As applications grow more complex, attackers will increasingly seek to exploit vulnerabilities in business logic to bypass traditional security measures and gain unauthorized access. To address this threat, organizations must rethink their current security strategies for protecting applications and APIs, and the data they’re accessing.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The final report on the Okta security breach indicates that the attackers were able to access HAR files containing session tokens of 134 customers, but it appears they were very selective in which they chose to pursue follow-up attacks on. Only five instances of successful session hijacking were logged.
The state government of Maine has confirmed a MOVEit data breach that leaked extensive personally identifiable information of basically all 1.3 million residents.
Magic Circle law firm Allen & Overy has confirmed a cyber attack claimed by the Russian LockBit ransomware group, which demanded a ransom and threatened to leak stolen data.
OpenAI has attributed ChatGPT outages to a targeted distributed denial of service (DDoS) attack. A suspected Russian hacktivist group Anonymous Sudan has claimed responsibility.
A ransomware attack has caused some chaos in the US Treasury market, as some transactions have had to be suspended or rerouted due to service outages and ICBC has been forced to process Wall Street trades via USB sticks.
The world of cybersecurity — which includes both tactics by hackers and how we combat increasingly complex data breaches and attacks — is constantly evolving. Learn more about top security and risk management trends in 2024, including cyberwarfare, the zero trust model and more.
SEC cybersecurity rules requires companies to specify how and the process by which the board oversees risk from cyberthreats, the subcommittees involved in oversight, and whether and how management updates the board and subcommittees.
The Russian BlackCat/ALPHV cybergang has claimed responsibility for the Henry Schein ransomware attack and threatened to leak 35 terabytes of internal data. Henry Schein’s devices were encrypted again after ransom negotiations collapsed.
Enterprise use of AI may expand the attack surface for cybercriminals, but leveraging AI technologies can also allow security teams to get ahead in defending against and preventing adversarial AI and AI-powered cyber threats.










