Articles about Data Breach

In 2024, businesses have reported taking an average of 7.3 months to recover from cybersecurity breaches -- 25 percent longer than expected and over a month past the anticipated timeline of 5.9 months.

This is among the findings of the latest Global Security Research Report from Fastly which also shows that recovery times are even worse for companies that planned on cutting back cybersecurity spending. They faced an average of 68 incidents each -- 70 percent above the average -- and their recovery times stretched to 10.9 months.

Continue reading →

Time and time again, organizations face an escalating threat to their data: Third-party breaches. As businesses increasingly rely on external vendors and partners for various services, the security of sensitive information becomes more vulnerable. This poses the question: Are traditional security measures still effective or obsolete in protecting vital information? 

There has been a notable increase in third-party breaches, with headlines featuring Snowflake, Santander and Ticketmaster as recent victims. These incidents highlight that vulnerabilities are inherent in our systems, making no organization immune to such attacks.  

Continue reading →

With a rapidly developing threat landscape, an increase in high-profile data breaches, the introduction of new legislation, and customer tolerance for poor data handling at an all-time low, the stakes are high for companies to have robust cybersecurity in place. However, despite their best efforts, companies are often found to not be doing enough to protect their assets.

Often, this is due to a case of ‘too much, too fast’. As businesses invest in new technologies, their day-to-day operations are being supported by ever more complex and fragmented technology platforms. At the same time, the amount of customer data available to them is growing and constantly streaming in, and bad actors are consistently launching more sophisticated attacks. Meanwhile, leaders are not fully aware of or own responsibility for their cybersecurity plans. As the digital world evolves with new threats and regulations, business leaders must recognize the importance of data protection. If they do not, they cannot adequately protect their customer's data and are in danger of losing their trust and even their continued existence in business.

Continue reading →

Fraudsters have used account takeovers (ATOs) to victimize 29 percent of internet users, resulting in $13 billion in losses in 2023. Over three-quarters of security leaders listed ATOs as one of the most concerning cyber threats, and the danger grows as bad actors leverage AI to launch more potent attacks.

The Snowflake breach demonstrates the devastating consequences of ATOs. Attackers gained access to 165 of the data platform’s customers’ systems, including AT&T and Ticketmaster, and exfiltrated hundreds of millions of records containing sensitive data. The attack wasn’t some brilliant hacking scheme -- the bad actors simply used legitimate credentials to log into the platform.

Continue reading →

When investigating an incident to contain and remediate a threat, security teams need to understand complex attack patterns, such as malware gestation, score, and sprawl -- the answers to which all lie in the data and systems.

To help with this process Druva is releasing Dru Investigate, a GenAI-powered tool that guides data security investigations using a natural language interface.

Continue reading →

While the world of cybersecurity has always been fairly unpredictable, what’s certain is that data breaches are on the rise. But what’s driving this trend, how long will it continue, and what can organizations do about it?

According to the 2023 Annual Data Breach Report by the Identity Theft Resource Center (ITRC), a non-profit organization, data compromises have leapt up in the past two years. From the previous record of 1,860 in 2021 they dropped slightly to 1,801 in 2022 but rebounded to reach a new high of 3,205 last year. That’s an increase of 72 percent over just two years.

Continue reading →

The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.

This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.

Continue reading →

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences. New research from SecurityScorecard and The Cyentia Institute identified 99 percent of Global 2000 companies are directly connected to vendors that have had recent breaches.

The study shows that 20 percent of these large enterprises use a thousand or more products. Supply chain incidents cost 17 times more to remediate and manage than first-party breaches.

Continue reading →

Details are continuing to emerge daily on the hacking of Snowflake customers who have had their data stolen in what is shaping up to be one of the most significant attacks in years. So far, at least 165 of Snowflake’s customers, including household names like Ticketmaster, Santander Bank, and Advanced Auto Parts, have been identified as having their data impacted in this incident. 

While initial reports indicated that Snowflake itself had been hacked, with some evidence pointing to a former employee’s demo account having been compromised, this attack was actually far more interesting because of what it tells us about the current state of security in the cloud.

Continue reading →

Half of IT professionals believe there are devices connected to their network that they're unaware of, despite nearly 60 percent admitting that insecure devices pose a 'very high' or 'high' risk to their organization.

This is among the findings of a survey of 250 IT professionals by Advanced Cyber Defence Systems (ACDS) which also finds over two-thirds of organizations have experienced three or more data breaches in the past 24 months.

Continue reading →

Over 58,000 unique websites from around the world are vulnerable to data breaches and even complete takeovers according to new research.

The Cybernews research team has investigated publicly exposed environment files (.env) that should be kept private and protected at all costs. These files hold passwords, API keys, and other secrets that websites need to access databases, mail servers, payment processors, content management systems, and various other services.

Continue reading →

Think you’ve been hit by a cyber-attack? You need to move fast, but what immediate actions should you take, or should you not take?  Here’s a Cyber Incident Responder’s guide to steer you through the turmoil. The actions your team takes -- or doesn’t take -- can greatly impact the overall duration of recovery, cost, and the potential to uncover vital evidence left by threat actors within your infrastructure.

Identifying a cyber security incident can be challenging. Many threat actors have mastered the art of quietly infiltrating IT systems and hiding their digital footprints. Not all cyber-attacks are as overt as encryption-based ransomware or mandate fraud. The rise of encryption-less ransomware and corporate and state-level espionage is concerning. These silent intruders can lead to data and intellectual property (IP) loss, diminished competitive edge or market share, potential regulatory fines, and reputational damage.  All of which can be just as devastating, if not more so, to an organization, its employees, and investors, than a single ransomware incident.

Continue reading →

New research from Tenable reveals that 95 percent of 600 organizations surveyed suffered a cloud-related breach in the previous 18 months.

An additional 29 percent reported the breach caused 'significant' harm, which is defined as any adverse consequences to someone or an organization if the confidentiality of PII were breached.

Continue reading →

A new study from Prevalent shows third-party Breaches have risen 49 percent year-on-year, increasing threefold since 2021.

The survey of IT professionals conducted in February and March this year shows 61 percent of companies experienced a third-party data breach or cybersecurity incident last year.

Continue reading →

A new report based on data gathered from over 40 million exposures presenting high-impact risks to millions of critical business entities, finds that identity and credential misconfigurations represent 80 percent of security exposures across organizations.

The report, from exposure management specialist XM Cyber based on data analyzed by the Cyentia Institute, shows a third of these exposures put critical assets at direct risk of breach -- an attack vector actively being exploited by adversaries.

Continue reading →