If your current system isn’t capable of tracking and assessing different user variables online, chances are your business isn’t fully prepared to stop a determined attacker. What layers is your cybersecurity strategy missing?
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
67% of businesses suffered subsequent cyber attacks within a year after the first incident, with 10% recording ten or more repeated breaches. Medium-sized firms were most impacted.
The Iran-backed campaign targets prominent Israelis and uses spear phishing to gain access to emails, leveraging the account takeover to hijack existing conversations.
New, decentralized Web3 technologies stand to address virtually all concerns of the old internet, but there’s a catch. All too often these networks are still built upon legacy infrastructure, and, as such, are exposed to many of the same defects.
The Chinese hackers are distributing backdoored Web3 wallets, primarily targeting searches for Coinbase Wallet, imToken, MetaMask and Token Pocket, and are focused on both iOS and Android users.
Digital Shadows Photon Research team found that over 24 billion stolen user credentials were available for sale on the dark web market in 2022, an increase of 65% in two years.
More recent approaches to threat modeling is including DevSecOps, putting a greater focus on developers as a critical arm of cybersecurity. Additionally, threat modeling is pulling away from a reliance on security professionals looking at finished products, instead asking engineering to embrace the concept of security as code.
Tenable CEO cites reports from several cybersecurity firms that indicate Microsoft is not being timely enough with its vulnerability disclosures and sometimes has a "dismissive" attitude.
Security researchers have documented a Facebook credential phishing campaign that has been active since late 2021, and has been highly successful in duping victims using an authentic-looking spoofed login page.
Cyber espionage group is thought to have been in action since at least 2013, with a heavy focus on certain APAC countries and regions. The Chinese hackers also focuses in on political targets.