InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
The AI Data Security report, jointly authored by the NSA, CISA, FBI, and cybersecurity agencies from Australia, New Zealand, and the UK, provides comprehensive guidance on securing data throughout the AI system lifecycle. It emphasizes the critical importance of data integrity and confidentiality in ensuring the reliability of AI outcomes. The report outlines best practices such as implementing data encryption, digital signatures, provenance tracking, secure storage solutions, and establishing a robust trust infrastructure. These measures aim to protect sensitive, proprietary, or mission-critical data used in AI systems.
Key Risk Areas and Mitigation Strategies
The report identifies three primary data security risks in AI systems:
Data Supply Chain Vulnerabilities: Risks associated with sourcing data from external providers, which may introduce compromised or malicious datasets.
Poisoned Data: The intentional insertion of malicious data into training datasets to manipulate AI behavior.
Data Drift: The gradual evolution of data over time, which can degrade AI model performance if not properly managed.
To mitigate these risks, the report recommends rigorous validation of data sources, continuous monitoring for anomalies, and regular updates to AI models to accommodate changes in data patterns.
Feedback and Observations
The report offers a timely and thorough framework for organizations to enhance the security of their AI systems. By addressing the entire data lifecycle, it underscores the necessity of integrating security measures from the initial stages of AI development through deployment and maintenance. However, the implementation of these best practices may pose challenges, particularly for organizations with limited resources or expertise in AI and cybersecurity. Therefore, additional support in the form of training, standardized tools, and collaborative initiatives could be beneficial in facilitating widespread adoption of these security measures.
The article emphasizes that AI cybersecurity must be multi-layered, like the systems it protects. Cybercriminals increasingly exploit large language models (LLMs) with attacks such as data poisoning, jailbreaks, and model extraction. To counter these threats, organizations must implement security strategies during the design, development, deployment, and operational phases of AI systems. Effective measures include data sanitization, cryptographic checks, adversarial input detection, and continuous testing. A holistic approach is needed to protect against growing AI-related cyber risks.
Benefits and Concerns of AI in Data Security and Privacy
Predictive analytics provides substantial benefits in cybersecurity by helping organizations forecast and mitigate threats before they arise. Using statistical analysis, machine learning, and behavioral insights, it highlights potential risks and vulnerabilities. Despite hurdles such as data quality, model complexity, and the dynamic nature of threats, adopting best practices and tools enhances its efficacy in threat detection and response. As cyber risks evolve, predictive analytics will be essential for proactive risk management and the protection of organizational data assets.
AI raises concerns about data privacy and security. Ensuring that AI tools comply with privacy regulations and protect sensitive information.
AI systems must adhere to privacy laws and regulations, such as GDPR, CPRA to protect individuals’ information. Compliance ensures ethical data handling practices.
Implementing robust security measures to protect data (data governance) from unauthorized access and breaches is critical. Data protection practices safeguard sensitive information and maintain trust.
1. Predictive Analytics in Cybersecurity
Predictive analytics offers substantial benefits by helping organizations anticipate and prevent cyber threats before they occur. It leverages statistical models, machine learning, and behavioral analysis to identify potential risks. These insights enable proactive measures, such as threat mitigation and vulnerability management, ensuring an organizationâs defenses are always one step ahead.
2. AI and Data Privacy
AI systems raise concerns regarding data privacy and security, especially as they process sensitive information. Ensuring compliance with privacy regulations like GDPR and CPRA is crucial. Organizations must prioritize safeguarding personal data while using AI tools to maintain trust and avoid legal ramifications.
3. Security and Data Governance
Robust security measures are essential to protect data from breaches and unauthorized access. Implementing effective data governance ensures that sensitive information is managed, stored, and processed securely, thus maintaining organizational integrity and preventing potential data-related crises.
The article from IBM emphasizes the critical role of data governance in ensuring high-quality, secure, and accessible data, which is vital for organizations aiming to leverage emerging technologies like AI, ML, and automation.
Effective data governance acts like air traffic control, managing the flow of data to ensure integrity and prevent misuse. Without proper governance, organizations risk basing decisions on inaccurate data or suffering breaches that can lead to financial losses and erode trust. Data governance also ensures organizations have access to real-time, high-quality data, enabling them to make better business decisions, optimize operations, and maintain compliance with regulations.
Establishing an effective data governance framework requires a long-term commitment, collaboration across departments, and thoughtful implementation. Organizations should start small, define roles and responsibilities, secure stakeholder buy-in, and select the right tools to manage data. Continuous monitoring, improvement, and alignment with broader business strategies are essential for sustained success. Strong data security practices, adherence to privacy regulations, and the use of maturity models help organizations build a dynamic governance ecosystem that evolves alongside the business, fostering a culture that views data as a strategic asset.
A sophisticated threat activity cluster, STAC6451, has been identified targeting Microsoft SQL servers.
This cluster, primarily observed by Sophos Managed Detection and Response (MDR) teams, has compromised organizations by exploiting SQL server vulnerabilities.
The attackers have been using a combination of brute-force attacks, command execution, and lateral movement techniques to infiltrate and compromise networks.
This article delves into the intricate details of the STAC6451 attacks, the techniques employed, and the implications for organizations worldwide.
Legal documents, HR data, source code, and other sensitive corporate information is being fed into unlicensed, publicly available AIs at a swift rate, leaving IT leaders with a mounting shadow AI mess.
Employees at many organizations are engaging in widespread use of unauthorized AI models behind the backs of their CIOs and CISOs, according to a recent study.
Employees are sharing company legal documents, source code, and employee information with unlicensed, non-corporate versions of AIs, including ChatGPT and Google Gemini, potentially leading to major headaches for CIOs and other IT leaders, according to research from Cyberhaven Labs.
About 74% of the ChatGPT use at work is through non-corporate accounts, potentially giving the AI the ability to use or train on that data, says the Cyberhaven Q2 2024 AI Adoption and Risk Report, based on actual AI usage patterns of 3 million workers. More than 94% of workplace use of Google AIs Gemini and Bard are from non-corporate accounts, the study reveals.
Nearly 83% of all legal documents shared with AI tools go through non-corporate accounts, the report adds, while about half of all source code, R&D materials, and HR and employee records go into unauthorized AIs.
The amount of data put into all AI tools saw nearly a five-fold increase between March 2023 and March 2024, according to the report. âEnd users are adopting new AI tools faster than IT can keep up, fueling continued growth in âshadow AI,ââ the report adds.
Where does the data go?
At the same time, many users may not know what happens to their companiesâ data once they share it with an unlicensed AI. ChatGPTâs terms of use, for example, say the ownership of the content entered remains with the users. However, ChatGPT may use that content to provide, maintain, develop, and improve its services, meaning it could train itself using shared employee records. Users can opt out of ChatGPT training itself on their data.
So far, there have been no high-profile reports about major company secrets spilled by large public AIs, but security experts worry about what happens to company data once an AI ingests it. On May 28, OpenAI announced a new Safety and Security Committee to address concerns.
Itâs difficult to assess the risk of sharing confidential or sensitive information with publicly available AIs, says Brian Vecci, field CTO at Varonis, a cloud security firm. It seems unlikely that companies like Google or ChatGPT developer OpenAI will allow their AIs to leak sensitive business data to the public, given the headaches such disclosures would cause them, he says.
Still, there arenât many rules governing what AI developers can do with the data users provide them, some security experts note. Many more AI models will be rolled out in the coming years, Vecci says.
âWhen we get outside of the realm of OpenAI and Google, there are going to be other tools that pop up,â he says. âThere are going to be AI tools out there that will do something interesting but are not controlled by OpenAI or Google, which presumably have much more incentive to be held accountable and treat data with care.â
The coming wave of second- and third-tier AI developers may be fronts for hacking groups, may see profit in selling confidential company information, or may lack the cybersecurity protections that the big players have, Vecci says.
âThereâs some version of an LLM tool thatâs similar to ChatGPT and is free and fast and controlled by who knows who,â he says. âYour employees are using it, and theyâre forking over source code and financial statements, and that could be a much higher risk.â
Risky behavior
Sharing company or customer data with any unauthorized AI creates risk, regardless of whether the AI model trains on that data or shares it with other users, because that information now exists outside company walls, adds Pranava Adduri, CEO of Bedrock Security.
Adduri recommends organizations sign licensed deals, containing data use restrictions, with AI vendors so that employees can experiment with AI.
âThe problem boils down to the inability to control,â he says. âIf the data is getting shipped off to a system where you donât have that direct control, usually the risk is managed through legal contracts and legal agreements.â
AvePoint, a cloud data management company, has signed an AI contract to head off the use of shadow AI, says Dana Simberkoff, chief risk, privacy, and information security officer at the company. AvePoint thoroughly reviewed the licensing terms, including the data use restrictions, before signing.
A major problem with shadow AI is that users donât read the privacy policy or terms of use before shoveling company data into unauthorized tools, she says.
âWhere that data goes, how itâs being stored, and what it may be used for in the future is still not very transparent,â she says. âWhat most everyday business users donât necessarily understand is that these open AI technologies, the ones from a whole host of different companies that you can use in your browser, actually feed themselves off of the data that theyâre ingesting.â
Training and security
AvePoint has tried to discourage employees from using unauthorized AI tools through a comprehensive education program, through strict access controls on sensitive data, and through other cybersecurity protections preventing the sharing of data. AvePoint has also created an AI acceptable use policy, Simberkoff says.
Employee education focuses on common employee practices like granting wide access to a sensitive document. Even if an employee only notifies three coworkers that they can review the document, allowing general access can enable an AI to ingest the data.
âAI solutions are like this voracious, hungry beast that will take in anything that they can,â she says.
Using AI, even officially licensed ones, means organizations need to have good data management practices in place, Simberkoff adds. An organizationâs access controls need to limit employees from seeing sensitive information not necessary for them to do their jobs, she says, and longstanding security and privacy best practices still apply in the age of AI.
Rolling out an AI, with its constant ingestion of data, is a stress test of a companyâs security and privacy plans, she says.
âThis has become my mantra: AI is either the best friend or the worst enemy of a security or privacy officer,â she adds. âIt really does drive home everything that has been a best practice for 20 years.â
Simberkoff has worked with several AvePoint customers that backed away from AI projects because they didnât have basic controls such as an acceptable use policy in place.
âThey didnât understand the consequences of what they were doing until they actually had something bad happen,â she says. âIf I were to give one really important piece of advice itâs that itâs okay to pause. Thereâs a lot of pressure on companies to deploy AI quickly.â
MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High).
Progress-owned MOVEit transfer was popularly exploited by threat actors who attacked several organizations as part of a ransomware campaign. The organizations previously reported to be affected by MOVEit vulnerability include Shell, BBC, British Airways, CalPERS, Honeywell, and US government agencies.
This SQL injection vulnerability was discovered on the MOVEit Transfer machine interface, which could lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer machine interface.
Successful exploitation could result in the modification and disclosure of MOVEit database content. However, a threat actor must be authenticated to exploit this vulnerability. Progress has given the severity of this vulnerability as 8.8 (High).
Products affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. Users are recommended to upgrade to the September Service Pack to fix this vulnerability.
This other SQL injection vulnerability exists in the MOVEit Transfer web interface, which could possibly lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer web interface.
Successful exploitation could result in the modification and disclosure of MOVEit database content. The prerequisite for a threat actor to exploit this vulnerability includes access to a MOVEit system administrator account. Progress has given the severity of this vulnerability as 7.2 (High).
Products that are affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to the September Service Pack and limit sysadmin account access.
This Reflected XSS vulnerability was found in the MOVEit Transferâs web interface, which a malicious payload can exploit during the package composition procedure. A threat could craft a malicious payload and target MOVEit Transfer users. When interacting with the payload, the threat actor can execute malicious JavaScript on the victimâs browser.
Progress has given the severity of this vulnerability as 6.1 (Medium). Products affected due to this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to September Service Pack and limit sysadmin account access.
A comprehensive list of vulnerable product versions, documentation, release notes, and fixed versions has been given below.
A security advisory has been released by Progress which includes a comprehensive list of the affected products and the vulnerabilities that have been identified.
Researchers from vx-underground reported that FBI hacker âUSDoDâ leaked sensitive data from consumer credit reporting agency TransUnion.
TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including â200 million files profiling nearly every credit-active consumer in the United Statesâ.
A threat actor who goes by the moniker âUSDoDâ announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe
According to researchers vx-underground who reported the leak, the archive contains data that dates back to March 2nd, 2022, which could be the data of the data breach.
This leaked database has information on individuals all across the globe including the Americas (North and South), as well as Europe
vx-underground states that leaked data includes individual first name, last name, Internal TransUnion identifiers, sex, passport information, place of birth, date of birth, civil status, age, current employer, information on their employer, a summary of financial transactions, credit score, loans in their name, remaining balances on the loans, where they got the loan from, when TransUnion first began monitoring their information.
Today a Threat Actor named "USDoD" leaked sensitive data from TransUnion. This won't be the last of "USDoD" today though. He also compromised NATO. We'll discuss that later. But first, TransUnion.
The leaked database, over 3GB in size, contains highly sensitive PII on 58,505⊠pic.twitter.com/RtCvsUVWrT
The name USDoD is well known in the cyber security sector, it was also listed in the indictment for the notorious owner of the BreachForums cybercrime forum Pompompurin. vx-underground pointed out that they are believed to be behind many other high-profile security breaches.
Recently, The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the companyâs vendors to the dark web.
âUSDoDâ announced he had gained access to an Airbus web portal by compromising the account of a Turkish airline employee.
The hacker claimed to have details on thousands of Airbus vendors. The threat actors obtained the personal information of 3,200 individuals associated with Airbus vendors, exposed data include names, job titles, addresses, email addresses, and phone numbers.
In December 2022, the FBIâs InfraGard US Critical Infrastructure Intelligence portal was hacked and a database containing the contact details of more than 80,000 high-profile private sector individuals was offered for sale by USDoD on the Breached cybercrime forum.
After the law enforcement shutdown of âBreachedâ forum, its members, including âUSDoD,â moved to other platforms such as âBreachForums.â
âUSDoDâ posted two threads on this new forum, one to announce they have joined the notorious ransomware group Ransomed. In the second threat, the hacker exposed the personal information of 3,200 sensitive Airbus vendors. USDoD also warned that Lockheed Martin and Raytheon might be the next targets.
âThreat actors typically refrain from revealing their intrusion techniques, however in this exceptionally rare leak, âUSDoDâ revealed they gained access to Airbusâs data by exploiting âemployee access from a Turkish Airlineâ.â reported Hudson Rock. âUsing this information, Hudson Rock researchers succeeded to trace the mentioned employee access â a Turkish computer infected with an info-stealing malware in August 2023.â
According to the researchers, the computer of the victim was likely infected with the RedLine stealer after he attempted to download a pirated version of the Microsoft .NET framework.
e. It has an impressive history that spans over 30 years, and now it serves as an effective object-relational database system that is open source. Because of its ability to store and grow even the most complex data workloads, it has become the database of choice for a wide variety of applications, ranging from websites to mobile and analytics systems.It has been discovered that the widely used open-source object-relational database system PostgreSQL has a significant security flaw. The vulnerability, identified as CVE-2023-39417, has a significant CVSS score of 7.5 and gives an attacker the ability to execute arbitrary code as the bootstrap superuser if the attacker also has the capability to create databases at the database level.The vulnerability may be exploited in the PostgreSQL extension script if an administrator has installed files of a vulnerable, trusted, non-bundled extension. The vulnerability is present in the PostgreSQL extension script. When using the @extowner@, @extschema@, or @extschema:âŠ@ functions, there is a security flaw because user input is not properly sanitized. This flaw is the root source of the vulnerability.
An adversary may take advantage of this flaw by sending malicious data to a PostgreSQL database that is running a version of the program that is susceptible to being exploited. Itâs possible that the malicious input will be in the form of a SQL query, or it may be a parameter to a function. As soon as the attacker submits the malicious input, they are able to execute arbitrary code in the context of the bootstrap superuser.
The bootstrap superuser is a unique user account that has full authority over a PostgreSQL database. This account is only accessible via the bootstrap script. This indicates that an adversary who is able to run arbitrary code as the bootstrap superuser has the ability to do whatever they want with the database. This includes stealing data, deleting data, or altering data.
All of the PostgreSQL versions 11, 12, 13, 14, and 15 are susceptible to the CVE-2023-39417 issue. The fixed versions are 11.21, 12.16, 13.12, 14.9, and 15.4. PostgreSQL has made available a patch that prevents this attack from taking place at the fundamental level of the server. The process of remediation is made more straightforward by the fact that users do not have to edit individual extensions. It is imperative that you install this necessary update as soon as possible since the safety of your data relies on it.
In this Help Net Security interview, Charles Brooks, Adjunct Professor at Georgetown Universityâs Applied Intelligence Program and graduate Cybersecurity Programs, talks about how zero trust principles, identity access management, and managed security services are crucial for effective cybersecurity, and how implementation of new technologies like AI, machine learning, and tracking tools can enhance supply chain security.
CISOs believe they have adequate data protection measures, yet many have dealt with the loss of sensitive data over the past year. How do you reconcile this apparent contradiction?
The loss of data despite protection measures is not that surprising. We are all playing catchup in cybersecurity. The internet was invented in a government laboratory and later commercialized in the private sector. The hardware, software, and networks were originally designed for open communication. Cybersecurity initially was not a major consideration. That mindset has surely changed due to the explosion of connectivity and commerce on the internet and CISOs are playing a big game of catch up too.
There are a multitude of causes that can account for the exfiltration of sensitive data. The first being that hacker adversaries have become more sophisticated and capable of breaching. The basic tools and tactics hackers use for exploitation include malware, social engineering, phishing (the easiest most common, especially spear-phishing aimed at corporate executives), ransomware, insider threats, and DDOS attacks. Also, they often use advanced and automated hacking tools shared on the dark web, including AI and ML tools that are used to attack and explore victimsâ networks. That evolving chest of hacker weaponry is not so easy for CISOs to defend against.
Another big factor is the reality is that exponential digital connectivity propelled by the COVID-19 pandemic has changed the security paradigm. Many employees now work from hybrid and remote offices. There is more attack surface area to protect with less visibility and controls in place for the CISO. Therefore, it is logical to conclude that more sensitive data has and will be exposed to hackers.
The notion of adequate protection is a misnomer as threats are constantly morphing. All it takes is one crafty phish, a misconfiguration, or a failure to do a timely patch for a gap to provide an opportunity for a breach. Finally, many CISOs have had to operate with limited budgets and qualified cyber personnel. Perhaps they have lower expectations of the level of security they can achieve under the circumstances.
As the economic downturn pressures security budgets, how can CISOs optimize their resources to manage cybersecurity risks effectively?
CISOs must enact a prudent risk management strategy according to their industry and size that they can follow to allow them to best optimize resources. A good risk management strategy will devise a vulnerability framework that Identifies digital assets and data to be protected. A risk assessment can quickly identify and prioritize cyber vulnerabilities so that you can immediately deploy solutions to protect critical assets from malicious cyber actors while immediately improving overall operational cybersecurity. This includes protecting and backing up business enterprise systems such as: financial systems, email exchange servers, HR, and procurement systems with new security tools (encryption, threat intel & detection, firewalls, etc.) and policies.
There are measures in a vulnerability framework that are not cost prohibitive. Those measures can include mandating strong passwords for employees and requiring multi-factor authentication. Firewalls can be set up and CISOs can make plans to segment their most sensitive data. Encryption software can also be affordable. The use of the cloud and hybrid clouds enables implementation of dynamic policies, faster encryption, drives down costs, and provides more transparency for access control (reducing insider threats). A good cloud provider can provide some of those security controls for a reasonable cost. Clouds are not inherently risky, but CISOs and companies will need to recognize that they must thoroughly evaluate provider policies and capabilities to protect their vital data.
And if a CISO is responsible for protecting a small or medium business without a deep IT and cybersecurity team below them, and are wary of cloud costs and management, they can also consider outside managed security services.
How can organizations better safeguard their sensitive information during high employee turnover?
This goes to the essence of the strategy of zero trust. Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. Organizations need to know everything that is connected to the network, devices & people.
Identity access management or IAM, is very important. IAM the label used for the set of technologies and policies that control who accesses what resources inside a system. A CISO must determine and know who has access to what data and why. If an employee leaves, they need to immediately revoke privileges and ensure that nothing sensitive was removed from the organization. There are many good IAM tools available from vendors on the market.
Certainly, with employee turnover, there are ethical and trust elements involved. Employee insider threats are difficult to detect and manage. Some of that can be addressed upfront in employment contracts with an employee understanding of the legal parameters involved, it is less likely that they will run off with sensitive data.
Weâve seen increased CISO burnout and concerns about personal liability.
Yes, the burnout is a direct result of CISOs having too many responsibilities, too little budget, and too few workers to run operations and help mitigate growing cyber-threats. Now the personal liability factors exemplified by as the class action suit against Solarâs Windâs CISO, and the suit against Uberâs CISO for obscuring ransomware payments, has heightened the risk. In an industry that is already lacking in required numbers of cybersecurity leaders and technicians, CISOs need to be given not only the tools, but the protections necessary for them to excel in their roles. If not, the burnout and liability issues will put more companies and organizations at greater risk.
How are these challenges impacting the overall efficacy of CISOs in their roles, and what measures can be taken to address them?
Despite the trends of greater frequency, sophistication, lethality, and liabilities associated with incursions, industry management has been mostly unprepared and slow to act at becoming more cyber secure. A Gartner survey found that 88% of Boards of Directors (BoDs) view cybersecurity as a business risk, as opposed to a technology risk, according to a new survey, and that only 12% of BoDs have a dedicated board-level cybersecurity committee.
âItâs time for executives outside of IT to take responsibility for securing the enterprise,â said Paul Proctor, Chief of Research for Risk and Security. âThe influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation- and mission-critical environments, should be a wake-up call that security is a business issue, and not just another problem for IT to solve.â
CISOs not only need a seat at the table in the C-Suite, but they also need insurance protections comparable to other executive management that limits their personal liability. There is no panacea for perfect cybersecurity. Breaches can happen to any company or person in our precarious digital landscape. It is not fair or good business to have CISO go at it alone. In a similar context, cybersecurity should no longer be viewed as a cost item for businesses or organizations. It has become an ROI that can ensure continuity of operations and protect reputation. Investment in both the company and the CISOâs compensation and portfolio of required duties need to be a priority going forward.
As supply chain risk continues to be a recurring priority, how can CISOs better manage this aspect of their cybersecurity strategies, especially under constrained budgets?
Ensuring that the supply chain is not breached including the design, manufacturing, production, distribution, installation, operation, and maintenance elements is a challenge to all companies. Cyber-attackers will always look for the weakest point of entry and mitigating third-party risk is critical for cybersecurity. Supply chain cyber-attacks can be perpetrated from nation-state adversaries, espionage operators, criminals, or hacktivists.
CISOs require visibility of all vendors in the supply chain along with set policies and monitoring. NIST, a non-regulatory agency of the US Department of Commerce has a suggested framework for supply chain security that provides sound guidelines from both government and industry.
NIST recommends:
Identify, establish, and assess cyber supply chain risk management processes and gain stakeholder agreement
Identify, prioritize, and assess suppliers and third-party supplier partners
Develop contracts with suppliers and third-party partners to address your organizationâs supply chain risk management goals
Routinely assess suppliers and third-party partners using audits, test results, and other forms of evaluation
Complete testing to ensure suppliers and third-party providers are able to respond to and recover from service disruption
Other mitigation efforts can be done with the acquisition of new technologies that monitor, alert, and analyze activities in the supply chain. Artificial intelligence and machine learning tools can provide visibility and predictive analytics, and stenographic and watermark technologies can provide tracking of products and software.
Hackers were able to acquire access to individualsâ personal information after Hyundai announced a data breach that affected vehicle owners in Italy and France as well as those who had scheduled test drives with the automaker. According to Troy Hunt, the author of the website âHaveIBeenPwned,â the event has caused the personal data of clients  to become public.
The letter also makes it clear that the individual who hacked into Hyundaiâs database did not take any financial information or identifying numbers. It is unknown how many Hyundai customers have been impacted by this event, how long the network attack lasted, or what additional nations may be at risk. Customers of a South Korean automobile manufacturer are being cautioned to be wary of unsolicited e-mails and SMS messages that pretend to come from the company. These communications might be efforts at phishing or social engineering. In response to the incident, Hyundai claims it has enlisted the help of information technology specialists, who have taken the affected systems down while new security measures are put into place. In February of 2023, the business released emergency software patches for a number of car models that had been compromised by a simple hack with a USB cable, which had made it possible for criminals to take the vehicles.
On the other hand, the Japanese automaker Toyota has admitted that there may have been a breach of consumer data due to security flaws at its operations in Italy. Throughout the course of more than one and a half years, up until this past March, Toyota Italy carelessly disclosed confidential information. In particular, it divulged confidential information on its Salesforce Marketing Cloud and Mapbox APIs. Threat actors might utilize this information to their advantage to acquire access to the telephone numbers and email addresses of Toyota customers and then use those details to start phishing attacks on those customers. According to the findings of the research team at Cybernews, the organization exposed credentials to the Salesforce Marketing Cloud, which is a supplier of software and services related to digital marketing automation and analytics. Threat actors might get access to phone numbers and email addresses, as well as customer monitoring information, as well as the contents of email, SMS, and push-notification messages by abusing the data. Moreover, Toyota Italy exposed the application programming interface (API) tokens for the software business Mapbox. These tokens were used to access map data. Although while the data is not as sensitive as the credentials for the Salesforce Marketing Cloud, it is still possible for threat actors to misuse it in order to query a large number of queries and drive up Toyotaâs API use costs.
Toyota is not the only automaker that has lately put itself as well as its consumers in Italy in a vulnerable position. In January of this year, the Indian branch of Toyota Motor announced a data breach, claiming that it was possible that the personal information of some of its customers had been exposed.
Better to have USB data protection and not need it, than need it and not be prepared.
A selection of PortaPow USB condoms, also known as data blockers
There are three things that I make sure I do when I’m out and about. I seek out the best coffee I can find. I make sure I use a VPN when using public Wi-Fi, and I always make sure I use a USB data blocker, otherwise known as a USB condom, whenever I use a third-party charger (such as those you find in coffee shops).
A USB condom is a small dongle that adds a layer of protection between your device and the charging point you’re attaching it to.
Remember, USB isn’t just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data.
Shockproof Carrying Case Hard Protective EVA Case Impact Resistant Travel 12000mAh Bank Pouch Bag USB Cable Organizer Earbuds Pocket Accessory Smooth Coating Zipper Wallet Rose Gold
Businesses from all industries are aware of the benefits of cloud computing. Some organizations are just getting started with migration as part of digital transformation initiatives, while others are implementing sophisticated multi-cloud, hybrid strategies. However, data security in cloud computing is one of the most challenging deployment concerns at any level due to the unique risks that come with the technology.
The cloud compromises the conventional network perimeter that guided cybersecurity efforts in the past. As a result, a distinct strategy is needed for data security in cloud computing, one that takes into account both the complexity of the data compliance, governance, and security structures as well as the dangers.
The Shifting Business Environment and Its Effects on Cloud Security
The top investment businesses implementing digital transformation initiatives want to make over the next three years is bolstering cybersecurity defenses. A paradigm shift in cybersecurity is being brought about by the rising trend of remote and hybrid workplaces, which is altering investment priorities.
Cloud computing provides the underlying technology for this transition as organizations want to increase resilience, and people want the freedom to work from anywhere. Yet, the lack of built-in security safeguards in many cloud systems highlights the need for data security in cloud computing.
What Is Cloud Data Security?
Cloud data security involves adopting technological solutions, policies, and processes to safeguard cloud-based systems and apps and the data and user access that go with them. The fundamental tenets of information security and data governance apply to the cloud as well:
Confidentiality: Protecting the data from illegal access and disclosure is known as confidentiality.
Integrity: Preventing unauthorized changes to the data so that it may be trusted
Accessibility: Making sure the data is completely accessible and available when itâs needed.
Cloud data security must be taken into account at every stage of cloud computing and the data lifecycle, including during the development, deployment, and administration of the cloud environment.
Data Risks in Cloud
Cloud computing has revolutionized the way data is gathered, stored, and processed, but it has also introduced new risks to data security. As more organizations rely on the cloud, cyberattacks and data breaches have become the biggest threats to data protection. While cloud technology is subject to the same cybersecurity risks as on-premises solutions, it poses additional risks to data security.
Application Programming Interfaces (APIs) with Security Flaws
Security flaws in APIs used for authentication and access are a common risk associated with the cloud. These flaws can be exploited by hackers to gain unauthorized access to sensitive data. Common issues include insufficient or improper input validation and insufficient authentication mechanisms. APIs can also be vulnerable to denial-of-service attacks (DoS), causing service disruptions and data loss.
Account Takeover or Account Hijacking
Account takeover or hijacking is a common threat in cloud computing, where hackers gain unauthorized access to user accounts and can steal or manipulate sensitive data. Hackers can gain access to cloud accounts due to weak or stolen passwords used by users. This is because users often use simple, easy-to-guess passwords or reuse the same password across multiple accounts. Once a hacker gains access to one account, they can potentially access other accounts that use the same password.
Insider Risks
Insider threats are a significant concern in cloud computing due to the lack of visibility into the cloud ecosystem. Cloud providers typically have a vast and complex infrastructure, which can make it challenging to monitor user activity and detect insider threats. Insider threats can occur when insiders, such as employees, contractors, or partners, intentionally or unintentionally access or disclose sensitive data.
Security Measures Protecting Data in Cloud Computing
Identity governance is the first step in securing data in the cloud. Across all of your on-premises and cloud platforms, workloads, and data access, you need a thorough, unified perspective. Identity management gives you the following:
Install Encryption
Encryption is an essential security measure for protecting sensitive and important data, including Personally Identifiable Information (PII) and intellectual property, both in transit and at rest.
Third-party encryption solutions can offer additional layers of security and flexibility beyond what is provided by CSPs. For example, some third-party encryption solutions may offer more robust encryption algorithms or the ability to encrypt data before it is uploaded to the cloud. They can also provide granular access controls, enabling organizations to determine who can access specific data and under what circumstances.
Archive the Data
Backing up cloud data is critical for data protection and business continuity. The 3-2-1 rule is a best practice, involving having at least three copies of the data, stored in two different types of media, with one backup copy stored offsite. Businesses should have a local backup in addition to the cloud providerâs backup, providing an extra layer of protection in case the cloud providerâs backup fails or is inaccessible.
Put Identity and Access Management (IAM) into Practice
IAM (Identity and Access Management) is essential for securing cloud resources and data. IAM components in a cloud environment include identity governance, privileged access control, and access management, such as SSO or MFA. To ensure effective IAM in a cloud environment, organizations must include cloud resources in their IAM framework, create appropriate policies and procedures, and regularly review and audit IAM policies and procedures.
Control Your Password Rules
Poor password hygiene is a common cause of security events. Password management software can help users create, store and manage strong, unique passwords for each account, making it easier to follow safe password procedures. This can encourage better password hygiene and reduce the risk of password-related security incidents.
Use Multi-factor Authentication (MFA)
MFA (Multi-factor authentication) is a security mechanism that adds an extra layer of security beyond traditional password-based authentication. It reduces the chance of credentials being stolen and makes it more challenging for threat actors to gain unauthorized access to cloud accounts.
MFA is particularly valuable in cloud environments, where many employees and contractors may access cloud accounts from various locations and devices. However, it is important to ensure that it is implemented correctly, easy to use, and integrated with existing security infrastructure and policies.
Summary
Your environment will get more complicated as you continue to utilize the cloud, particularly if you begin to rely on the hybrid multi-cloud. Data security in cloud computing is essential for reducing the dangers to your business and safeguarding not just your data but also your brandâs reputation.
Consider deploying solutions for controlling cloud access and entitlements to protect yourself from the always-changing cloud risks. For a thorough approach to identity management, incorporate these solutions into your entire IAM strategy as well.
A complete, identity-centered solution ensures that you constantly implement access control and employ governance more wisely, regardless of whether your data is on-premises or in the cloud. You will also profit from automation and other factors that increase identity efficiency and save expenses.
it is not uncommon for large organizations to face cyber attacks or data breaches, and it is important for them to have strong cybersecurity measures in place to prevent such incidents and mitigate their impact if they do occur. However, If such an incident did occur, the affected companies would likely conduct a thorough investigation and take appropriate steps to address the situation and prevent similar incidents from happening in the future.
The massive media and publishing business News Corp reported a data breach in February 2022, disclosing that its journalists had been the focus of an attack on a software supply chain. The breach revealed that the journalists had been hacked. The assets owned by News Corp. include a variety of prominent news sources, such as Dow Jones, FOX News, The Sun, and MarketWatch, amongst others. It is important to note that in March of 2019, the Dow Jones made news for disclosing a âscreening listâ that included critical information on terrorists, criminals, and shady enterprises. This information included names, addresses, and phone numbers.
The leak of thirteen million data took place on the FOX News website in April of 2022. The fifty-eight terabytesâ worth of information consisted of a variety of different things, including the companyâs internal documents, the personally identifiable information (PII) of its workers, and many other things. Prior to the time when the firm was made aware of the occurrence, these documents continued to be accessible to the general public.
Today, the business has disclosed new information saying that the security breach really took place in February of 2020. This indicates that the hackers were present on the network for a period of two years before being discovered. Mandiant, which is now owned by Google, was the cybersecurity company that helped News Corp. back then. Because the perpetrators had access to the system for two years before they were discovered, it is highly likely that they were able to get away with stealing more information than was initially thought. Since no one knew it had been stolen, they would not have been on heightened alert for any potential attacks during that time.
The firm disclosed in a breach notice that the threat actors responsible for the incident gained access to its email and document storage system. This system is used by a variety of News Corp companies. The impacted workersâ personal and health information was obtained; nevertheless, the corporation has said that it does not seem that the activity was centered on exploiting personal information in any way. The Wall Street Journal, the New York Post, and its news operations in the United Kingdom were among the News Corp publications that were compromised as a result of the security hack. Names, birth dates, social security numbers, driverâs license numbers, passport numbers, information about bank accounts, as well as information on medical and health insurance, were some of the pieces of personally identifiable information that were accessed.
News Corporation has indicated in the past that the assailants had links to China and were probably engaged in espionage operations to gather information for the benefit of Chinaâs objectives.
The New York Post admitted that it had been hacked in October 2022, after discovering that its website and Twitter account had been exploited to distribute inappropriate information that targeted a number of different politicians in the United States. The newspaper eventually disclosed that one of its own workers was responsible for the incident, and that individual was terminated once their role in the scandal was uncovered.
At the time of writing, a misconfigured server belonging to an Enterprise Resource Planning (ERP) Software provider based in California, United States was still exposing data to public without any security authentication or password.
An Elasticsearch server belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.
However, the data is not limited to jobseeker as the server is also exposing the companyâs employeesâ data. Another important aspect of this data exposure is the fact that it also contains the companyâs client records from different companies, including Apple and Samsung.
This was confirmed to Hackread.com by Anurag Sen, a prominent independent security researcher. What is worse, the server is still exposed and publicly accessible without any security authentication or password. Originally, the server was being exposed since late December 2022.
It all started when Anurag scanned for misconfigured databases on Shodan and noted a server exposing more than 6GB worth of data to public access. Anurag said that the server belongs to a company originally based in the United States with offices around the globe including India. Whilst the database contains details of job seekers in India.
Hackread.com would not share the name of the company in this article because the server is still exposed.
Exposed Data
Anuragâs analysis of the server revealed that the exposed records contain personal data of over 575,000 individuals, while the size of the data is over 6.3GB and increasing with new data with each day passing. This data includes the following:
Full Name
Date of birth
Email address
Phone number
Resume details
Employer details
The screenshot below shows the candidate details and client data that are currently being exposed:
Image credit: Anurag Sen â Hackread.com
The screenshot below was taken from the live server that shows the companyâs client details. Some of these are top companies Apple, Samsung, Sandisk, Unilog, Moody, Intuit, NEC Corporation, Falabella and many more.
The companyâs client list also indicates that its a high-profile business with a presence all over the globe.
Screenshot credit: Anurag Sen â Hackread.com
Indian CERT Alerted
Since the server is still live at the time of writing; Anurag alerted the Indian Computer Emergency Response Team over the weekend. However, there has been no response from the authorities yet.
India and server misconfiguration
India is home to almost 1.4 billion people. This makes the country a lucrative target for businesses as well as cybercriminals. The more the investment, the more widespread and vulnerable the IT infrastructure becomes.
It is yet unclear whether a third party accessed the database with malicious intent, such as ransomware gangs or threat actors. However, if it did, it would be devastating for the victim and the healthcare firm responsible for the server.
Furthermore, considering the extent and nature of the exposed data, the incident can have far-reaching implications, such as bad actors downloading the data, carrying out phishing scams, or identity theft-related fraud.
Hackers can hold the companyâs server or data for ransom and leak it on cybercrime forums if their demands are not met. Nevertheless, the victims in this situation are the job hunters who trusted authorities with their personal information.
Misconfigured Databases â Threat to Privacy
Misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication.
In 2021, the number increased to 399,200 exposed databases. The top 10 countries with top database leaks due to misconfiguration in 2021 included the following:
Regula has presented their vision of the developments that will shape the industryâs landscape in 2023. Deepfakes, new cyber-hygiene norms, and demand for mature ID verification platforms are among some of the predictions for the next year.
While more and more industries move their customer experiences to digital, online identity verification is becoming an essential part of our life. It lets people cope with all sorts of mission-critical activities online: opening bank accounts, applying for benefits, getting insurance payouts, and even getting medical advice.
Still, the security of the digital IDV process is the number one concern that is forming the industryâs landscape and driving the majority of significant changes.
Javelin Strategy & Research reports that in 2022, identity fraud and scams cost $52 billion and affected over 42 million people in the US alone. The rising number of identity fraud cases, along with fraudstersâ hunger for personal information collected by service providers, will lead to three important changes in how data will be used and treated:
Even industries that are not so heavily regulated will invest more in the ID verification process, adding extra security layers. There will be more checks with increased complexity and additional steps in the verification process: biometric checks, verifying IDs, SMSs, and passwords, checking recent transactions, etc.
This will lead to prioritization of comprehensive liveness checks to make sure that submitted documents are valid and really exist. An ID document contains various security features: holograms, elements printed with optical variable inks, and biometric data, to name a few, and an image of it should be taken using methods so that these elements can be captured and verified.
Regula experts expect to see a push from users for more data protection rules, and for more transparency from online businesses. In the wake of multiple public disclosures of data leaks, users are gradually losing trust in how their data is treated and becoming more cautious about what they share with third parties and how. Addressing this trend, companies will attempt to bring that trust back via increased investments in customer data protection measures.
When it comes to more complex identity fraud cases related to synthetic media like deepfakes, experts expect to see a rise in amateur scam attempts along with the emergence of next-gen biometric-related fraud.
Both trends are developing in parallel and are powered by the same factor: the growing maturity and availability of machine-learning based technologies that make it possible to fake photos, videos, voices, and other characteristics previously considered unique.
Based on the opinion of Regula experts, all these trends will lead to a market that is developed enough to embrace mature end-to-end IDV solutions that are capable of not only verifying documents, but also biometric characteristics, like face, voice, and fingerprints.
âThe good news is that minimal security measures are currently enough to repel 95% of possible attacks. The remaining 5% is where the difficulties lie. Now, most deepfakes are created for free, and theyâre of such a quality that thereâs no immediate danger. But thatâs a matter of how many resources fraudsters will be willing to invest. At the moment, when theyâre ready to spend significant amounts of money per deepfake, itâs a problem that requires interactive multi-layered protection. So if we picture the trends above as a scale, where convenience for the customer is on one end and security on the other, the balance is shifting to the latter,â notes Ihar Kliashchou, CTO at Regula.
In relation to this yearâs trending topics â digital identity and decentralized identity â the companyâs experts have their own take on that:
In the ideal world, a universal digital identity would help eliminate most of the issues with fake identities. However, in reality, creating and gaining broad acceptance and implementation of a secure single source of truth is going to take a significant amount of time. Still, weâre already seeing more different local and even company-based digital identities trying to become a single source of truth on a local level.
The idea of decentralized identity is going to be held back for some time. With the benefit of being built on blockchains and allowing users to control their digital identifiers, this system still comes with weaknesses. Since no one controls it centrally, no one will be responsible for it in case of any problems. Additionally, there is the matter of trust. Blockchain is strongly associated in peopleâs minds with crypto, and the FTX crash that has happened in the last couple of months has undermined peopleâs trust in it.
Before selling or trading in your laptop, it is important to prepare the device for its new owner as this will help ensure all of your personal data remains safe.
In an age when every day, a new version of a laptop with better features, sleek design, and improved performance hits the market, it is no wonder that you also wish to buy a new laptop to achieve excellence in performance and enjoy new features.
You have money, you can buy a new laptop, great! But what about your previous laptop? If you are thinking of selling it, thenâŠstop.
If you think selling a laptop is all about saving your data, finding a seller, and selling it, then you need to think again. It goes beyond this! It is not all about getting a fair price, but also saving your personal information and private data from reaching a stranger â that might cost you a lot if that stranger is fraudulent or malicious.
Before selling or trading in your laptop, it is important to prepare the device for its new owner. This can be done by taking several simple precautions that will help ensure all of your personal data remains safe.
1 Save Your Important Data
It goes without saying that your first step should be keeping a backup of your essential data, including personal and work-related files and folders, containing documents, presentations, emails, plans, strategies, or anything else that you have prepared with so much hard work.
If you donât want to see your data slipping from your fingers, then this should be your number one step.
You can save your data on a data drive or upload it to a reliable cloud service. Or send them to your own email address (well, this is my favorite way of saving my data!). Do whatever suits you, but saving data is a must before selling your laptop.
However, this can only work if you have a few GB of data. In case you have terabytes of data then owning a workstation from companies like Western Digital (WD) is a good way to go.
2 Delete Passwords Permanently
Nobody wants the passwords of important accounts to get leaked. Full stop! But have you ever thought about how to save your passwords before giving your laptop? What â did you just say you can do it by signing off from all your accounts and deleting history and cookies? Ah, I wish it was really that easy, but it is not.
Where technology has brought so much ease into our lives, there it has also become a trouble in many ways â like this one. Unfortunately, some software can extract passwords even if you log out from your accounts.
That is where you should act smartly if you donât want someone to sneak into your Facebook and start sending weird messages through your accounts to your friends. It could trigger so many controversies â eh. So, cut iron with iron.
You can also use apps such as password generators. One such example is the IPVanish password generator which lets users delete passwords permanently from their browsers. If you wish to do that manually, follow these easy steps:
For Chrome browser: First, open Chrome and click on the three-dot menu icon located in the top right corner. Then select âSettingsâ and click on âPasswordsâ under Autofill. Here you will find a list of all the websites that have saved credentials, along with their usernames and passwords.
Select an entry to see the details, then click on the three-dot menu icon next to it and select âRemove.â Youâll be asked to confirm by clicking âremoveâ again; once confirmed all login information for that website will be deleted from your computer. (Read more on Google.)
For Firefox: First, launch the Firefox browser on your device. Then, click the âMenuâ icon (three lines in the upper right corner) and select âOptionsâ or âPreferencesâ. In this menu, you will see a section for âLogins & Passwords. You can then scroll through all of your saved logins and passwords until you find the one that needs to be deleted.
For Safari Browser: To begin, open up the Safari browser on your computer and click the âSafariâ menu at the top left corner. In that menu option, select âPreferencesâ and then navigate to the âPasswordsâ tab. (Read more on Mozilla.)
Here you will see a list of all of your stored passwords that have been saved by Safari. To delete one or more of these passwords, simply check off each box next to each entry that you wish to remove and hit delete in the bottom right corner. (Read more on Apple.)
3 Format the Drive
Have you saved your important data? Great! Now, what about data that is still on your laptop? Obviously, you canât leave it like this for others to see your private information and confidential data. No, just deleting data files and clearing Recycle Bin or Shift + Delete might not work. It can still keep the issue of data leakage and privacy breaches there.
In this condition, most people go for drive formatting that cleans up your laptop and makes it data free. However, this method works if your files are overwritten and you are using a solid-state drive (SSD) with TRIM enabled.
With HDD or TRIM disabled, you would have to overwrite the hard drive if you donât want cheap software to recover your data â yes, even after formatting. It is very easy to recover a permanently deleted file through even cheap software. So, be safe than sorry!
4 Prepare Your Laptop for Selling
Once you are done saving your information, next, it is time to prepare your laptop for sale at a good price. The price of your gadget also depends on its model, functionalities, current market price, and a lot more. However, improving the outer condition, and speed, upgrading Windows, and enhancing the memory storage can enhance the price of your laptop.
So, work on the following things to get good bucks:
First, install the latest Windows to make your buyer happy. You can vow anyone with the latest functionalities already installed on the laptop, so that person wouldnât have to go through all the trouble. It is a good chance to impress a buyer.
Second, work on the speed of the laptop. Half of the work is already done when you delete files and data. So, reset the laptop to speed it up.
Clean up your laptop, please. Donât take your laptop to a buyer with all the lint or dust trapped between keys and scratches on the screen. You can remove lint or dust with a brush and change the screen cover. This simple work can make a lot of difference.
Lastly, visit a laptop expert and ask for a thorough inspection so that you can rectify if there are any internal faulty parts.
The 50GB worth of data is currently being sold on two clear web forums with a price tag of 1 BTC per database.
A group of hackers has posted a trove of approximately 50GB of data for sale on two online forums and a Telegram group. The data was posted on 26 and 27th November 2022. This was revealed to Hackread.com by researchers at VPNMentor.
A probe into the incident revealed that the data belonged to 29 Israeli transportation, logistics services and forwarding firms. Researchers believe that the hackers breached a software providerâs single point of failure, gained unauthorized access to these logistics firmsâ supply chains, and exfiltrated a trove of personal data and shipping records.
50 GB of Israeli Firmsâ Data on Sale
Hackers have posted the stolen data for sale. Visitors can buy a complete employee and customer information dataset from the targeted companies. The per-database rate is 1 BTC, which equals $17,000. An analysis of the graphics associated with these posts revealed that the data is part of a Black Friday Sale.
Previously, when some Israeli delivery firms were targeted in cyberattacks, the Israeli governmentâs cyber agencies named Iranian threat actors as the perpetrators. However, it is unclear if the same actors are responsible in this instance.
Details of Leaked Data
According to VPNMentorâs blog post, exposed data includes contract details and shipment information of the affected Israeli firms. The hackers have listed 1.1 million records for sale on different online forums. It seems like they have shared a small sample of data.
Whether 1 record represented 1 person or 1.1 million people were impacted in this data breach couldnât be determined. The exposed information includes full names, addresses, and contact numbers.
Researchers were unsure whether the exposed addresses were work or home addresses. Customersâ exposed data includes full names and shipping details (sender and receiverâs addresses, number of packages, contact numbers, etc.).
Possible Dangers
These records can be exploited to intercept packages or blackmail/threaten courier firmsâ employees into handing over valuable shipments. Threat actors can use personal data such as full names or contact details to target people with scams and phishing attacks.
Customers of these firms should be wary of suspicious SMS messages and calls and do not share personal information via phone. They should reveal sensitive data only to a trusted source only when necessary.
Data security issues, continuous data breaches, and advanced cyber-criminal activity make it harder for businesses to stay updated with the latest strategy to keep their accounts and customer data protected.
We continue to see companies small or large being targeted by cybercriminals, according to Nexor, the UK experienced a 31% rise in cyber-attacks during the height of the pandemic in May and June 2020.
Cybercrimes from malware, insider threats, and stolen data to hacked systems will always be a threat so how can companies ensure they are prepared for security risks as technology and cyber criminals continue to advance? We take a look at the top 3 data security risks business are facing.
1) Lack of resources to deter cyber threats
Hackers and companies are aware of issues concerning IT infrastructures and computer systems, but it is the responsibility of the business to ensure systems are guarded and secure from unauthorised access and that they are not vulnerable to cybercriminal threats through unsecure internal networks and software.
As the pressure for cyber professionals rises, panic in business also increases as there is a shortage of IT security professionals with skills in IT and cyber security. The ISC 2021 Cybersecurity Workforce Study states that the global cybersecurity skills shortage has fallen for the second consecutive year, but the size of the workforce is still 65% below what it needs to be. CEO, Clar Rosso at ISC shares her thoughts:
âAny increase in the global supply of cybersecurity professionals is encouraging, but letâs be realistic about what we still need and the urgency of the task before usâŠThe study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development, and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity, and inclusion practices to meet employee expectations and close the gap.â
A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices, and 30% of organisations had skills gaps in more advanced areas, such as penetration testing, forensic analysis, and security architecture.
With a high demand for security professionals and a shortage in skills, could cyber criminals be a few steps ahead?
Many businesses, especially most small businesses lack the capability and expertise to withstand a cyber security attack. Finding the right talent and investing in the skills can be a challenge, but there are consultants that specialise in working with various types of businesses that can add value and help place the right data protection strategies and provide businesses with the best tools and training.
Guard Wisely are independent data security specialists that are trusted by organisations to solve their biggest compliance, security, operations, and BAU challenges. They have delivered many successful security projects to a large variety of Enterprise Customers Globally and over 180,000 employees.
2) Technology continues to accelerate
The pandemic fast-forwarded the need for digitalisation, and the sudden change to remote working meant that more data was being shared across unsecure cloud environments, kept on networks and employee desktops. This meant an increased risk for businesses as they figured out how to maintain data security in a hybrid work environment.
We have seen that everything and everyone is connecting through the Internet, and wireless capabilities are bringing innovation to all areas of business and general life at unprecedented speed.
With remote and hybrid working being a part of the future of work, data needs to be regularly monitored and controlled. Large enterprises need to manage their customersâ and employeesâ data to remain compliant, to do this they need to understand where that data resides to secure it.
Across the world, there are now nearly two billion internet users and over five billion mobile phone connections; every day, we send 294 billion emails and five billion SMS messages; every minute, we post 35 hours of video to YouTube, 3,000 photos to Flickr and nearly 35,000 âtweetsâ according to this report .
Over 91 percent of UK businesses and 73 percent of UK households have internet access and ÂŁ47.2 billion was spent online in the UK alone in 2009.
The issue arises for data security as the embedded operating system in any device is deployed in its firmware, and these operating systems are rarely designed with security as their prime focus. This means that many systems have flaws and vulnerabilities, which is a gateway for many hackers and cybercriminals.
3) Weak passwords encourage cyber-attacks and âinsider breachesâ
With so many passwords to remember for a variety of devices, sites, and networks, we will continue to see a security risk in passwords. In most cases, hackers do not find it difficult to figure out corporate passwords and, employee passwords tend to be easier to work out.
Not only this, but once you know the password for a device, youâll most likely be able to have access to other accounts. People tend to keep the same password across many of the accounts they hold, for the ease of remembering but this as much as we know it, is a security issue that needs to be addressed.
Unsecure passwords could increase âinsiderâ breaches at the workplace. Organisations often overlook the threats residing inside their ecosystems which can have devastating effects. These companies, although they are aware of threats donât usually have an insider threat program in place, and are therefore not prepared to prevent, detect, and respond to internal threats.
Having access to anyoneâs computers or devices at work can mean that systems will be at a higher risk of attack from insider threats. Hackers are always looking for opportunities to steal passwords and break them into private and corporate accounts.
To minimise these risks, companies must evaluate and introduce measures to ensure access to certain files and folders is in place. They will have to make sure individuals have unique passwords to enter their computers so that other people cannot access or abuse computer activity.
Tracking which files and folders are being used and accessed on individual machines will also be beneficial in a lot of cases. As a short-term fix, they can also ensure they turn on two-factor authentication (2FA), also known as multi-factor authentication where possible for important accounts, as a secondary method of authentication.
