational objectives of the wider business. This legacy operating model often failed to pacify the concerns of the board. Birth of the modern CISO This gave birth to the modern CISO with completely different responsibilities. Steve Katz, generally regarded as the world's first CISO, was appointed by Citicorp in the US in the mid-1990s, following a serious hack. He defined the role, believing he must understand the business and the risk it faces so he can put its requirements first. As the CISO's role has evolved, their key responsibility has become to articulate the security risks across the business in financial terms and demonstrate the value of improving security against competing operational demands. For example, why is a €50k piece of security software better value than recruiting another member of staff? A CISO has to make the case and be prepared to stand by their judgment. As well as improving security, the much harder task for a CISO is to understand when and where it is acceptable to reduce security to increase business efficiency. Security is easy if you want to stop an organisation operating, but balancing security, cost and operational efficiency is a fine art that takes skill and experience. The CISO's role is often multi-faceted now. The explosion of investment in cyber-security technology means CISOs must keep up to date with new propositions from vendors, while at the same time supporting their own organisation's sales function. With security a key factor when choosing a supplier, the CISO must demonstrate to prospects that their organisation is the right choice to protect business-critical services and data. The CISO must have soft skills and business acumen These responsibilities mean that a completely different skillset is required. The CISO needs great interpersonal skills to understand, engage and persuade other people within the business. They need effective communication skills to make their case to the board, who may have little security or IT knowledge. In addition, today's CISO needs experience of building and retaining high-performing teams, allied to a solid understanding of finance to appreciate the value vs cost of security. Business acumen is becoming as important, if not more important, for a CISO, as knowledge of security itself. To what degree largely depends on the size of the business. For larger organisations, it is the role or the security team to understand where the gaps are and what they need to do to address them. The CISO's job is to explain to the board why they should release the funds so the team can implement the righ...
The overall number of data compromises is up 68% over 2020. Now, more than ever, attorneys must take action to protect themselves and their law firms. John Simek and Sharon Nelson welcome James E. Lee of the Identity Theft Resource Center to discuss the findings of his organization's 2021 Data Breach Report. James discusses common root causes of data breaches and explains how prevention tactics and data security services can help lawyers avoid and/or deal with a data compromise. James E. Lee is the chief operating officer of the Identity Theft Resource Center. Special thanks to our sponsors CaseFleet, Clio, and PInow.
The overall number of data compromises is up 68% over 2020. Now, more than ever, attorneys must take action to protect themselves and their law firms. John Simek and Sharon Nelson welcome James E. Lee of the Identity Theft Resource Center to discuss the findings of his organization's 2021 Data Breach Report. James discusses common root causes of data breaches and explains how prevention tactics and data security services can help lawyers avoid and/or deal with a data compromise. James E. Lee is the chief operating officer of the Identity Theft Resource Center. Special thanks to our sponsors CaseFleet and PInow.
During this 15-minute IT break, join our experts for a discussion about the cost of a data breach report 2021 in Canada. Guest experts: Vivienne Suen, Cybersecurity Architect – IBM John Beal, Security Channel Manager, Partner Sales - IBM
Host Tom Foley invites back Juergen Bayer, Senior Security Adviser for HP to discuss the unique challenges of cybersecurity in healthcare. Also a review of IBM's 2021 Cost of Data Breach Report. And they explore options to protect the enterprise when implementing remote patient monitoring. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play HealthcareNOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen
Links: Cost of a Data Breach Report: https://securityintelligence.com/cost-of-data-breach-bottom-line/ Got its ass handed to it in a security breach last week: https://threatpost.com/Godaddys-latest-breach-customers/176530/ Millions of Brazilians: https://www.zdnet.com/article/millions-of-brazilians-exposed-in-wi-fi-management-software-firm-leak/ “You can now securely connect to your Amazon MSK clusters over the internet”: https://aws.amazon.com/about-aws/whats-new/2021/11/securely-connect-amazon-msk-clusters-over-internet/ “AWS Security Profiles: Megan O'Neil, Sr. Security Solutions Architect”: https://aws.amazon.com/blogs/security/aws-security-profiles-megan-oneil-sr-security-solutions-architect/ AWS Security Profiles: Merritt Baer, Principal in OCISO: https://aws.amazon.com/blogs/security/aws-security-profiles-merritt-baer-principal-in-ociso/ Super important things to know: https://github.com/SummitRoute/aws_breaking_changes/issues/56 Permissions.cloud: https://aws.permissions.cloud/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: “Security is Job Zero” according to AWS. Next week I'll have a fair bit on that I suspect, since this week is re:Invent. Let's see what happened before the storm hit.IBM put out its annual Cost of a Data Breach Report which is interesting, but personally I find it genius. This is how you pollute SEO for the search term ‘IBM Data Breach', which is surely just a matter of time if it hasn't already happened.Speaking of, GoDaddy effectively got its ass handed to it in a security breach last week. We found out of course via an SEC filing instead of GoDaddy doing the smart thing and proactively getting in front of it. Apparently they were breached for at least two-and-a-half months, nobody noticed, and 1.2 million people got their admin creds stolen. I can't stress enough that you should not be doing business with GoDaddy.And to complete the trifecta, ‘Millions of Brazilians' is a fun thing to say unless you're talking about who's been victimized by an S3 Bucket Negligence Award; then nobody's having fun at all.The AWS security blog had a few things to say. “You can now securely connect to your Amazon MSK clusters over the internet.” Wait, what? What the hell was going on before? Were you unable to access the clusters over the internet, or were you able to do so but it was insecurely? This is terrifying framing.“AWS Security Profiles: Megan O'Neil, Sr. Security Solutions Architect.” I really dig these! The problem is that the AWS security blog only really seems to put these out around major AWS conferences when there's a bunch of other announcements. I'd love it if more of the AWS blogs would do periodic “The faces, voices, and people that power AWS” profiles because I assure you, most of the people building the magic never take the stage at these conferences.There was another profile of Merritt Baer. Who is a principal in the office of the CISO, and she's an absolute delight. One of these days, post-pandemic, we're going to try and record some kind of video or other, just so we can name it “Quinn and Baer it.”Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals: having the highest quality content in tech and cloud skills, and building a good community that is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. It's both useful for individuals and large enterprises, but here's what makes this something new—I don't use that term lightly—Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks, you'll have a chance to prove yourself. Compete in four unique lab challenges where they'll be awarding more than $2,000 in cash and prizes. I'm not kidding: first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey—C-O-R-E-Y. That's cloudacademy.com/corey. We're going to have some fun with this one.Corey: And of course, “Macie Classic alerts that derive from AWS CloudTrail global service events for AWS Identity and Access Management (IAM) and AWS Security Token Service (STS) API calls will be retired (no longer generated) in the us-west-2 (Oregon) AWS Region.” See, that's one of those super important things to know, and I hate how AWS buries it. That said, don't use Macie Classic because it is horrifyingly expensive compared to modern Macie.And from the tools and tricks area, I discovered permissions.cloud last week and it's great. The website uses a variety of information gathered within the IAM dataset and then exposes that information in a clean, easy-to-read format. It's there to provide an alternate community-driven source of truth for AWS identity. It's gorgeous as well, so you know it's not an official AWS product.And that's what happened in AWS security. Thank you for listening. I'll talk to you next week if I survive re:Invent.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.
Was kostet eine Datenschutzverletzung? Aufschluss gibt der Cost of a Data Breach-Report des Ponemon-Instituts in Kooperation mit IBM. Der jährliche Bericht bietet Einsichten aus über 500 echten Verstößen und hilft Unternehmen damit, Cyber-Risiken besser zu verstehen. Darüber diskutiert Dr. Angelika Steinacker, CTO Identity & Access Management, IBM Security Services EMEA, mit Klaus Hild, Manager Enterprise Sales Team DACH, SailPoint.
L'attività economica nell'area euro tornerà al livello pre-crisi nel primo trimestre del prossimo anno, ma c'è ancora parecchio cammino da fare prima che i danni economici causati dalla pandemia siano ripianati. E' quanto scrive la Banca centrale europea nel suo quinto bollettino economico per il 2021. Secondo la Bce, “il numero dei beneficiari di misure di integrazione salariale è in calo, ma resta elevato”. Nel complesso, prosegue l'Istituto Centrale Europeo, “si registrano ancora 3,3 milioni di occupati in meno rispetto al periodo antecedente la pandemia, soprattutto fra i più giovani e i lavoratori meno qualificati”. Il presidente dell'Abi, l'Associazione delle banche italiane, Antonio Patuelli, spiega, in un'intervista, che, dagli ultimi stress test effettuati dall'Eba ( l'Autorità bancaria europea), emerge un quadro in cui le banche italiane hanno evidenziato miglioramenti sia a livello nazionale, che internazionale. Secondo la stima preliminare presentata dalla Confagricoltura, i cui tecnici sono al lavoro con le Regioni per eseguire i rilievi sui territori, al fine di quantificare le conseguenze degli ultimi eventi calamitosi, la somma dei danni causati dal maltempo ai mancati raccolti ed alle strutture potrebbe arrivare a due miliardi. Confagricoltura ricorda che “l'agricoltura è il primo settore economico a subire le conseguenze del clima, soprattutto in questa stagione, con frutta e ortaggi pronti per essere raccolti dopo un anno di lavoro e di investimenti”. Le violazioni dei dati costano alle aziende 4,24 milioni di dollari in media per ogni incidente: costi che, per il settore sanitario, raggiungono i 9,23 milioni di dollari ciascuno. Lo rivela l'ultimo Cost of a Data Breach Report di Ibm Security. Lo studio si basa su un'analisi di reali violazioni di dati subite da oltre 500 organizzazioni. Ascolta “Economy News” a cura di Marco Veneziani, ogni giorno su www.giornaleradio.fm oppure scarica la nostra app
Every year we cover the most recent report released on the cost of a data breach. No surprise from this year's report that the cost continues to rise. And healthcare breaches cost the most across all industries. Listen in as we go through IBM's Cost of Data Breach Report 2021. More info at HelpMeWithHIPAA.com/316
The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Analysis of IBM's new 2021 Data Breach Report including: Impacts to healthcare organizations Healthcare's breach costs and benchmarks against other industries HIPAA compliance implications for breach costs Cloud security breach trends Top sources of breaches and highest risk security domains Ways to reduce breach costs with targeted investments Nine critical vulnerabilities identified for the “Pwned Piper” medical device vulnerability issue and related recommendations Details of President Biden's proposed $9.8b cybersecurity budget President Biden's commentary on the likelihood of cyberwars leading to physical wars The new cybersecurity memorandum released by the White House this week Trends and predictions for new federal and state cybersecurity regulations targeting healthcare
[Following is an automated transcript of show #1114 aired on weekend of 2021-05-22] Craig Peterson: Hi everybody.Craig Peterson here. We're going to start out with a couple of Tesla articles in the news this week. These things are really not self-driving. I don't care what Tesla calls them and some problems people got themselves into. [00:00:21]Tesla has had all kinds of news. And sometimes I wonder what is happening here? [00:00:28] Is this Elon Musk, just trying to get a little bit more notoriety? I don't think so. Because there have been so many negative articles out there. One of the reasons I would be extremely hesitant to buy a Tesla has to do with the door handles. Something as simple as the door handles, you probably know for a decade, I was a volunteer in our emergency medical squad here and was doing paramedic work for anybody that needed it. [00:00:59]No charge. I wasn't charging the town wise, but. It was something where I got to see a lot of accidents and sometimes I was first on the scene, beat the fire department there sometimes even beat the police department there, although there were normally their first because they're out on the road and I'm at home in bed asleep in the middle of the night. [00:01:19]I saw, as you can imagine some horrific things and all of you guys that are first responders listening, you've seen some just terrible things as well. And one of the things that really bothers me about the Tesla are the handles. The door handles the outside. Door handles to be a little more specific. [00:01:38] Tesla has had some amazing crash tests. I don't know if you've seen them, but these Tesla cars broke the testing gear over the national highway transportation safety board. They had to come up with new tests because these Tesla cars just. Took those crashes and did extremely well. And seeing what Elon Musk's company space X has been able to do with these rocket ships, they have mastered the art of having a computer kind of predicted. [00:02:10] What is going to happen in various circumstances. So it wasn't a huge surprise for me to see that they said, Hey, yeah, you're in a car accident. One of these things that these cars were scoring at 11, a 12 out of 10, they were just that good. But the problem I have with that handle is exemplified by an attorney. [00:02:33] I think he was out in Los Angeles, who was in an accident. And I remember in the Tesla cars and all of these electric cars, there are batteries. And the batteries are typically some form of lithium ion, and there's a lithium glass. That's under development, all kinds of cool stuff going on with those batteries. [00:02:51] But the reason they're using them is that they hold a huge charge because you don't want to just go 79 miles on a charge. Most of the time you don't. One of the reasons I'm not real fond of electric cars is when I'm going for a drive, I'm going for a drive, right? We'll drive to Florida. [00:03:10] We'll drive to the middle of the country. We'll go up to Montana to British Columbia. So a lot of people are saying, okay, so you just go ahead and you get a gas powered vehicle for that type of driving, and then you can use an electric car for most of your driving. So if most of the driving that they're talking about is the number of times I get into the car. [00:03:31]Then that would work, cause most of the time or money into the grocery store or running an errand here or there. So an electric car probably would be okay for that now. I have gotten many times before into the science behind electric cars and how they are nowhere near as green as even diesel vehicles are nowhere near. [00:03:53] When you consider the entire life cycle, the manufacturing all the way through how many miles you can get out of these things. But the concern with this attorneys' crash was that the batteries were damaged in the crash. And you can imagine what that means, right? You get rear-ended, you get hit in a certain way that battery pack is impacted. [00:04:17] Things can happen. And our friends over at MythBusters back when they were still on TV, did a little test on this. They built a rig in the back of a garbage truck, because there were stories about these garbage trucks getting caught on fire and catching on fire. And the theory was while it's lithium batteries. [00:04:39] And we're talking about small ones, they're the type that you have in a small cell phone. So they built a rig in the back of the truck, the garbage truck. And the strapped a lithium-ion battery to the front of this rig, which was a wedge, right? Cause they wanted to make sure that it bent and bending that battery now, cause day short, remember these batteries are designed to hold as much power as they possibly can. [00:05:07]If you have a short circuit inside of battery, what's going to happen. Think about a, an old light bulb, the Edison bulbs that we had for over a hundred years, and those bulbs had a filament inside. And that filament, when it was heated up, what did it do? It. God gave us light and it also gave us heat. [00:05:28] The heat is the problem here because our MythBusters friends were able to get that battery to ignite in that rig. And of course it ignites inside a trash truck. Remember trash trucks are always compacting everything. If it goes ahead and ignites inside that maybe you catch the trash on fire. In fact, they were able to get it. [00:05:49] To catch on fire. And this attorney's Tesla caught on fire in the accident. Now, when you have passers by who see an accident, usually they'll stop and they'll try and help. We're that kind of thing. People were all good Samaritans, at least almost all of us. And I have no remember remembrance at all of it, a single car accident where I got there. [00:06:13] And there was no one there. Sometimes it was just the police officer, but there's always someone who tries to stop. So these people who stopped to try and help this guy who was in his Tesla could not open the doors. And the reason was that the Tesla has these recessed handles. Yeah. They look cool. GM. [00:06:34] A lot of the GM vehicles have had those handles over the years. And again, it's not something I would drive because of that. There's nothing to grab onto because sometimes in an accident you need to pry that door open and by prying it open, grab a handle a good solid handle and pull hard on that handle. [00:06:57] And if you can pull hard on that handle, you can open that door sometimes if it's just that the frame's bent a little bit and you can get that person out. And in this case, that attorney was not able to get out of that car. That battery was damaged and the battery heated up and caught on fire. And we'll leave it at that. [00:07:19] You can imagine what happened. So the Teslas have done very well in crash tests, but. They have not done well when the batteries are damaged in a certain way. And that's why I have a bit of an issue with it. But we got two articles in the news this week. This first one's from Reuters and that'll be in the newsletter that comes out on Saturday, but a Tesla driver was killed in an accident out in California. [00:07:46] And this guy was one of these tick tock people, tick tock, that's that website where you can put up these short videos. And oftentimes there's a theme. There's a whole series of themes. People, post videos using the same music or whatever it might be. And he had posted videos on what a beard to be his Tik TOK account in which he was driving with this hand off the route, the wheel. [00:08:14] Now you can obviously take your hands off for a second or two and almost any car. And I don't know that I would consider that safe, it, it happens and it's happened before, but he was posting these pictures and praising Tesla's self driving. In fact, he said full self-driving features. May 5th and Tesla model three crashed into an overturned truck on a highway in Fontana, California, if Southern California, nowhere Fontana is there. [00:08:46] You might anyways. And that crash, of course, as I mentioned, killed the Tesla driver, injured the truck driver and a motorist who had stopped to help him. So again, we're seeing the problem with these self-driving features. And you might remember a few months ago, I was talking about a little study that was done. [00:09:09] They made police cars out of a balloon. It was just a big blow up car. That was a balloon. And they put it part way in a lane, just like a police officer might stop someone and being partially in the lane. And then they had different self-driving cars or cars that had, the autonomous semi-autonomous mode the follow behind mode, et cetera, go down that road and see what happens. [00:09:34] And they kept hitting the cop. In this case, we're talking about an overturned truck on a highway. And apparently Tesla got it wrong. The associated press was citing. The police saying preliminary investigation determined that the Tesla's driver assistance system autopilot was engaged prior to the crash. [00:09:58] And. I've got a problem with them calling it an autopilot because it isn't, it's not like an airplane where you engage the autopilot and then you just keep a basic eye on things. People are treating it like it's an autopilot as in you can go to sleep. And when we come back here in just a minute, I'm going to talk about something just like that with another Tesla driver. [00:10:21] So there's no final determination as to what driving mode the Tesla was in. But there's a couple of videos of him driving with his hands off the wheel, posted on his alleged Tik TOK account, 35 year old, Stephen Hendrickson running Springs in California, and a couple of quotes from him. What would I do without my cell driving? [00:10:43] Excuse me, full self-driving tests. After a long day at work, he said, I messaged them. One of them coming home from LA after work. Thank God. Self-drive best car ever. So when we get back, we're going to talk about this a little bit more. What are people doing with Teslas and what should we be doing? Where are we going? [00:11:05]Frankly, I think we're jumping the gun here. Hey, you're listening to Craig Peterson. You'll find me online@craigpeterson.com. [00:11:13]And we were just talking about Tesla, my biggest fear with Tesla, the biggest problem as I see it, the reason number one reason I won't buy a Tesla. Which has to do with the door handles and not being able to use them to easily pry out a door and occupant of the vehicle because yeah, they're supposed to pop open. [00:11:38] Yeah. They're supposed to open, but in this particular case I'm talking about, they just did not do it, which is a real problem. Very problem. The national highway traffic safety administration has been investigating. This is according again to Reuters, more than two dozen crashes of Tesla vehicles, including this Fontana crash and a high profile crash in Texas last month that killed two men. [00:12:06] Since 2016, at least three Tesla vehicles operating on autopilot have been in fatal crashes. Two involving a Tesla car driving beneath a semi-truck in Florida. The U S transport safety board said Tesla's autopilot system failed to properly detect a truck as it crossed the car's path, contributing to the accident. [00:12:29] Also caused by a lack of driver attention and an adequate driver monitoring system. Now you can't say three or four crashes of a Tesla where there was a death involved represent much without knowing how many miles are being driven. It's like people saying yeah, it's way safer to fly in an airplane than it is for you to drive your car. [00:12:57] And yeah, if you're talking about miles driven, that's very true. The airplane is safer than the car and yeah, at this point it actually looks like these Tesla cars might well be safe for then a car operated by human. It is borderline. You could argue some of the statistics I've seen them argued both ways, but it's not a bad vehicle from, from the general safety standpoint. [00:13:27] But as I said, we've got another Tesla story this week, and this is from a guy his name's param Sharma 25 years old lives out in middle California and in the Bay area. And he has been arrested twice and he was booked into the Santa Rita jail on counts of reckless driving and disobeying an officer. So what was happening? [00:13:55] What was he doing? He apparently was driving his Tesla the back seat. Yeah. Yeah, absolutely. It's absolutely incredible. So this is an interesting one, too. This is a KTV you Fox two reporting. You said perineum Sharma met KTV use Jesse Gary in San Francisco, Wednesday afternoon. Not far from his mother's high rise apartment. [00:14:24] After getting out of jail on two counts of reckless driving, he pulled up sitting in the back seat of a Tesla with no one. In the driver's seat when asked to be purchased a new Tesla after the previous one was impounded, he said, yeah, I'm rich as beep. I'm very rich. I feel safer back here than I do up there. [00:14:46] And that was him sitting in the right rear passenger seat of his Tesla being interviewed by the Fox affiliate TV station there in San Francisco. It's absolutely amazing to me. And he's saying how he's been brake checked before, which of course is something way more in California than you would out here in Northeast where I live. [00:15:11] And that's where somebody slams on their brakes. Who's in front of you. Cause they don't like what you're doing. And he says, Oh, my Tesla came to a complete stop. Tesla's CEO really knows what he's doing. I think people are tripping and they're scared. It's incredible. The police officer that had arrested him said that he was sitting in the rear seat driving quote unquote, the Tesla. And when the police officer pulled him over, he climbed up into the driver's seat in order to stop the car, the guy even posted a video. Saying, I just got out of jail already got another Tesla. You feel me? I'm rich like that. It came out of the pandemic, a beeping millionaire and some more swear words that I won't repeat here. [00:16:01] So the CHP California highway patrol spokesman told Vice's motherboard. It's just a website covers a lot of tech. That it's recommending charges to the district's attorney's office and conducted a thorough investigation that will consider the possibility of previous incidents and pop, obviously his social media. [00:16:21] So here's your problem. According to Tesla, autopilot is a hand on driver assistance system. It's intended to be used only with a fully attentive driver. And I mentioned some of the problems that Tesla has been known to have consumer reports has also reported. This is just last month that Tesla's driver monitoring system not only failed to make sure the driver was paying attention, but it also couldn't tell if there was a driver there at all. [00:16:57] Obviously if it could tell there is a driver there, it wouldn't have been able to be driven, quote unquote from the back seat. Tesla's full self-driving system has more capabilities, but again, this is from Tesla, both autopilot and full self-driving capability are intended for use with a fully attentive driver who has their hands on the wheel and is prepared to take over at any moment. [00:17:24] Cadillac came out with a system. I liked this idea where it vibrates. If it notices that you're not paying attention, it'll vibrate, your seat. Some of these vehicles will vibrate your steering wheel. Just wake you up. Hey, wake up. There's various levels of autonomy. [00:17:42] Level five is. You don't need a driver at all. And Elon Musk says that he expects Teslas will be available at the end of this year, perhaps in 2022, that we'll have full what's called level five automation, which means they can drive without any human attention. The California DMV says the Tesla's director of autopilot software told regulators that Musk's predict and timeline does not match engineering reality. [00:18:16] Okay. So again, the it's somebody on the marketing side, that's overselling things a little bit, or maybe a lot a bit. I don't, I really don't know, but. They do have permits in California to operate these vehicles in full autonomous mode, as long as there's human backup drivers. And I think it's good. [00:18:36] I think we're moving forward and the investigations into these crashes are going to make us, I think, ultimately a lot safer. So let's say that there's a crash where the human at a wheel of a normal car they'll then investigate, they'll say it was at a human's fault. And then insurance companies kick in and payments are made maybe a driver's license is suspended or removed from that. [00:19:03] Person, but when we're talking about an autonomous vehicle, like a Tesla, when they do the investigation and they find a flaw in the assumptions made by the programmers, their software, that's in the computer, that flaw. Is probably fixable, which means that type of accident will probably not happen again. [00:19:27] And that's where I'm looking at it and saying these ultimately are going to make our roads safer. Cause hairy men make a mistake and Harry May not make that mistake again. But Mary May make that mistake when she's out driving. But if the slow car has an accident, they fix the problem. Teslas are probably not going to have that accent again. [00:19:50] So I'm looking forward to this in the future on not sure it's going to be this year, maybe next. Make sure you're on my newsletter. Craig peterson.com/subscribe. [00:20:01]I've been talking about this Tesla driver, and I just absolutely loved this. Cause I, I did a little searching on him. I went to duck, go and poked around a little bit to find out who is the sky, this Sharma guy who's driving from the back seat. And remember he says, he's rich as bleep. [00:20:20] And so he doesn't care that his car was impounded. He just went out and bought another one. His money apparently comes from his parents who apparently were in the banking business. And then he Rose to fame during the whole lockdown because he was posting videos of him driving his Tesla. From the back seat and making all kinds of outlandish statements. [00:20:48] That's how he got rich. And the rest of us, what are we doing? We're busting ourselves, trying to get everything done that we can possibly get done and hoping people notice, oh man. I guess frustrating. Sometimes every year. Verizon publishes some cybersecurity stats. And I absolutely love these. [00:21:09] I pay attention to them. I read them from cover to cover because they are absolutely. Correct. This is their 2021 data breach investigations report. And it helps me to understand what's happening out there in the world. And of course I follow the news stories every week and it also lets me know information about the surveys that they have done with business owners and it executives and everything else. [00:21:41] So they came out with some new stats I would expect. That there was a change because so many people were working from home. And to me it would seem obvious that with people working from home on computers, that probably are not properly secured, they're probably in properly using VPNs that we would see an increase in ransoms. [00:22:08] Now we know that we did right. 300% increase last year because of people working from home and businesses, just not having things set up properly. And that makes sense. Cause most businesses, they, it's not their business to do cybersecurity. They're just trying to stay in business. I had a meeting this week with one of my clients, a longterm client he's been climbed for, I don't know, 25, 30 years. [00:22:34] And it was interesting to me to get his perspective. In fact, it was very informative because I live and breathe this cyber security stuff. He doesn't, and he has. Concern about cybersecurity. It would be inconvenient to have ransomware in his mind because he has a lot of stuff on paper and I could maybe use the backups. [00:23:01] Now we were keeping reminding him, Hey, you're doing the backups yourself. You don't have us doing them where we automatically, at least once them once a month. We start your systems from backups. We do that in the cloud. We have our own little cloud. We don't do this up on like Amazon or anything, but we do it locally. [00:23:22] And that way we know the backups. Good. Because if we can start your machines up in our little cloud, we know that we got a good backup. He has never tested his backup. We had, we had another client like that. And when we picked them up as a client, we went in and they were taking home hard desks every day, religiously, just like this guy is. [00:23:45] And so he they would take the desks, bring in Monday's desk, plug it in Monday morning and leave it plugged in all day. So the backup would go on to that desk. And then Monday night he would take that disc home and then Tuesday he'd bring in Tuesday's desk. Now there's a lot of problems here. One is they never tested it ever. [00:24:12] And they'd been doing this for least 18 months prior to us getting there, because that was the advice or somebody, somebody said, yeah, all you have to do install the backup software and. Plug in your disc every week. So number one, it had never been tested, right? You got to test these things end to end. [00:24:29] You have to do full restores, which they weren't doing. The other thing that is a problem with these USB drives is you plug them in. Are they really working? How many errors are on that drive? Are you even checking the logs from the backup software? So they had a server, in fact, in both cases and all that, I think of it, they had a server and it had a raid array. [00:24:54] It had three drives and a raid five configuration. For those of you who know what that means. And basically what that means is you could lose one drive and you'd still be okay. So the idea is that drive goes bad. You replace that drive, you re silver the whole thing and then you're off and running again, so you can lose another drive and you'd be okay. [00:25:18] But in both cases, both of these businesses had a bad drive in the raid array. And they didn't notice it. They didn't know. And at least in this other customer they had never ever checked to see if their backup was working and in the second customer. So in both of them, they never checked. [00:25:39]And they said, so how much would you charge us to. Verify it. And we said we'd want to spin it up. And that means you have to copy everything. We'd have a bunch of bench time, so it'd be 500 bucks and we'll make sure your backups are working. Oh no, we can't. We can't do that. We can't pay them 500 bucks, so who knows still, we don't know if the backups working. They think that they could recover from paper, that ransomware isn't going to be so bad and extortion doesn't matter. My head just spins with this stuff. It really does. It just spins. So looking at the variety doesn't report that comes out the data breach investigations report, they are seeing that ransomware, phishing and web application attacks all increased during this last year. [00:26:27] And they also found that 85% of the data breaches involved. Human interaction. So what that means is you and I doing some stuff that maybe we shouldn't be doing, and some of this human interaction is installing malware, right? From fishing activity, where they're sending out these emails. A day, doesn't go by where I don't get an email every day. [00:26:56] I get emails that are saying what's the biggest one right now. I've been getting Oh, it has to do with some signature software. I'm not going to name them because I don't want them to get in trouble. Cause I got a decent software, but it's a big deal. Okay. A very big deal. So they're saying that the median financial impact or so do you know what median is mean? [00:27:18] Median and mode? Median and financial income pact of a breach last year was about $21,000 95% of the incidences incident. Costs the businesses somewhere between $826 and $653,000. Okay. So many breaches they say did not cause losses. And those that did cause losses. This is where it really gets big. [00:27:50] Okay. 95% of the computer data breaches led to losses as much of 1.6 million. So it's getting expensive. So what do we do? How do we deal with this? I talked about this before you need to improve your windows, privacy and security. You need to harden your windows. You need to get good firewalls. And I talked about it this week. [00:28:14] Again, you need to use something like open DNS, which is, it has a free version. There are paid versions, but this is going to get you. A long way towards being safe, open dns.com. That's where you find them online. If you can't remember you can't run it down. Just email me M e@craigpeterson.com. Ask your question and I'll be glad to point you in the right direction. [00:28:41]I was just talking a little bit about the Verizon data breach, their incident incidents report. And I wanted to just bring up one other bit of data. And that is that the attacks that are going on are actually simpler. They're not as complex as the old ones and phishing attacks are now going hand in hand with the use of stolen credentials. [00:29:09] What are stolen credentials while it is information that has been stolen from another website, typically? Now might be as stolen from your business. And so they know what your password is because they have all of the passwords in the business you're working for. But more often they're doing something called credential stuffing. [00:29:32] So they're going to the dark web and let's say they want to attack colonial pipeline, which of course just happened. And colonial pipeline has their URL that all of their email is sent to. What they end up doing is they go to the dark web and they find. Credentials for people that have a colonial pipeline, email address, and those credentials are going to include things like your password on that website. [00:30:04] Now, what happens is. They stuff that username and that password in as many sites as they can. So let's say they found that you're using Microsoft remote desktop, and maybe there's a zero day bug as there are many bugs in that software that people haven't patched yet. So they'll just use that to get on, but if they can, let's say you patched it and they found your email address and use over on website X. [00:30:35] That has nothing to do with colonial pipeline. What they can then do is take that username, which is that email address and that password and try it at colonial pipeline. And guess what? It works more than 60% of the breaches involved, credentialed data. And 95% of organizations that we're experiencing this credential stuffing attack had to between 637 and 3.3 billion malicious login attempts throughout the past year. [00:31:14] We see them all the time. We have a couple of internet facing servers and those servers we log when someone tries to log in and if they try and log in more than four times immediately, they are blocked at the firewall. So they can't even connect to the server anymore, period at all. And that stops this type of attack. [00:31:39] So I'm sitting here. I'm actually, I was literally scratching my head because I cannot figure out how can you have 3.3 billion malicious log in attempts at one business over the course of a year and not do something about it. Not have them automatically blocked. This is just crazy because credentials are the key that the bad guys can use to get into the network. [00:32:13] And they're not just using them to do ransomware into somewhere like colonial pipeline. They're using those credentials to go to your bank account. Yeah. So you, most people are using the same email I'll address as a credentials, which is ridiculous. I can't believe businesses are letting people use an email address as their login username, but most people using that same email address and those same passwords at multiple websites. [00:32:46] So I want you to do something now, and I've asked you guys to do it before on the show. You may not have had a chance before you may not have known about it, but I want you to go. If you're not in front of your computer, go there right now, or grab something. You can write this down with, or send me an email just me@craigpeterson.com. [00:33:06] What I want you to do is go to have I been poned.com. So that's like it sound have HIV. E I, the letter I been B E N P w N E d.com and put in your email address right there. And that will tell you what information of yours is widely available on the dark web. Now it doesn't have everything that's on the dark web. [00:33:37] By any stretch, but it has all of the major stuff. And I can guarantee you if you've had an email address for any time at all, that email address is going to show up. It's going to show up all a lot. Okay. So check it out. Have I been poned.com and then trend, according to Verizon is towards simplicity. [00:33:59] They're using passwords stuffing. They're using social engineering fifth. Dean X spike in misrepresentation, which is a type of integrity, breach business, email compromised, doubled last year, and a gain this year. It doubled again, 60% of business, email compromise attacks that successfully stole money. It's crazy here. [00:34:27] Median lost $30,000. That's email coming in, pretending to be someone that they're not. And again, I've helped companies that this has happened to and help them tighten things up. That is the problem. Okay. There's huge medium was 30,000. And 95% of them cost somewhere between $250 and a million dollars. [00:34:53]It's just amazing. So we've got to pull up our socks. We have to be careful. I have some free info that you'll get. If you sign up from an email newsletter, you're automatically going to get a few of the special reports that I put together. You're going to get my weekly emails. It's all for free. [00:35:12] This newsletter. Most people can't believe they don't have to pay. I had someone just this last week say. Are you sure I'm not supposed to pay for this because a lot of newsletters out there, of course you have to pay for, but I send out all of this type of information for free and I have free little trainings and free guides, and I'm more than glad to offer them all to you guys. [00:35:37] So check them out. Go right now. Craig peterson.com/subscribe. Now have I been poned is again a website juke should go to, but the other thing you need to do is make sure you're using a password manager. Now a password manager is something like one password. I wouldn't no longer use the last pass. I have pulled that off of my list of recommended password managers because of a major problem that they had. [00:36:07] And it showed, they really didn't know what they were doing. Everybody makes mistakes. Nothing's a hundred percent secure. Believe me. I know that, but they really lost all. Of my trust with this huge hack that they had. So one password is the only one I'm recommending nowadays. That's a digit one in the word password. [00:36:28] Use that. If you can use something other than your email address to log in. Do that change your account name to something out, something completely unrelated call it the human element or something. Use a login. That's not your name. That is not your email address in is not something that's easily guessed. [00:36:50] And then use a fairly randomly generated password. Now, what I'm recommending now is the latest NIST guidance, and this does the national institutes of standards and technology, and the latest NIST guidance says. You do use some random stuff, but I'm not talking about random letters, numbers, special characters. [00:37:13] I'm talking about taking three or four randomly chosen words, or even a phrase that are separated using maybe a digit or a special character, making sure there's a little bit of upper lowercase stuff going on, but it's something that can be remembered if you need to. And one password will generate these for you automatically, which is absolutely amazing. [00:37:41] Okay. It's such a godsend. I was surprised when I looked the other day, I have 1400 different accounts in my one password. Yeah. That's how many I have that's a lot. And it'll also keep your notes in there. So you can put in bank account information, et cetera. It keeps it encrypted. It keeps it in their own little secure cloud. [00:38:05] So knock on wood should be pretty darn safe. Now want to point out one more thing about these statistics here? Nearly all email servers, 96%. 96% of email servers that were compromised in these attacks or cloud-based once they've gotten into your email. They have control of you. I just got a call again. [00:38:36] This is a friend of a friend who called me up because their email account had been compromised almost certainly because again, credential, stuffing there's password information out on the dark web, et cetera. Cause I ha I looked it up for him and sent him the link. Here's what have I been poned says. But once they have control of that email address, they probably have something that you're using for password recovery. [00:39:05] So you go to the bank. So the right way to do this for the bad guys is they go to like bank of America. They try and put in your email address and say, I forgot my password. So where are they going to send your password? They're going to send it to your compromised email account. If they're, they'll try all of the major banks and they'll see what they can find. [00:39:27] 96%. So it's just crazy. And people are using this. They, the cloud is just the name for someone else's computer and you don't know how all protected it is. And you still have ability if it's broken into, and in this case, Verizon saying that this led to the compromise of personal information, internal business information. [00:39:54] Medical information, bank, account information. This is part of the challenge of moving a business to the cloud. It's incredible. All right. And not flip that make sure you do get all this info. You'll get all of my free, special reports by signing up. If you're not already on the list. If you have any questions, Craig peterson.com. [00:40:17] Feel free to reach out me at CraigPeterson.com. That's my meal at that's my email address, and I don't use it to log into anything me@craigpeterson.com.
Each week we take a look at the most recent and interesting events and trends related to data security and privacy. This week we're going to talk about what seems to be your average cybercriminals favorite pastime – phishing. Our newly released annual data breach analysis pointed out that 62% of cyberattacks that led to data breaches in 2020 involved phishing and ransomware. Download a copy of the ITRC's 2020 Data Breach Report here: notified.idtheftcenter.org/s/ Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
Each week we take a look at the most recent and interesting events and trends related to data security and privacy. This week is a replay from our webinar on Data Privacy Day, hosted by our partner the National Cybersecurity Alliance, where we revealed our new 2020 Data Breach Report including the top trends in cyberattacks. Download a copy of the ITRC's 2020 Data Breach Report here: notified.idtheftcenter.org/s/ Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
We're back with Season 2 Episode 1 of MapleTronics Tech Talk Podcast. In this episode Scott & Jordan discuss the human operating system, what it is, how it puts your organization's data at risk, and simple steps you can begin doing today to help mitigate the risks. Links from today's episode: find us online at www.mapletronics.com/podcast IBM Cost of Data Breach Report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/?lnk=dehpv18f1#/ Blog | Challenges of Securing the Human OS: https://www.mapletronics.com/post/challenges-in-securing-the-human-operating-system Watch our 1 Hr Webinar on the Human OS: https://event.webinarjam.com/go/replay/7/8rm44cwa5avao
Tonya Hall sits down with Wendi Whitmore, vice president of IBM X Force Threat Intelligence, to talk about IBM's 2020 Cost of Data Breach report and its findings. FOLLOW US - Subscribe to ZDNet on YouTube: http://bit.ly/2HzQmyf - Watch more ZDNet videos: http://zd.net/2Hzw9Zy - Follow ZDNet on Twitter: https://twitter.com/ZDNet - Follow ZDNet on Facebook: https://www.facebook.com/ZDNet - Follow ZDNet on Instagram: https://www.instagram.com/ZDNet_CBSi - Follow ZDNet on LinkedIn: https://www.linkedin.com/company/zdnet-com/ - Follow ZDNet on Snapchat: https://www.snapchat.com/add/zdnet_cbsi Learn more about your ad choices. Visit megaphone.fm/adchoices
According to the latest Ponemon Cost of Data Breach Report, over half of malicious breaches are financially motivated. When we follow the money, we see ransomware continuing to cause availability concerns, which can be addressed with mature disaster recovery plans. Not to be outdone, attackers are increasing their leverage to ensure a timely payment. Joining us this week are Cofense Cyber Threat Intelligence Analysts Brad Haas and Aaron Riley to talk about this latest move by threat actors. Learn more: Avaddon Ransomware Joins Data Exfiltration Trend Avaddon ransomware launches data leak site to extort victims Cofense Submerge has gone Virtual... The post Phish Fryday – Ransomware appeared first on Cofense. Phish Fryday – Ransomware was first posted on August 28, 2020 at 12:10 am.©2018 "Cofense". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@cofense.com
Malicious attacks were the listed as the dominant threat vector and source of healthcare breaches this year according to IBM's 2020 Data Breach Report [1]. Top sources of compromises from these malicious attacks included compromised access credentials, cloud misconfigurations, and vulnerabilities in third-party software. Opportunistic cyber attackers have seized the moment of a pandemic to target vulnerable healthcare entities and their remote workforces for their own personal gain. Attacks have leveraged COVID-19 themes for social engineering assaults, phishing campaigns, ransomware entry, and more. Healthcare organizations are on their heels trying to thwart unprecedented viruses, both physical and virtual alike. In this CyberPHIx episode, we speak with Kevin Sacco, who leads the Ethical Hacking and Penetration Testing practice for Meditology Services. With almost 20 years in the field, Kevin talks about his experiences hacking healthcare organizations, including recent pandemic-era attacks. Highlights of the discussion include: Heartless hackers: the bad guys and their motives Common healthcare security vulnerabilities and cybersecurity weak spots identified in penetration testing assessments The impact of the pandemic on attack methods, remote workforce targeting, and protection mechanisms Recommendations for the most cost-effective and impactful security controls to mitigate attacks War stories from decades of hacking healthcare entities The average breach costs healthcare organizations $7.13m. Organizations that conduct routine penetration testing save an average of $243k per breach. Healthcare is likely to remain in the cross hairs of attackers for some years to come. Kevin provides practical and cost-effective recommendations for thwarting these damaging attacks on our critical healthcare infrastructure.
Coming up in this week's episode of the GDPR Weekly Show: Salesforce and Oracle to be sued over their involvement in contextual advertising tracking, South Wales Police facial recognition ruled unlawful by UK Court of Appeal, Ofqual investigated by ICO over algorithm used for calculation of Covid-19 affected exam grades, Elizabeth Denham in Canada during Covid19 raises concerns about UK ICO effectiveness, More-ish launches new Covid19 tracking app, OTC driver conduct hearing publicity puts it in conflict with GDPR, IBM Annual Cost of Data Breach Report, Instagram retaining data after deletion by user leaving it in breach of GDPR, Bletchley Park Trust affected by Blackbaud data breach, Walgreens Pharmacy data breach after stores hit by looting, 2020 - a bad year for everyone but especially for Canon, Effect on transfer of genetic data following Schrems II ruling
4.77 Millionen US-Dollar – das kostet Unternehmen ein Datenleck im Durchschnitt. So steht es im gerade erschienenen Cost-of-Data-Breach-Report von IBM Security. Ein wichtiges Ergebnis: Vor allem gehackte Mitarbeiter-Accounts kommen häufig vor und verursachen die meisten Kosten. Dies und wie deutsche Unternehmen im Security-Vergleich dastehen, das erläutert Martin Runde, Leiter Marketing, IT-Security bei IBM.
Im IBM Livestudio Magazin von dieser Woche gibt es Gespräche zur strategischen Partnerschaft zwischen IBM, Red Hat und Adobe sowie zur neuen IBM Security-Studie über die Kosten von Datenlecks für deutsche Unternehmen: - Wie beeindruckende Kundenerfahrungen geliefert, aber gleichzeitig wichtige Kundendaten maximal geschützt werden können, diskutiert Moderator Stefan Pfeiffer mit: Hartmut König, Head of Solutions & Strategy, CTO Central Europe bei Adobe, Wolfram Richter, Manager Chief Architects Germany bei Red Hat und Helmut Nachbauer, Managing Director und Partner ecx.io -An IBM Company. - Das zweite Thema ist der gerade erschienene Cost-of-Data-Breach-Report von der IBM Security, welcher den Durchschnitt der Kosten eines Datenlecks für Unternehmen aufzeigt. Ein wichtiges Ergebnis: Vor allem gehackte Mitarbeiter-Accounts kommen häufig vor und verursachen die meisten Kosten. Stefan Pfeiffer spricht dazu mit Martin Runde, Leiter Marketing, IT Security bei IBM. Der die wichtigsten Ergebnisse der Studie vorstellt.
Welcome! Craig discusses the Cost of Data Breaches and the IBM/Ponemon Institute Study. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: Average Cost of a Data Breach: $3.86 Million The Future's Biggest Cybercrime Threat May Already Be Here Election Interference: Google Purges Breitbart from Search Results Google Has Been Purging Breitbart Content from Search Results Since the 2016 Election Heads roll at Intel after 7nm delay Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness Three people have been charged for Twitter’s huge hack, and a Florida teen is in jail Remote Work Isn’t Working? Maybe Your Company Is Doing It Wrong FBI Releases Flash Alert on Netwalker Ransomware Electric car startup Lucid is challenging Tesla’s anti-lidar stance --- Automated Machine-Generated Transcript: [00:00:00] We got a lot to cover as per usual. We're going to talk about data breaches today. We're gonna talk about cybercrime today. Election interference. What's going on with the big social media sites. This is Craig Peterson. I'm so glad you guys have decided to join me today. I am doing a little bit more with video today. So if you are online, you might be able to find me. I am not putting this video up until later on, you get to hear me first here on all of our radio stations and affiliates throughout the Northeast, which is really kind of cool. Now we keep expanding. Yes. And we're doing more in the Facebook realm and the YouTube realm. I got to start out with a little bit of an apology here. we were going back and looking at all of our numbers. We're trying to figure out what's going on because I was getting dozens and dozens and dozens of emails from listeners saying, why did you send me this email? [00:01:00] Cause I've been opening all your emails. And they were really confused. Well, here's, here's what goes on. Okay. If you don't open my emails for a few weeks, then I'm kind of figuring that maybe you're really busy. Something's going on. Maybe you don't like the sorts of things that I've been saying or doing. Maybe you want off the list and stuff. And so I sent out all of those emails to people. Well, it turns out we hadn't sent out an email since June 13th. And you might remember that's when one of my daughters got married and we went out to Kentucky then everything happened with the family is just been crazy. Then I've been trying to get all of this video stuff together and that's been a lot of work. Two. So my apologies to you, if I sent you that email, and you're wondering why, why is he doing this to me? Cause he knows, I like him. So I think I was able to restore everybody back to proper balance here as synergy. [00:02:00] We'll see how this all goes. And then the other thing that was messing up, this is what I get for not paying enough attention to some of these things is. All of our podcasts are definitely going out. We've been posting those and they're going out by the podcast mechanism. We've even still been including a transcript of the entire podcast. Craig Peterson: So you can go back and search and everything. Well, they had not been. Going up onto my website since also about June 13th. So I don't know that we're going to catch up on those on the website. You can definitely get them by you're going to my podcast feed, which you'll find online as well. Craig peterson.com. Slash podcast. And yeah, if you're an iTunes user, go to Craig peterson.com/itunes, uh, slash you know, wherever you'll find me on all your favorite podcast mediums. So it's there, it's not on my way website and the [00:03:00] emails didn't go out. Yes. It has been one of those summers. And then, yeah, what happened this week? We had our tornado. Two towns over from me from this, uh, latest storm. I F it's, it's a different name on, I can't remember what it is. Uh, it's like I say, uh, there are other, and, uh, we, so I ran outside. I was in a meeting. I said, Hey, listen, guys, I got to go. And I grabbed some straps and I wrapped them around the beehives and around the pallets the beehives are sitting on because I do keep rocks on top. Take help them from blowing over in the light wind, but we get wind. We lost power. I had to bring all of the equipment back up in my studio, all of the computers and stuff. It, it just, wasn't a pleasant experience. Anyhow. That was my week, Hell. How was yours? [00:04:00] Hey, I want to start by talking again about this new report that was put together by the Ponemon Institute. Now you may be familiar with these guys. You may not be familiar with these skies, but it was put together for IBM and IBM has published it. So I'm going to bring it up on the screen. For those of you who are watching this as a video. Uh, this is the cost of a data breach report for 2020. And this I'm showing here for those people who are watching for those that aren't. If you want to look it up, just go and do a search for the Cost of a Data Breach Report 2020 IBM and you'll find it. So they did a study on over 500 data breaches. Very, very big. And, and this study was done by the Institute and then it was analyzed and published by IBM securities that say right there, the data breach costs are absolutely huge when you get right down to it, right. [00:05:00] What kind of business are you with? You know, are you doing just a little guy and the data breach costs, won't be a lot while it could easily put you out of business. Most small businesses, really small businesses just fold within six months. It's bad. So this is showing us here. Yeah. That the global average total cost of a database is 3.86. Million dollars. Now that's down a little bit from last year, one and a half percent. And what is really saving people, what's really saving businesses is automation. See one of the biggest mistakes businesses make when it comes to the computer security network security VPN security is they've got a veritable plethora. [00:06:00] Of different pieces of equipment and software. So you've got what are called panes of glass. So you've got you whole five, 10 different systems that your analysts have to look at to figure out what's going on. Are the computers up to date? Did someone try to break in, is someone trying to break in right now? Did they get in what data did they have access to any data exfiltrated did we catch it right? All of those types of questions. So. Automation, where you have one pane of glass, allows you to have all of these what's from your advanced malware prevention, the intrusion detection, intrusion prevention systems, the endpoint. [00:07:00] Anti-malware that's sending on your computers, the, uh, the DNS that allows you to monitor where people are going and stop places as well as stop ransomware from getting out. Think about all of these different points inside your network. And then if you're a slightly bigger company, you know, small businesses, according to the small business administration go up to 500 employees, that is a lot of data to analyze. Yeah. A lot of data to look at false reports, false negatives, real positives that you have to drill into. Well, you don't want to have to go to half a dozen. Different pieces of glass to figure out what happened. You don't want to have to go and look at the antivirus software, which failed too, by the way, because it always does. Uh, and then look, and hopefully you can look at the firewall logs. Hopefully, you've got it. Detection, intrusion prevention. Oh, hopefully, you've got it all tied in. So it automatically, that's our fun machine. That's been compromised from the network. You know how many people have that. But what is being sent here in this IBM study is that there was a reduction in dramatic reduction when security automation was put in place. [00:08:00] So that's what I'm talking about here, where it notices something that detects something and shuts it down. So we've got a client that has a location down in Mexico and they have their networks, or I should say, had their networks tied together. Now they didn't want to separate the networks because they had people in Mexico that were VPN in and then they could get on a server locally up here in the Northeast and then do all of the work from there. And that way they don't have to keep these local servers up to date. Hopefully. Which they weren't, but, um, try and keep them up to date and control them through one exchange server. So all of the accounts and stuff would just be in one place. And, uh, what happened is one of these workstations in Mexico got infected and it hopped right, right through the network. [00:09:00] Up to here in the Northeast here in the US that happens all the time. I've done pieces of training on VPNs and the right way to configure them and the right way to use them. Obviously, this was all wrong, but we had very advanced firepower. The firewall in there that was doing intrusion detection and prevention, and it noticed data starting to be taken out exfiltrated is what it's called via this link to Mexico. And after a few megabytes, Of data going out. It might've been a gigabyte or so, uh, saying, wait, wait, wait, wait, wait. This isn't normal. And this isn't something that should be going on through to Mexico. Now they are in a different time zone. So the firewall was automatically taking that into account and figuring out how to tie it all together. [00:10:00] Uh, so it shut it down, just bam and it no longer love that machine. Any access to the network up here in the U S. Now since then we have tightened things up even more. They said, Oh, okay. Well, we'll do what you told us to do 18 months ago. And it is now really quite secure, but that is because we had a fully integrated system. That's why we use Cisco. Cisco was the only a company right now that has a soup to nuts platform and system that you can use that meat. All federal regulatory requirements. The only one, no, you look at Symantec, they got some really fun stuff. They've got some nice stuff. Doesn't meet the federal requirement. You can look at SonicWall and they, man, it's like outcomes raiser, right? They, they really walk that fine tight line in what they say and what they provide. But. Having this type of automation in place, according to IBM study here now reduced the average total cost 3.5, $8 million from somebody trying to get in or getting in. [00:11:00] Now we like to make sure they never get it in the first place, but typically all of these automated systems that we're using and that you could be used as well. We'll detect it almost immediately and we'll shut it down. So stick around. We've got more to talk about here. When it comes to this report, there are so many great stats about what's been happening. So stick around. We'll be right back. Thanks for listening and visit me online. Make sure you sign up. Craig peterson.com/subscribe and I promise, promise, promise. Just started sending out that newsletter again. We'll be right back. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553
The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Review of the key healthcare cybersecurity findings in the 2020 IBM Cost of a Data Breach Report (formerly known as the Ponemon Data Breach Report) Average healthcare breach costs, top sources of data breaches, and most effective security interventions for reducing breach costs and impact Analysis and recommendations for healthcare security CISOs and programs to adjust based on this new data and related trends Details of a presidential executive order issued this week to promote rural telehealth access and incentives for Medicare populations $53m federal stimulus proposed to improve cybersecurity and protect COVID-19 research data
What are the top findings from the Cost of a Data Breach Report 2020? Charles DeBeck, a cyber threat intelligence expert with IBM X‑Force IRIS, talks about what drives costs higher for some organizations. "We observed a growing divide between organizations that were well prepared and organizations that weren't," DeBeck says. DeBeck covers more highlights from the report, including top root causes such as cloud misconfiguration and compromised credentials. He also shares what the study found were the most successful security measures for mitigating costs: security automation and incident response readiness. View highlights and download the report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/
BC information and privacy commissioner Michael McAvoy and tech expert Graham Williams discuss a new report that found LifeLabs failed to properly protect clients' personal information, leading to a data breach in 2019. Hilary Atleo, owner of Iron Dog Books, discusses books by Indigenous authors and gives her recommendations.
We’re doing a quick review of the Verizon Data Breach report. We’ere also looking at Micosoft 365 options. We’d like to migrate to it if we can.LINKS1. Verizon Data Breach Report2. Microsoft 365 for businessFIND US ON1. Facebook2. Twitter - DamienHull
In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. He looks at the key findings and talks about what they might mean to us going forward.
Verizon's 2020 Data Breach Investigations Report (DBIR), released Tuesday, analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals. While cyber-espionage attacks and malware decreased, other trends, such as security "errors" (like misconfigurations, etc.), denial of service (DoS) attack and web application attacks saw startling growth.
Foreign intelligence services attribute a recent cyberattack on an Iranian port to Israeli operators. EasyJet discloses a breach of passenger information. Verizon’s annual Data Breach Report is out, and it finds more errors than it does exploits. A look at the Dark Web during the pandemic. US authorities warn local law enforcement to watch for misinformation-driven telecom vandalism. Ben Yelin explains why the ACLU is suing Baltimore over a surveillance plane. Our guest is Robb Reck from Ping Identity on a recent CISO Advisory Council meeting regarding the sudden shift to working from home. And REvil is still offering celebrity dirt for sale...if they’ve actually got any. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/97
The Risk Based Security research facility has been routinely publishing reports outlining various data breaches during the year. This report is based on the disclosed breaches that companies have announced which this company then releases periodically. One of the most recent reports is the 2019 MidYear QuickView Data Breach Report, which issued some pretty frightening numbers and details. To put it into perspective, the report announced that in the first six months of 2019, there have been over 3,800 publicly disclosed breaches. This totalled the number of compromised records to total roughly 4.1 billion. That’s way over half of the world population at the time of this recording. But what’s actually shocking about this is that a large chunk - about 3.2 billion - of those compromised records stemmed from eight of those breaches. The report also summarized that 70% of the breaches exposed emails and 65% of the breaches exposed passwords. Crucial information, but not as severe as addresses, social insurance or security numbers, or credit card numbers. Looking at the report further there’s some things to keep in mind. While you may be hung up about the fact that so much information was exposed from eight breaches alone, it’s key we pay attention to the bigger picture. The report mentioned that the vast majority of breaches were moderate to low severity, meaning they exposed 10,000 records or less. This is key to know because many business today assume that if they’re small, people wouldn’t bother them. The truth is that according to data, small businesses are being targeted a lot. After all, most don’t have tight security measures compared to larger companies. Today, the average cyber-criminal is lazy and will do anything to gather small bits of information. And it’s effortless to get it from systems that aren’t as robust. Overall the report outlines the importance of small businesses stepping up their security of customer information. The business sector alone accounts for 67% of all reported breaches and 84.6% of the exposed records. It doesn’t take a genius to figure that out and consumers should be pushing any small business owner to have a more robust system. And even if customers aren’t, business owners should take the initiative to have a good security system. Best of all, it doesn’t have to be anything highly complex. The report noted that misconfigured databases was a big cause. Out of the 3,813 breaches, 149 of them were from misconfigured databases. While that’s small, the report noted that amongst those breaches, 3.2 billion records were exposed. So making a point that your systems runs smoothly ought to be a top priority for businesses. Another step is ensuring people are more aware of security and get proper training. The report found that these problems that are coming up are nothing new. Quarter after quarter, year after year, the same mistakes are being made. Since January 2018, the top causes of breaches have been unauthorized access to systems, skimmers, and exposure of sensitive information have been the ongoing themes of breaches, All too often, businesses focus on the external threats while people fail to send the proper emails to the right people or aren’t simply aware of what can pose a threat. Having training in place to address a lot of these common issues can ensure there will be less breaches in the future.
On average, according to the 2019 Cost of a Data Breach Report, it takes 279 days to contain a data breach, up from 266 days last year. "I think it's true we're getting better identifying data breaches," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. However, at the same time as organizations improve their security postures, cybercriminals are becoming stealthier. While factors such as a lack of preparedness or third-party risk can amplify the cost of a data breach, the good news is that, according to the findings in this year's report, incident response strategy, encryption technology, and other factors can mitigate the financial impact of a breach. In fact, the combination of having an incident response team and testing that plan can save $1.2 million for a business. Dr. Ponemon returns to the podcast to discuss the lifecycle of a data breach, variations by industry and region, and why organizations are increasingly sensitive to privacy and data protection. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn. Explore the 2019 Cost of a Data Breach Report at databreachcalculator.mybluemix.net.
I finally took a look at the Verizon Data Breach Report. If you haven’t read it, do it now. This report helps you understand how the hackers are getting in. You need to know how they get in if you want to plan for prevention and detection.LINKS1. The Verizon Data Breach Report2. The Summary - The important parts of the Verizon Data Breach Report
Today we hear about potential backdoors (or maybe PUPs). Cash-stealing malware reported in Google Play. Third-party developers leave their credentials lying around GitHub. Triumfant watches Locky morph—five times a day. Dale Drew from Level 3 talks about point-of-sale risks. Verizon tells us all about their Data Breach Report. The Panama Papers may soon be released in full. Investors worry about the cyber sector, but some see healthy adjustment. And US Cyber Command works to make the "L" in ISIL stand for "loser."
SecuraBit Episode 80: Our 8080 Episode April 20, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell Guests: int80 - @dualcoremusic DualcoreMusic General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y NEWS: Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11 Oracle Critical Patch Update Advisory - April 2011 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Verizon 2011 Data Breach Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf Barracuda http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29 http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/ http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter http://www.flyingpenguin.com/?p=11513 “Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.” Texas http://www.txsafeguard.org/ http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html “Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.” Michigan Police taking your phones http://www.thenewspaper.com/news/34/3458.asp http://www.geekosystem.com/cellebrite-cellphone-hacker/ “The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.” Wordpress http://en.blog.wordpress.com/2011/04/13/security/ http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311 Georgian woman cuts off web access to whole of Armenia http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice http://www.f-secure.com/weblog/archives/00002134.html “Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.” Quick Mentions: FBI take down botnet http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411 Facebook adds 2 factor http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911 Flash 0 day: http://www.adobe.com/software/flash/about/ Anything below version 10.2.153.1 is vulnerable Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events CEIC Orlando (15 – 18 May 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) #BSidesStJohns St. John's, NL (10 Jun 2011) #BSidesCT Meriden, CT (11 Jun 2011) FIRST Austria (12 - 17 June 2011) #BSidesVienna(18 June 2011) Toorcon (18 - 19 June 2011) #BSidesLasVegas (3-4 August 2011) BlackHat Vegas (3 - 4 August 2011) DEFCON 19 (4 - 7 August 2011) #BSidesLA Los Angeles, CA (18 - 19 August 2011) #BSidesMO(21 Oct 2011) #BSidesNewDelhi (22 - 23 October 2011) VB Barcelona October 2011 Links: http://www.securabit.com http://dualcoremusic.com/nerdcore/ Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8