Security News

The ransomware attack on Rackspace has taught us the importance of good cybersecurity habits. Rackspace took to social media on December 6, 2022, posting on Twitter that the outage resulted from a ransomware attack.

Before digging into DLP specifics, consider the deceptive marketing behind data loss prevention "As a service." The name implies that DLP is just one aspect of maintaining a security posture, when in fact, preventing data loss encompasses almost all of cybersecurity. An organization must ensure they have the right people, with the right experience, and enough of them to implement DLP properly.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Since the early stages of the pandemic, account takeover fraud has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synthetic ID, IRSF and promo abuse increasing rapidly, the new avenues for account takeover have turned this scheme into a beast that feels unstoppable.

Many cyberattacks begin with the same weakness: user accounts. More specifically, they exploit user credentials, with 89% of web application attacks in 2021 involving stolen or misused usernames and passwords.

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.

KELA surveyed 400 security team members in the US who were responsible for gathering cybercrime threat intelligence daily to better understand if they're proactively scanning the dark web and other cybercrime sources, what tools they're using, the gaps they see in their cybercrime threat intelligence approach, and more. "We found organizations may be less prepared for threats emerging from the cybercrime underground than they should be," said David Carmiel, CEO of KELA. "At KELA, our extensive intelligence expertise has shown us just how complex the cybercrime underground really is. The threats are much more comprehensive, and what organizations know and refer to as the dark web is changing within the hour."

While phishing remains the most common attack vector, threat actors have introduced tactics, techniques, and procedures that don't require a victim to click on a malicious link or open a weaponized document to become infected. Instead, they are utilizing exploits, such as Eternal Blue, and uncommon programming languages and obscure data formats to deposit ransomware directly on to victims' systems, thereby acquiring the persistent access they need to exchange encryption keys and process payments.

How can a CISO effectively explain the cost of a data breach to the company's Board? What type of information drives the point home for a non-technical audience? To explain the cost of a breach is highly dependent on the breach itself.

At the epicenter of this is data loss prevention, a category of tools that inspect content and contextually analyze data in any state. While there are instances of staff actively leaking data, many data leaks occur due to employees losing sensitive data in public, providing open Internet access to data, or failing to restrict access in line with organizational policies - often genuine mistakes which result from a lack of awareness and training rather than any bad intentions.