As cyber crime groups grow and "corporatize," they find themselves under pressure to keep up with wages. Operating expenses are largely devoted to paying employees and contractors for their work, with 80% a typical number.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Password fatigue is rapidly becoming threat actors’ greatest weapon when it comes to account takeover. The key is removing passwords from the equation altogethe and a new generation of passwordless, phishing-resistant multi-factor authentication is rapidly emerging as enterprises’ answer to password fatigue.
A study has found that while three-quarters of security exposures were not exploitable, a measly 2% of security exposures put 90% of organizations' critical assets at risk of exploitation.
Hackers responsible for the Oakland ransomware attack have published a second batch of stolen data. The leaked data includes the personal information of city employees.
With risks being discovered by a wide range of security tools, how can vulnerability management teams ensure their vulnerability risk management programs are actually targeting the highest-priority risks and therefore supporting ongoing cybersecurity goals? When these tools and their findings are siloed, the answer is, unfortunately, simple: they can’t.
Suspected Chinese threat actors compromised an IRS-authorized online tax return website eFile.com using JavaScript malware to create backdoors on users’ devices.
Emerging cyber risk quantification methods are allowing boards to ask “what if” questions if operating conditions change, and to align cyber risk with what they know about the business—upcoming economic challenges, potential merger and acquisition activities, or even the effect on the company’s financial statements or stock price.
ChatGPT will put information that is shared by users into its training model. It was reported that Samsung employees have fed it some source code and other sensitive data.
U.S. hard drive maker and cloud storage solutions provider said the security breach forced the company to put most servers offline, denying customers access to their online data. Western Digital believes that the security breach allowed the hacker to access certain data.
Starting in 2024, Android apps that want to be listed on the Google Play Store will need to provide users with greater control over the data they collect. Apps must allow users to delete their account data whenever they choose, and to entirely remove their account from the app.










