Many data-centric cybersecurity frameworks are pushing the industry towards full proactive prioritization and risk ranking gap analysis to enable an accurate measure of system risk while reducing the resources and time required for compliance with privacy regulations.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
A malicious fake ChatGPT Chrome extension on Google's official web store targets Facebook Ad accounts for takeover, leveraging the chatbot's popularity. Extension has been downloaded more than 2,000 times.
The ransomware gang ALPHV has claimed to have breached Amazon's Ring on the underground site it uses to extort victims, though it has yet to provide any evidence.
Cloud and mobility, including the blurred lines between personal and corporate devices has increased the complexity of identity and access management. Likewise, the surge in the sheer volume and variety of data has contributed to a more dynamic and multifaceted authorization process for enterprises.
Telecoms giant AT&T confirmed a third-party data breach involving a marketing vendor exposing 9 million customer accounts to unauthorized access.
Taiwanese PC maker Acer confirmed a data breach after a hacker listed the stolen data on a hacking forum, including technical product specifications and infrastructure details.
Cybercriminals aren’t just hacking for activism or for fun. They’re running their attacks like a business, targeting organisations to extort money – and they’re getting smarter at it. Don’t get complacent, don’t cut corners and shore yourself up against the people lurking in the cyber-shadows.
A health data breach appears to have exposed the sensitive personal information of members of Congress and their employees. DC Health Link is used by many (but not all) members and their assorted staff.
The U.S. aviation sector is looking at new cybersecurity requirements in four fundamental areas: network segmentation and redundancy, access control, monitoring and detection of threats, and timely patching.
Recent ransomware attacks by identified Russian organized cybercrime groups like Vice Society and Ryuk have shed light on the critical need for companies to revamp security protocols, particularly within critical infrastructures such as healthcare, energy, and public services.









