Security News

Sri Lanka's Computer Emergency Readiness Team is currently investigating a ransomware attack on the government's cloud infrastructure that affected around 5,000 email accounts, it revealed on Tuesday. While a LinkedIn post from CERT cited cloud infrastructure, an alert uploaded to the organization's website on Monday specified that an attack was made on the government email system.

Life sciences companies, including medical device manufacturers, biotech and pharmaceutical companies, are experiencing increasing rates of insider-driven data loss events, according to Code42. Faced with this growing threat, life sciences leaders are prioritizing modern data loss prevention strategies, which are proving effective.

Data loss prevention enables organizations to protect their sensitive data. Data loss prevention is a set of software tools, processes and data security practices that help prevent unauthorized access, misuse or loss of sensitive or critical data.

Data loss - particularly from ransomware attacks - has always been a costly proposition for enterprises. In its 2023 Data Security Incident Response Report [PDF], Cleveland-based law firm BakerHostetler - which three years ago launched a practice around data, equal to other practices like tax, IP, and litigation - found while the number of ransomware incidents the firm responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023.

ESET researchers have uncovered a compromise of an East Asian data loss prevention company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company.

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which eventually resulted in the execution of malware on the computers of the company's customers," ESET researcher Facundo Muñoz said.

Before digging into DLP specifics, consider the deceptive marketing behind data loss prevention "As a service." The name implies that DLP is just one aspect of maintaining a security posture, when in fact, preventing data loss encompasses almost all of cybersecurity. An organization must ensure they have the right people, with the right experience, and enough of them to implement DLP properly.

Microsoft warns that a newly acknowledged issue can lead to data loss when resetting virtual disks using the Server Manager management console. [...]

Use these three questions to assess your company's preparedness to retrieve lost data. Where you store your data backup is nearly as important as creating copies in the first place.

Some data discovery solutions give you only metadata, which is a good place to start, but comprehensive data classification based on sensitive content provides the additional context so you can focus on protecting what is important first. Volume: Data volumes in cloud environments are on the increase and hence the solution you pick needs to be able to handle large volumes of data and can scale itself up or down as needed to do both discovery and classification of the data.