Security News > 2023 > May > Data-driven insights help prevent decisions based on fear

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler.

"We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions about other areas of risk and compliance and that there was no source for that purpose for data security," said Theodore J. Kobus III, chair of BakerHostetler's Digital Assets and Data Management Practice Group.

"The statistics and insights in the report are intended to help organizations with benchmarking and projections so they do not have to make decisions based on hype and fear. As organizations implement stronger security measures to adapt to the changing risk landscape, we see threat actors adapting their methods accordingly. The need for vigilance remains ever present. We also recognized that data and technology issues require an enterprise approach. So, over the years we added capabilities to serve our clients across the life cycle of data technology. Our Digital Assets and Data Management Practice Group now has more than 100 dedicated attorneys and technologists," Kobus continued.

Threat actors find new ways around security measures.

MFA bombing: Where, after obtaining an account's username and password, the threat actor repeatedly sends authentication notices until the user wears down and approves the request - thus allowing the threat actor access.

Over multiple conversations, sometimes lasting months, the threat actor eventually gains the trust of the employee, who through some action permits the threat actor to gain access to the system.

News URL

https://www.helpnetsecurity.com/2023/05/02/making-data-driven-decisions/