Security News > 2022 > September > S3 Ep102: How to avoid a data breach [Audio + Transcript]

All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data.

CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.

DUCK. So if we ignore the data that's gone, and the criminality or otherwise of accessing it, what's the moral of the story for people providing RESTful APIs, web-based access APIs, to customer data?

In theory, you'd hope that it would be possible to spot the fact that all your data was being backed up but wasn't following the usual cloud backup procedure that you use.

They're taking all your data off your network, just like the extortion groups have done for a while, but then they're wiping your systems rather than encrypting it and going, "No, no, no, we'll give you the data back when you pay."

There's so much bandwidth out there that instead of [LAUGHING] oh, dear, I shouldn't laugh instead of saying, "Pay us the money and we'll send you the 16-byte decryption key", it's "Send us the money and we'll give you the files back."

News URL

https://nakedsecurity.sophos.com/2022/09/29/s3-ep102-sorting-fact-from-fiction-in-hyped-up-cybersecurity-news-stories/