IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
Organizations may not frequently encounter malware targeting cloud systems or networking equipment, but the array of malware they do encounter just occasionally is no less disruptive or damaging. That is where the focus needs to be.
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.
A comprehensive security strategy balances technology, processes, and people — and hiring and retaining security personnel and securing the remote workforce are firmly people priorities.
A large number of enterprise applications are affected by the vulnerability in Log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December.
Ransomware typically relies on malware downloaders and other delivery mechanisms. Detecting and removing precursor malware improves the odds that a ransomware attack has been blocked.
Trust, but verify. While organizations wait for official alerts and notifications from Okta, security teams should also begin their own investigations to determine whether they have been exposed.
While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services.
Phishing, malware, and ransomware have spurred organizations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.
Other threats to enterprise data include cybercriminals, authorized users, foreign governments, and application vulnerabilities, according to Dark Reading's recent Strategic Security Report.
Most IT and security leaders are confident their cybersecurity strategies are on the right track, but they still believe their organizations are as vulnerable as they were a year ago.
The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.
In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to an organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.
Login
FreshRSS