The sheer number of reports that cloud security teams deal with are becoming a serious problem, and "alert fatigue" is causing critical alerts to be missed at an alarming rate.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
A new "combination file" offered on the dark web that makes connections between Clubhouse and Facebook users is a threat to create a spike in specific attack types, namely phishing and account takeover attempts.
A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Google researchers present markers found in its code including a script that is signed by the company.
Only 55% of the organizations surveyed are carrying any cyber insurance at all. And of those that are insured, just under 20% have more than $600,000 in coverage; not enough to meet the usual ransomware payment, let alone the potential cleanup costs.
Hackers are using Google Ads to direct victims to phishing sites that steal advertiser accounts in the “most egregious malvertising campaign” tracked by cybersecurity firm Malwarebytes.
A hacker is claiming to have stolen over one billion user records, but security researchers are not convinced that this came from a legitimate TikTok hack or that account takeovers were involved.
Microsoft warns of social engineering attacks dubbed “payroll pirates” resulting in lost wages after hackers divert employees’ earnings to threat actor-controlled bank accounts.
While we often think about malicious users when we speak of insider threats, the "real" problem lies with users that may unintentionally be putting their organizations at risk. This includes users that get phished, bypass controls for convenience or efficiency, and connect their own devices to the corporate networks.
RF-enabled devices are now prevalent in the enterprise and RF security is getting harder to enforce in secure facilities that require more nuanced electronic device policies.
For IT asset disposition (ITAD), data safety and destruction isn’t just a technological issue, it’s a human one as well – based on procedure and trust. So how do we build a more trustworthy process?










