![]() Equifax, for example, was breached via an unpatched vulnerability on a consumer facing web portal, resulting in the private financial information of over 150 million people being compromised. It still lingers on, almost a decade after the events. Reputational damage caused by the publicity surrounding the breaches lasted long past the discovery and eventual resolution of the attack damage. ![]() But money wasn’t the only thing lost by those big box stores. What happens if you fail to adequately protect your environment from data breaches? In the aforementioned Target and Home Depot cases, millions of customer credit card numbers were exposed, and both companies paid out millions of dollars to settle lawsuits brought against them. Keep in mind, these aren’t the actual data breaches these are the methodologies used to gain access to your corporate computing environment so that the attackers can inject malware, ransomware, and all sorts of nasty spyware that enables them to get value from your data. Despite years of commentary on poor password security being trumpeted to IT and users alike, there are still a huge number of users that select very common passwords that can be easily hacked. While it is considered a vector for brute force attacks, despite the on-going efforts of IT, weak passwords remain a significant attack surface for bad actors intent on gaining access to your data. The fact that email spoofing (where the sender appears to be a familiar one) is simple to accomplish, makes these attacks even more compelling. ![]() The email may have a link attached that downloads malicious software, or might be delivering malware in the form of usually benign sources such as spreadsheet or word processor documents. A technique known as spear phishing, often uses publicly available corporate information to craft targeted emails that appear to come from a manager or someone in authority within a business asking for information that they are entitled to have. Just because a message looks familiar doesn’t mean that it isn’t a carefully crafted attack on your corporate network. Users get lackadaisical about how they handle email, and clicking on the wrong file or attachment easily results in a compromised network. Phishing is the most common form of attack on your corporate network. In fact, a study titled “The Psychology of Human Error” by Stanford University Professor Jeff Hancock and the security firm Tessian found that in nine out of ten data breach incidents reviewed, the cause was human error both engineered attacks and simple human error. ![]() These are often referred to as zero-day vulnerabilities. In a well-protected corporate environment, the most common causes of data breaches are some forms of brute force attacks, malware, and IT errors, such as improperly configured or unpatched operating systems or applications. This guide’s focus is on the data breaches that are most common in business environments, how to identify them, and how to mitigate and prevent them. In essence, it refers to any action that results in the exposure of information to anyone who isn’t authorized to view or access that data.įrom a well-publicized massive data breach that happens to a company like Target or Home Depot, to a user who leaves their laptop logged in when they walk away from it in a public setting, data breaches, also known as data leaks, come in many shapes and sizes. The term data breach, however, is an exceptionally broad one. Even mainstream media often finds itself reporting on data breaches because of the sometimes spectacular nature of the problem. ![]() If you follow any form of tech media, you rarely go more than a day or two without hearing about some sort of data breach and its impact on business. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |