Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

US
Cyber Attacks Ransomware attack security threat US

FBI Issues Warning as BlackCat Ransomware Targets More Than 60 Organizations Worldwide

 

An FBI flash alert released this week suggests that the law enforcement agency has identified at least 60 ransomware attacks worldwide by the BlackCat (ALPHV) group between November 2021 and March 2022. 

The flash alert highlights the tactics, techniques, and procedures (TTPs) employed and indicators of compromise (IOCs) associated with ransomware groups spotted during FBI investigations.

According to the FBI's Cyber Division, BlackCat also tracked as ALPHV and Noberus "is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing."

BlackCat's ransomware executable is also highly customizable and is loaded with several encryption methods and options that make it easy to adapt attacks to a wide range of industrial organizations. "Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations," the FBI added. 

Security researchers recently revealed an increased interest from BlackCat operators in targeting industrial organizations. BlackCat affiliates often demand ransom payments of millions of dollars, but they have been observed accepting lower payments after negotiations with their victims. 

For initial access, the FBI explains, BlackCat employs compromised user credentials. Next, Active Directory user and administrator accounts are compromised and malicious Group Policy Objects (GPOs) are used to deploy the ransomware, but not before victim data is exfiltrated. 

As part of observed BlackCat assaults, PowerShell scripts, Cobalt Strike Beacon, and authentic Windows tools and Sysinternals utilities have been used. The malicious actors were also seen disabling security features to move unhindered within the victim’s network. 

As usual, the FBI recommends not paying the ransom, as this would not guarantee the recovery of compromised data, and urges organizations to proactively deploy cybersecurity defenses that can help them prevent ransomware attacks. 

Since the start of the year, the notorious group has taken credit for ransomware attacks on US schools like Florida International University and North Carolina A&T University and has already breached dozens of US critical infrastructure organizations. 

The group was first spotted in November 2021 and became known for aggressively posting details about its victims publicly. Emsisoft threat analyst Brett Callow and others previously said the group is a rebrand of the BlackMatter and DarkSide ransomware groups, something the FBI also highlighted in its notice.
Read more »
Vulnerabilities and Exploits
Android Bugs Chipset Flaws Mobile Security Research Vulnerabilities and Exploits

Critical Chipset Flaws Enable Remote Spying on Millions of Android Devices

 

Three security flaws in Qualcomm and MediaTek audio decoders have been discovered, if left unpatched which might permit an adversary to remotely access media and audio chats from compromised mobile devices. According to Israeli cybersecurity firm Check Point, the flaws might be exploited to execute remote code execution (RCE) attacks by delivering a carefully prepared audio file. 

The researchers said in a report shared with The Hacker News, "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera. In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." 

The flaws, termed ALHACK, are based on an audio coding system that Apple created and made open-source in 2011. The Apple Lossless Audio Codec (ALAC) or Apple Lossless audio codec format is used to compress digital music in a lossless manner. Since then, other third-party suppliers have used Apple's reference audio codec implementation as the basis for their own audio decoders, including Qualcomm and MediaTek. While Apple has constantly patched and fixed security problems in their proprietary version of ALAC, the open-source version of the codec has not gotten a single update since it was first uploaded to GitHub on October 27, 2011. 

Check Point revealed three vulnerabilities in this ported ALAC code, two of which were found in MediaTek CPUs and one in Qualcomm chipsets. – 
• CVE-2021-0674 (CVSS score: 5.5, MediaTek) - A case of improper input validation in ALAC decoder leading to information disclosure without any user interaction 
• CVE-2021-0675 (CVSS score: 7.8, MediaTek) - A local privilege escalation flaw in the ALAC decoder stemming from out-of-bounds write 
• CVE-2021-30351 (CVSS score: 9.8, Qualcomm) - An out-of-bound memory access due to improper validation of a number of frames being passed during music playback 

The vulnerabilities allowed Check Point to "grab the phone's camera feed" in a proof-of-concept exploit, according to security researcher Slava Makkaveev, who discovered the issues alongside Netanel Ben Simon. All three vulnerabilities were addressed by the individual chipset manufacturers in December 2021, following responsible disclosure. 

"The vulnerabilities were easily exploitable. A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone," Makkaveev explained.
Read more »
security threat
Automation Cloud Network Cybersecurity security threat

Cyware is Changing the Cybersecurity Landscape

 

Cybercriminals often have an equivalent or sometimes superior technical prowess as their cyber security counterparts! This has led to an ever-evolving landscape of cybercrimes that constantly outsmart modern cyber security technologies. So, does that end our fight against cyber threats? No, the answer lies in increasing cognizance and implementation of automation technologies.

Akshat Jain, CTO & Co-founder, of Cyware shared his vision and the role of automation technologies in eliminating cyber threats. Here are the key points he discussed in an interview with Elets CIO: -

The vision of Cyware 

Anuj Goel and I started the company in 2016 with the vision of assisting organizations to reimagine the way they approach and manage cybersecurity. Our prior experiences in steering large security and technology teams made us realize the inadequacies of reactive, manually-driven, and intelligence-deprived cybersecurity strategies that put organizations at a disadvantage against threat actors. 

Today, Cyware is helping organizations transform their security postures through our cyber fusion solutions that combine the capabilities of Threat Intel Platforms (TIP) and Security Orchestration, Automation, and Response (SOAR) to make security proactive and to integrate and accelerate different security functions, including threat detection, response, vulnerability management, threat hunting, and others. 

Role of Automation in advanced security operations 

Automation plays an important role in the enrichment, correlation, analysis, and last-mile delivery of this threat intelligence to different teams within an organization or with external partners, industry peers, regulatory bodies, and information sharing community (ISAC/ISAO) members, and others. Using this telemetry, they are expected to take mitigating actions to contain and respond effectively to those threats. 

“Automation assists in detecting the variety of threats by using historical indicators of compromise (IOCs), and the knowledge of threat actors’ tactics, techniques, and procedures (TTPs) to trigger machine-driven detection alerts. From there, security teams can once again automate containment actions to ensure that a threat does not spread laterally across their systems and networks, thereby minimizing the impact of a threat. 

Response actions needed to finally eliminate the threat can also be executed rapidly through automated workflows leveraging security orchestration for information exchange and actioning across a variety of tools,” Jain explained. 

 Importance of Cyber Innovation and Global Collective Defence in the cloud-first economy

Cyber innovation is the need of the hour to help organizations adopt new security technologies and strategies to deal with these new challenges. With the increasingly distributed nature of today’s work environment, it is essential to boost collaboration in cybersecurity across all sectors to develop collective defense strategies for resilient cyberspace for all. 

As threat actors become stealthier and quicker, organizations should also make smart use of threat intel collected from both internal and external sources to drive proactive actions against potential threats to their infrastructure. 

Cyware’s progress in designing a first-of-its-kind global collective defense network 

Cyware is creating the first-of-its-kind global collective defense network through its advanced cross-sectoral threat intel sharing platforms that link all the stakeholders within an organization, as well as its business partners, vendors, industry peers, national CERTs, information sharing communities (ISACs/ISAOs), and others.

The network will assist organizations in sharing strategic, tactical, technical, and operational threat intelligence in real-time to ensure a timely response to various threats. More than 20 information-sharing communities (ISACs, ISAOs, and CERTs) from financial services, automotive, space, aviation, healthcare, retail, energy, and manufacturing sectors, among others, are using Cyware’s solutions to share threat intelligence with their 10,000+ member organizations.
Read more »
Spyware
Cyber Attacks Google Researchers Safety Spyware

Google Researchers: 'Zero-Day’ Hacks Hit Record in 2021

 

Following a year marked by high-profile ransomware assaults and supply-chain hacks, Google researchers have uncovered another alarming cyber milepost for 2021: a record number of "zero-day" exploits. A zero-day exploit is a previously undisclosed flaw that gives software developers exactly 0 days to fix it. As a result, the technology in question is extremely lucrative to hackers - and a disaster for cyber-security experts. 

According to a report released Tuesday (April 19) by Google's Project Zero, a team of specialist bug hunters, hackers attacked a total of 58 zero-day defects affecting key software suppliers in 2021. In 2020, there were 25 flaws, compared to 21 in 2019. Since Project Zero began tracking zero-days in 2014, this is the largest number of zero-days ever recorded. 

Ms Maddie Stone, a security researcher at Project Zero, stated in a blog post about the findings that the trend could be attributed to an enhancement in identification from companies like Microsoft, Apple, and Google, who now publicly report their findings around zero-day concerns, rather than a spike in hacks. 

Hackers have utilized the attack approach in recent years to install powerful spyware on smartphones, which has then been used to spy on journalists, lawmakers, human rights activists, and others. Last year, suspected Chinese state-sponsored hackers used such vulnerabilities to compromise Microsoft Exchange servers. 

Ms Stone of Google stated that the data contained some surprises. Despite the recent attention on spyware abuse, cyber-security researchers are still unable to find zero-day vulnerabilities that allow hackers to exploit systems. 

She wrote, "We know that messaging applications like WhatsApp, Signal, Telegram, etc are targets of interest to attackers and yet there's only one messaging app, in this case, iMessage, zero-day found this past year." 

Since 2014, the team has discovered two such flaws, one in WhatsApp in 2019 and the other in iMessage in 2021. According to Ms Stone, the majority of individuals on the planet are not at risk of being targeted by a zero-day attack. 

Nonetheless, she believes that such attacks have a widespread influence. "These zero-days tend to have an outsized impact on society so we need to continue doing whatever we can to make it harder for attackers to be successful."
Read more »
UK
Comparitech Data Breach NHS Phishing and Spam Ransomware Attacks. UK

In 2021, the UK Government was Plagued by Hundreds of Spam Emails

 

The UK government was reportedly bombarded with billions of phishing emails last year, with large numbers of questionable and fraudulent links being clicked on by staff. Comparitech recently published a report on these fraudulent emails and got responses in the sort of freedom of information requests from 260 government agencies. 

According to Comparitech, 764,331 government employees got a total of 2.7 billion fraudulent emails, averaging 2,399 per employee. However, this indicates that the emails were most likely flagged as malicious and prohibited by the relevant government agency. 

In 2021, personnel opened 0.32 percent of malicious emails on average, with 0.67 percent of these events resulting in employees clicking on potentially dangerous links, as per research. According to Comparitech, this might suggest some UK government employees clicked on 57,736 questionable links last year. The firm reiterated whether any FOI responses have been unclear - were ignored to avoid overestimating this amount. 

357 million fraudulent emails were received by NHS Digital's 3,996 employees, amounting to 89,353 mails per employee. Other essential infrastructure services, such as railway supplier Network Rail Limited, received 223 million malicious emails, or 5,033 emails per employee, while tax authority HM Revenue & Customs received 27.9 million spam emails, or 415 emails per employee. 

In other cases, the researchers' attempts to better grasp the government's ransomware threat were hampered by respondents' lack of transparency. "One government department reported in 2021 it had identified 97 data theft over just 30 days. Seventy-one government agencies were also glad to announce why they had not been hit by ransomware in 2021 the remaining 187 didn't say whether or not they had. In 2021, only two government agencies disclosed it had been the victims of a successful ransomware attack," said Paul Bischoff of Comparitech.
Read more »
User Security
Info Stealer Malicious Campaign malware User Security

Researchers Warn of Fake Windows 11 Upgrade Containing Info Stealing Malware

 

Cybercriminals are tricking users into installing a fake Windows 11 upgrade that includes malware that steals data from web browsers and crypto-wallets. The malicious campaign that is still running operates by poisoning search results to drive traffic to a website impersonating Microsoft’s Windows 11 advertising page and offering the information stealer. 

According to CloudSEK threat researchers who analyzed the malware and published a technical report, malicious actors are focusing on people who rush to install Windows 11 without first learning that the OS must satisfy specific requirements. 

The rogue website advertising the false Windows 11 has official Microsoft logos, favicons, and a “Download Now” button. It looks legitimate at first glance, but the URL reveals the site as fraudulent. If visitors access the malicious website directly (download is not possible via TOR or VPN), they will receive an ISO file containing the executable for new information-stealing malware. 

The CloudSEK researchers named the new malware 'Inno Stealer' as it uses the Inno Setup Windows Installer. The researchers said that Inno Stealer has no code in common with other presently circulating info-stealers. Once active, the malware plants a pair of files that disable various Windows security measures, including those in the registry. They also wipe out software from anti-virus companies Emsisoft and ESET. 

Inno Stealer’s capabilities are typical for this kind of malware, including the ability to collect web browser cookies and passwords, data from cryptocurrency wallets, and data from the disk. The set of targeted browsers and crypto wallets is extensive, including Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser, and Comodo. 

The malware can also steal extra payloads, an action only performed at night, potentially to take advantage of the victim’s absence from the computer. These additional Delphi payloads, which are TXT files, use the same Inno-based loader that fiddles with the host’s security tools and employs an identical persistence methodology. They also have the ability to grab clipboard data and exfiltrate directory enumeration data. 

To mitigate the risks, researchers recommended avoiding downloading ISO files from obscure sources and instead undertaking significant OS updates using the Windows 10 control panel or obtaining the installation files directly from the source. If you can’t upgrade to Windows 11, there’s no point in attempting to bypass the limitations manually since this will come with a slew of drawbacks and severe security risks.
Read more »
User Security
Data Breach data security User Data User Privacy User Security

42M+ People's Financial Data Compromised in UK

 

According to a press release from international law firm RPC, a growing number of ransomware attacks has resulted in the disclosure of financial data pertaining to about 42.2 million persons in the United Kingdom. 

“The surprisingly high number of people whose financial data was impacted in the last year shows how cyber-attacks have become endemic,” said RPC partner Richard Breavington. “Hackers are continually refining their methods, employing ever more complex techniques to extort money in whatever way they can. Some businesses, fearing the potential reputational costs, not to mention other consequences, decide that they will take the last-ditch approach of paying the ransom demands. As a result, these attacks have become very lucrative for cybercriminals.” 

Cyberattacks are spreading at an alarming rate, notably in the United Kingdom. In the years 2019-2020, 2.2 million people's data was stolen, compared to 42.2 million in the years 2021-2022, a startling increase of over 1,700% in just three years. One of the possible explanations for this increase in risking residents' sensitive information was pointed to as an increase in data in general. The cybercriminal network will then sell the information in a marketplace and perhaps hold financial institutions for ransom if the data has been corrupted by malware or ransomware. 

Breavington explains in the release that “criminal gangs are doing this because their blackmail threats over encryption alone are becoming less effective as businesses get better at backing up their systems. But hackers have honed their tactics and added this additional form of blackmail.” 

As a result of many firms finding it easier to just pay the ransom to attackers, several hacking groups have increased the number of attacks they carry out in a short period of time. As we saw earlier this month, ransomware and cyber threat groups will occasionally get access to a company's system and examine its inner workings for a period of time before launching an attack. 

“Before carrying out an attack, hackers are increasingly carrying out reconnaissance to scope out protections that are in place, as well as data held by the company,” Breavington said. “Businesses should not be making their jobs easier by signposting this information.” 

Many people are losing faith in firms' ability to keep their financial information secure as the number of hacks rises. As a result, many firms must recognise that it is their job to strengthen security layers, maintain a 24/7 approach to cybersecurity and online threats, and regularly self-audit their processes to ensure that they are doing everything necessary to reclaim that lost confidence.
Read more »
Spam Bots
cybercriminals Data Breach Lawsuit Loans Spam Bots

Security Breach Impacting 2.5 Million Users Revealed by Mortgage Servicer

 

In October, Lakeview Loan Servicing revealed a significant data breach that went unnoticed for more than a month and exposed the personal details of above 2 million customers. Any incident that leads to unauthorized access to data, applications, networks, or devices is referred to as a security breach. As a result, information is accessed without permission. It usually happens when an invader can get past security measures. 

The breach that was discovered in early December, harmed 2,537,261 borrowers between Oct. 27, 2021, and Dec. 7, 2021, as per the firm. According to public notice The letters, an unauthorized person gained access to the firm's servers and data, including names, addresses, loan information, and Social Security numbers. One of the notices described the occurrence as an "external system breach."

Mortgage servicers receive mortgage payments from homeowners and remit them to investors, tax officials, and insurers via escrow accounts. Investors' assets in mortgaged properties are also protected by servicers, who ensure the homeowners have enough insurance coverage. Customers have lodged eight class-action lawsuits in a Florida federal court since the servicer's revelation in mid-March, alleging Lakeview of breach of fiduciary responsibility, among other things, for failing to preserve personally identifiable information. In a complaint filed on behalf of Jennifer Morrill, a California client, Daniel Rosenthal, an advocate with DBR Law, P.A., said, "This PII was exposed due to Defendant's negligent, reckless, and willful acts and failures and the fails to secure the PII of Plaintiff and Class Members." 

According to Morrill's lawsuit, the sum at risk surpasses $5 million, and the proposed class has more than 100 members. In Morrill's case, a filing on Friday asks that the court cases be consolidated, pending a judge's consent. On Monday, Rosenthal declined to speak on the lawsuit. Lakeview refused to respond to the claims in a statement but said it contacted the proper third parties and people after discovering the incident. "Lakeview, like many other firms, encountered a security incident in 2021," according to the statement. "Steps were taken to contain the problem right once, law enforcement was alerted, and a forensic investigation firm conducted a comprehensive investigation." The operations of Lakeview were not hampered." 

According to a public document with the State Attorney General's Office made by an outside counsel for the firm, the servicer didn't witness a breach in the previous 12 months. Affected consumers received a free year of Kroll free credit and identity theft protection from Lakeview. The news comes amid an increase in fraud risk for mortgage lenders, who are more vulnerable to cyber attacks than other financial institutions. According to a new FundingShield Q1 2022 study, one out of every three transactions involves components of wire or title fraud risk, and wire errors and instances of perpetuated fraud are increased in about 6% of transactions. 

"Keep in mind," warned Ike Suri, chairman, and CEO of FundingShield, a loan and title fraud protection service. "And when it comes to these percentages, we're talking big figures." As per Security experts, the percentage of visitors affected by the Lakeview breach, as well as the volume of information exposed, was substantial. "It's a lot of data which will have repercussions on those people's current business and ongoing relationships, as well as the business itself," Suri said.

The operating assets to a mortgage loan are owned by Lakeview. They work with several Servicing companies to process payments, manage a trust, as well as provide customer support for their current mortgage. 
Read more »
RSA
Amazon API Bug Cyber Security FBI Mespinoza group PHP PRODAFT PYSA ransomware attacks RSA

PYSA Ransomware Group: Experts Share In-Depth Details

 

Since August 2020, the cybercrime group adopted a five-stage system design, with the malware developers prioritizing enhancements to boost the efficiency of its activities, according to an 18-month examination of the PYSA ransomware operation. The GSOC explores the PYSA ransomware inside this Threat Analysis Report. Once the Federal Bureau of Investigation (FBI) informed of the ransomware's increased activity and significant harmful impact early this year, it became known as the PYSA ransomware. 

This includes a user-friendly tool, such as a full-text search engine, to make metadata extraction easier and allow threat actors to easily locate and access victim information. "The group is notorious for thoroughly researching high-value targets before unleashing its operations, compromising business systems, and forcing researchers to pay significant ransoms to retrieve sensitive data," stated PRODAFT, a Swiss cybersecurity firm, in a comprehensive report released last week. 

PYSA, which stands for "Protect Your System, Amigo" and is a descendant of the Mespinoza ransomware, was initially discovered in December 2019 and has since risen to become the third most common ransomware strain reported in the fourth quarter of 2021. The cybercriminal cell is thought to have exfiltrated confidential info linked to as many as 747 individuals since September 2020, until its databases were taken down earlier this January. 

The majority of its victims are in the United States and Europe, and the gang primarily targets the federal, medical, and educational sectors. "The United States was the most-affected country, contributing for 59.2 percent of all PYSA occurrences documented," Intel 471 stated in a review of ransomware assaults observed from October to December 2021. PYSA, like all other malware attacks, is renowned for using the "big game hunting" method of double ransom, which involves making the stolen data public if the victim refuses to comply with the firm's demands. 

Every relevant key is encrypted and assigned the ".pysa" extension, which can only be decoded with the RSA private key given after paying the fee. PYSA victims are claimed to have paid about 58 percent in digital payments to get access to protected data. PRODAFT was able to find a publicly accessible. git folder owned by PYSA operators and designated one of the project's writers as "dodo@mail.pcc," a danger actor based on the commit history thought to be situated in a country that observes daylight savings time.

As per the study, at least 11 accounts are in control of the whole operation, the mass of which was formed on January 8, 2021. However, four of these accounts — t1, t3, t4, and t5 — account for approximately 90% of activity on the management panel of the company. Other operational security failures committed by the group's members allowed a concealed system running on the TOR secrecy network — a server provider (Snel.com B.V.) based in the Netherlands — to be identified, providing insight into the actor's techniques. PYSA's infrastructure also includes dockerized containers for global leak servers, database servers, administrative servers, and an Amazon S3 cloud for storing the files, which total 31.47TB.

The panel is written in PHP 7.3.12 by using the Laravel framework and uses the Git version monitoring system to oversee the development process. Furthermore, the admin panel exposes several API endpoints that allow the system to display files, auto-generate GIFs, and scan data, which is used to group stolen victim data into broad categories for simple retrieval. Several or more potential threat groups spent nearly five months within the system of an undisclosed regional US government agency before delivering the LockBit ransomware malware at the start of the year, as per research from cybersecurity firm Sophos.
Read more »
User Security
Crypto Wallet Mobile Security Phishing Attacks User Security

Beware of iCloud Phishing Attacks, MetaMask Warns Apple Users

 

ConsenSys-owned crypto wallet provider MetaMask is warning its community regarding possible phishing attacks via Apple’s iCloud service. In a Twitter thread posted on April 17, the company warned its customers that the encrypted passwords for their accounts, called MetaMask vaults, will be uploaded to Apple’s cloud service if the iCloud backup option is enabled on the app. 

 As a result, a phishing account that exploits a customer’s iCloud account will also compromise their passwords and hence their crypto wallets. This comes after an Apple user, who goes by “revive_dom” claimed on Twitter to have lost crypto assets worth $650,000 from his MetaMask crypto wallet. 

“This is how it happened. Got a phone call from Apple, literally from Apple (on my caller Id) Called it back because I suspected fraud and it was an Apple number. So, I believed them. They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped,” the user wrote in his thread. 

The phishing campaign involves certain default device settings in iPhones, iPads which see a user’s seed phrase or “password-encrypted MetaMask vault” stored on the iCloud if the user has enabled automatic backups for their application data. Metamask is an online crypto wallet that allows users to store their crypto assets such as Bitcoin, Ethereum, etc, as well as non-fungible-tokens (NFTs).

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” the company tweeted. 

Serpent, the founder of a project called DAPE NFT, explained how the fraudsters stole from a victim. On April 15, the victim received multiple text messages asking to reset his Apple ID password along with a supposed call from Apple which was ultimately a spoofed caller ID.

During the call, the fraudsters said there was unusual activity on the victim’s Apple ID and asked for a one-time verification code. This is the six-digit verification code sent out to a user when they want to reset their Apple ID password or even login from a different laptop or iPhone, iPad, etc. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.

 How to shut cloud backups?

Metamask in a warning tweet has requested users to disable iCloud backups by following the steps mentioned below: - 

Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle. 

To ensure that iCloud will not “surprise” you with backups you didn’t allow, go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.
Read more »
User Data
Cyber Firms Cyber Security Dark data Data Data Safety data security Secure Data Security User Data

Dark Data: A Crucial Concern for Security Experts

 

BigID recently released a research paper that examines the current problems that businesses face in safeguarding their most critical information. A number of important findings emerged from the research:
  • Dark data is extremely concerning to 84 per cent of businesses. This is data that businesses aren't aware of, but which accounts for more than half of all data in existence and can be extremely sensitive or vital. 
  • Unstructured data is the most difficult to manage and safeguard for eight out of ten businesses. Unstructured data generally comprises a variety of sensitive information and is challenging to scan and identify due to its inherent complexity. 
  • More than 90% of businesses have trouble implementing security standards involving sensitive or important data. Data policy reach and enforcement are crucial for proper data asset management, remediation, and security. 
Data is an organization's most valuable asset, relying on it every day to make critical strategic and operational choices. Unfortunately, most of this data is highly sensitive or critical, and it can be exposed accidentally or maliciously in some instances. 

Dimitri Sirota, CEO of BigID stated, “Data is the fuel that drives a company forward. However, a lot of this data is personal and as it accumulates, so does cyber risk. You owe it to your customers, partners, and employees to keep this data safe, let alone to keep your business running. This report reinforces the fact that most continue to struggle to confidently protect their most valuable data.” 

Sensitive or essential data is being spread throughout the environment at unprecedented rates, thanks to the rapid rise of public, private, hybrid, and multi-cloud models. As the scope of this type of data grows, so does the risk to the organisation. 

The research looks into the most significant security issues, the core causes of these problems, and practical ways to improve data security so that teams can protect their most valuable data assets.
Read more »
Subscribe to: Comments (Atom)