Verizon 2017 DBIR: Key Takeaways

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories (up from last year’s 83%) that were first identified in the 2014 report. These attacks…

How to Stop the Breach in a Hybrid Enterprise

Has your enterprise experienced a data breach in the past two years? If so, it’s time for a wake-up call. In fact, 66% of organizations reported falling victim to a breach an average of five or more times during that time span. The security status quo is a slippery slope. Enterprise networks have expanded beyond the well-defined boundaries that used to protect our important assets from falling into the wrong hands and a new security reality has set in. Traditional security methods can’t protect your organization from breaches, and failure to recognize this new reality leaves your business at risk…

RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

The Cybersecurity Tipping Point Nears

If we’d take a moment to pull our heads out of the sand and look around, we’d quickly see that we’re on an ominous trajectory. There’s no arguing that over the last several years, we’ve been suffering from increasing numbers of breaches, cyberhacks and data leaks. What’s truly puzzling is the fact that we’ve grown so used to the headlines, they no longer seem to impact us: Target spent $250 million to manage a breach? A massive 1 terabytes per second attack against a DNS provider that knocks out major websites? One billion Yahoo identities hacked? Even a hacked election?…

Uh Oh, Yahoo Breach Hits 1 Billion User Accounts

Could this be the catalyst for change to end hacks? Compromised enterprises face huge barriers to rebuilding customer trust and brand reputation. And for Yahoo, this may be an insurmountable task. In September, Yahoo disclosed that the company lost access control for over 500 million accounts. Turns out the largest breach in history of 500M Yahoo accounts in 2014 is only half as much as the latest and largest hack ever discovered – 1B Yahoo accounts lost in 2013. Will this event finally be the catalyst for not only Yahoo but every other company that maintains customer accounts to force…

How to Prevent Another SFMTA Ransomware Attack

By now, many have heard about the recent ransomware attack against the San Francisco’s “Muni” system on Black Friday where the hacker locked out the railway’s system and demanded 100 BTC as payment. The second, less known, part of the story was published by Brian Krebs on his blog yesterday: “On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s…

How to Avoid a Snowden-esque Security Breach at Your Company

What would happen to your company’s reputation or market share if its data was hacked? This article originally appeared on Inc. Magazine and is reprinted with permission. The recent release of Snowden, the 2016 film about exiled former cyber-security contractor Edward Snowden, highlights some of the inherent cyber-security risks that organizations face. These concerns have been reinforced by the controversy over hacked emails during the current election cycle. In Snowden’s case, it was the National Security Agency (NSA) that was breached, but the vulnerabilities he exploited exist in many enterprise-level companies as well. Security Breaches in recent memory While I worked at Symantec for the…

How To Prevent Cybercrime: CFO Insights for Mid-Market and SMB Companies

Cybersecurity Risk From the Break Room to the Board Room How can CFO’s enable an organization to effectively combat cybercrime, while reducing IT security budgets? If this sounds too good to be true, let me explain how it can be done. Cyber risk is present at every level in every company from the break room to the board room. In retail, data breaches occur in companies of every size; from Yellowfront, a one-store grocer in Maine to the massive Home Depot and Target breaches. Cyber awareness of social engineering attack modes is a management priority, and all employees have responsibility in preventing…

Last Hurrah for Yahoo? 500 Million Accounts Compromised

I have personally been on Yahoo email since it was released in 1997 (almost 20 years!). I remember how cool it was to have an email address that would live independently from my school, work and ISP accounts. This was especially cool because I lived in Silicon Valley and all three of those emails tended to change every few years. I have been a loyal user of Yahoo mail even when seemingly better or more popular alternatives were available (Gmail, AOL, me.com, Hotmail, etc.). Well, today is the day that I may finally consider making the move to another service. Turns out…

Russian Hackers Target World Anti-Doping Agency in Latest Breach

What Happened: A Russian cyber espionage group known by the name of Tsar Team, also calling itself Fancy Bear, were successful in illegally hacking the World Anti-Doping Agency (WADA). The Anti-Doping Administration and Management System (ADAMS) database was accessed using a compromised account provided to the International Olympic Committee for the Rio 2016 Games. A release by WADA indicates, “While it is an evolving situation, at present, we believe that access to ADAMS was obtained through spear phishing of email accounts.” Olivier Niggli, Director General, WADA states, “WADA has been informed by law enforcement authorities that these attacks are originating…