Security News

The importance of mapping CIS Controls to Verizon's incident classifications. The mapping of CIS Controls to Verizon's incident classifications presents organizations with an opportunity to optimize their security resources by aligning them with real-world security incidents.

The study, which tracked incidents occurring between November 1, 2021 and October 31, 2022, found that BEC attacks doubled and represented more than 50% of social engineering attacks. According to the study, the practice, which is commonly used in BEC attacks, doubled in volume compared to the prior year's.

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.

There has been an alarming rise in ransomware breaches - a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach Investigations Report. Verizon has been issuing its yearly DBIR report for the last 15 years, providing the security practitioners and executives around the world a glimpse into the global trends and patterns related to cyber incidents and data breaches.

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering. The data, contained in the new Verizon 2021 Data Breach Investigations Report, shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

"We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn't actually stolen it. While that may give you some comfort, it doesn't mean that a ransomware incident is materially less impactful to the security folks who have to deal with it." "In all cyberattacks, it is the attacker who defines the rules, and often opportunism is the best play in any numbers game. The 2020 DBIR confirms that most successful breaches employed opportunistic tactics ranging from social engineering and credential attacks through to opportunistic hacks and exploits of misconfigurations. This means that we could see a material reduction in breaches if basic principles such as securing S3 buckets, applying password security to databases, having a patch management strategy and applying reasonable malware protections were in place."

While cyber-espionage attacks and malware decreased, other trends, such as security "Errors", denial-of-service campaigns and web application attacks saw startling growth. They're already attacking those service oriented workflows, particularly using things like credentials, which is 80 percent of the attacks.

Verizon's 2020 Data Breach Investigations Report is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed. Firstly, only breaches reported to or known to Verizon can be included.

C-level executives are 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches. This is among the key findings of the latest...

From a creepy Airbnb incident to Verizon's Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10.