On the evening of July 15, 2020, Twitter users watched one of the most high-profile attacks to occur in years unfold in real-time as imposters sent a series of fraudulent Tweets from the accounts of about 130 celebrities, politicians, and tech industry luminaries. Tweets that promised to provide $2,000 for every $1,000 sent to a Bitcoin address. There are a number of important lesson here for all enterprises, but one that especially stands out.
Nearly a decade ago, Marc Andreessen wrote in the Wall Street Journal how software was “eating the world.” And in this age of digital transformation, that’s most certainly true. Software is now everywhere and consists of everything. Today, enterprises build more customer-facing and software-driven services than ever before. Software bots are automating manual processes, and software plays an increasingly central role in every machine and device we use.
A study of more than 5,500 companies within eight countries found that businesses affected by cyber incidents witnessed their losses rise from $10,000 per incident to $57,000.
Attacks targeting healthcare organizations just won’t let up. In early June, the University of California San Francisco (UCSF) announced that their IT team identified a limited security breach within a part of the UCSF School of Medicine’s IT environment.
As enterprises continue with their digital transformations by automating their manual workflows, moving existing applications to the cloud, and developing and deploying new applications at a record pace, they’re also rapidly increasing the complexity in their environments, and as a result security controls and processes that should be in place continue to slip.
We get so deluged with news stories about data breaches that it’s easy to lose sight of the forest for the trees. Consider, according to a newly released report from ForgeRock, the ForgeRock Consumer Identity Breach Report, which found that more than 5 billion records were exposed last year. That’s a lot of information on a lot of information pertaining to a lot of people.
Enterprise digital transformations are making the jobs of enterprise security teams to properly manage and secure their environments even more challenging. After all, as digital transformations have rapidly increased the complexity of environments as technology teams strain to maintain existing systems, deploy new cloud services, manage IoT devices, and constantly develop and deploy more applications.
Since the very beginnings of the novel coronavirus (COVID-19) pandemic, businesses of all sizes have struggled to adjust to the new occupational normal. IT teams have not been immune to the disruption. Neither have information security teams for that matter. While employment in the IT sector remains much more resilient than other segments of the economy, employment in the IT sector still declined by about 1% last month, even as businesses compete for technical talent and continue digital transformations.
Passwords are a huge hassle. We all must use them, and generally hate doing so. There’s no way to sugarcoat it. The typical user has hundreds of username and password combinations that they must remember and manage. We all forget and must reset passwords regularly. And, over time, many of these accounts, along with the associated passwords, will be abandoned. And over time, they will be compromised. Because so many people reuse their passwords, those credentials will lead to data breaches.
In its sixth annual Data Security Incident Response (DSIR) Report, BakerHostetler found that phishing attacks ranked as the leading cause of data incidents among the 959 cybersecurity incidents the law firm helped clients manage last year. This is the fifth year in a row phishing proved to be the top cause of data security incidents in the law firm’s report.
While some of the impacts of the current global pandemic could be predicted, such as the move to work from home, cloud computing, and other technological change, one of the changes that one might not consider until in the thick of the pandemic would be biometrics.
There has been a steady rise in COVID-19 scams and attacks since the novel coronavirus pandemic went global in February. Traditional cybercriminals, as well as APT groups, have been exploiting the situation and will likely continue until COVID-19 is no longer a front-page news item. The attack techniques look familiar: phishing, vishing, malicious apps, malicious domains, and crafty SEO techniques, along with social engineering techniques designed to entice people to click on links or attachments to install malware or steal login credentials.
