Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Risk. Show all posts

Data Collection: What are Some ‘Unlikable’ Traits in This Growing Trend?


One of the consequences of the pandemic in the many B2B2C manufacturers was the changes in interactions with their clients. Numerous manufacturing brands in consumer packaged goods (CPG), fashion, equipment, etc. understood the advantages of implementing a direct-to-consumer approach even when the retail shops that would ordinarily distribute their products were shut down.

Due to their business model, which involved selling their goods via resellers, these businesses have typically had little contact with the final consumer. However, several manufacturers smartly constructed digital experiences to interact with, sell to, and gather data from their customers directly as a result of resellers being closed or operating at reduced capacity.

Data that was previously gathered and owned by resellers or intermediaries was suddenly made directly available to manufacturers for them to profit from and learn from. This opened up new revenue streams by charging other organizations for their data, using it to cross- or upsell products, or making the customer experience less complicated.

With all likable traits of data collection, there however exists certain risks that comes with it. These risks not only include data hack, malware or data theft but also exploitation of the collected data that may lead to a brand wreckage or even legal challenges to an organization.

In order to minimize the damaging consequence, organizations are advised to develop a proactive ethical framework rather than any reactive measure, in order to govern the use of technology and data. These principles create a foundation of security and respect for clients, reducing consumer harm.

Moreover, with the evolution of cyber threats, the previously admired strategies are now outdated. There is no longer a secure border or barrier. Through the use of security-in-depth techniques like encrypted communications, segregated areas, granular authentication and authorization, and sophisticated intrusion detection systems, system design should enable risk management and security enforcement across the whole architecture.

Lastly, the manufacturers are also urged to reconsider their views on data in order to effectively address privacy. Particularly, they ought to give top priority to well-considered governance systems that allow for informed choice-making with regard to data collection, access, and utilization. Manufacturers could guarantee that data is treated properly and ethically by designating data owners. For enterprises, having a solid governance framework is important for safeguarding user data and privacy.

Cyber Assaults via Microsoft SQL Server Surged by 56 percent in 2022

 

Threat analysts at Kaspersky have identified a surge in the number of assaults that employ Microsoft SQL Server processes to attempt to access company infrastructure. 

Earlier this year in September, more than 3,000 SQL servers, which are employed by organizations and small and medium-sized enterprises across the globe to manage databases, were impacted, which is a surge of 56 percent compared to the same period last year, as per the latest findings from Kaspersky’s Managed Detection and Response Report. 

According to Sergey Soldatov, Head of Security Operations Center at Kaspersky, the number gradually increased during the last year, and in April 2022, the number exceeded 3,000, only to see a slight decrease in July and August. 

“Despite the popularity of Microsoft SQL Server, companies do not pay enough attention to protecting against software-related threats. Attacks using malicious processes on SQL Server have been known for a long time, but perpetrators continue to use them to gain access to company infrastructure,” stated Sergey Soldatov. 

There had been a number recent incidents where Microsoft SQL Servers has been exploited by actors. In April, hackers were identified deploying Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year. 

Normally hackers search the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password. 

Mitigation tips 

To protect against enterprise-targeted threats, cybersecurity experts recommend the following measures: 

• Always update the software on all the devices you use to prevent attackers from infiltrating your network using vulnerabilities. Install updates for new vulnerabilities immediately, because after that they can no longer be abused. 

• Employ latest information about threats to keep up to date with the tactics, techniques and practices utilized by hackers. 

• Implement an authentic endpoint security solution such as Kaspersky Endpoint Security for organizations which represents effective protection against known and unknown threats. 

• Dedicated services can help combat high-profile attacks. Service Kaspersky Managed Detection and Response can help identify and stop intrusions in the early stages, before the cybercriminals achieve their aims.