Security News

Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu also said that attackers had gained unauthorized access to projects that used ProjectWEB, and stolen proprietary data.

The Verizon report examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year's report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.

Additional insights 93% of organizations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organizations who do not use Microsoft 365. 15% of organizations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organizations not using it.

On Wednesday, software company Egress released a report titled "Outbound email: Microsoft 365's security blind spot" highlighting email data breaches and IT frustrations during the coronavirus pandemic. "We can't ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today."

The results revealed that 28% of middle market leaders claimed that their company experienced data breaches in the last year, a sharp rise from 18% in last year's survey and the highest level since 2015. According to the survey, 33% of middle market executives said they experienced a ransomware attack or demand in 2020, the highest number since ransomware became a focus of the data four years ago, and a 10% increase from last year.

The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. Clop's attacks did not encrypt a single byte but stole data from large companies that relied on Accellion's legacy File Transfer Appliance and tried to extort them with high ransom demands.

CISOs face a rising 'security debt' to secure their organizations against an increasing volume of attacks by well-armed criminals. Despite going up against a criminal industry that enjoys advantages when it comes to speed and shared weaponry, CISOs and their teams report turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises, according to a report from F-Secure.

According to Mandiant, the surge in ransomware attacks, which are meant to be noisy and detected, is partially the reason for shorter dwell times observed in live attacks over the last year. In the ransomware attacks investigated by Mandiant, 78% had a dwell time of 30 days or less, and only 1% of these incidents had a dwell time of 700 days or more.

At the same time, only one in six respondents expressed confidence in their organization's current security investments. These findings are in line with another research which discloses that even with more investment in enterprise security programs, the cost to business from successful breaches and attacks continues to worsen.

Data breaches and network outages are a real and growing cost for the industry: 43% of respondents estimated the costs of data breaches would exceed $2 million and 34% said the same for network outages. The healthcare industry is a target: 52% of respondents suffered a data breach in the past year.