Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Large-scale breaches. Show all posts

How Would You Deal with the Inevitable Breaches of 2023?


Large-scale breaches are inevitable in 2023 as a result of cyber criminals speeding up their attacks against businesses today. In the past two months, T-Mobile, LastPass, and the Virginia Commonwealth University Health System have all faced a number of severe breaches. 

In the data breach incident in T-Mobile, around 37 million of the company’s customer record was compromised before being discovered by the US-based wireless carrier, on January 19. Password management platform, LastPass has had a variety of attacks that resulted in the identity of 25 million users being compromised. 

VCU, on the other hand, announced a breach earlier this month wherein information on over 4,000 organ donors and recipients was exposed for more than 16 years. 

Even After Investing in Robust Cybersecurity, Breaches may only Increase in 2023 

Company CEOs and board members tend to invest in advanced cybersecurity systems in order to acquire better risk control and management strategy. According to Evanti’s State of Security Preparedness 2023 report, 71% of CISOs and security experts believe their budgets will rise this year by an average of 11%. 

They added further that a record $261.48 billion will be spent on information and security risk management globally in 2026, up from $167.86 billion in 2021. The unsettling paradox is that despite these constantly rising cyber security and zero-trust budgets, ransomware and other sophisticated assaults continue to be successful. 

Apparently, the power dynamic is in favor of cyber criminals, cybercrime organizations, and advanced persistent threat (APT) attack groups. Cyberattacks are becoming more sophisticated and severe, often studying a business for months prior to attacking it with "low and slow" strategies to escape discovery. The Evanti report predicts this year will be difficult for CISOs and their teams due to the growth in ransomware, phishing, software vulnerabilities, and DDoS attacks. 

Steps Organizations can Work on to Tackle Breaches 

John Kinderwag, an authority in his field and developer of Zero Trust says “Start with a single security surface because this will allow you to segment cyber security into manageable pieces. The best thing about doing this is that it is non-disruptive.” 

 We are listing below more such steps that would further aid in tackling breaches: 

1. Audit all Access Privileges, Remote Irrelevant Accounts, and Toggle Back Administrator Rights

Cyber attackers tend to pool business email breaches, social engineering, phishing, fraudulent multifactor authentication (MFA) sessions, and more in order to lure victims into giving them their passwords. Around 80% of breaches take place following the compromise of such privileged credentials.

Contractors, sales partners, service providers, and support partners from previous years frequently still retain access to portals, internal websites, and applications. Access credentials for invalid accounts and partners must be cleared. 

With MFA, valid accounts are only slightly protected. MFA needs to be enabled right away on all legitimate accounts. It should come as no surprise that in 2022 it will take an average of 277 days, or almost nine months, to find and fix a breach.

 2. Monitor Multifactor Authentication from the User’s Perspective 

Protecting every legitimate identity is standard practice with MFA. Although, making it as unobtrusive and secure as feasible is a challenge. Techniques for contextual risk-based analysis have the potential to enhance the user experience. Despite its adoption issues, CIOs and CISOs tell VentureBeat that MFA is one of their favorite quick wins because of how quantifiably it adds an extra layer of security to an organization's defense against data breaches.

According to Andrew Hewitt, senior analyst at Forrester, the best place to secure one’s identity is “always implementing multi-factor authentication. This can go a long way toward ensuring that enterprise data is secure. From there, it is enrolling devices and maintaining a solid compliance standard with Unified Endpoint Management (UEM) tools.”

Furthermore, Forrester advises enterprises to consider what-you-do (biometric), what-you-do (behavioral biometric), or what-you-have (token) factors for better results in MFA implementation. He recommends organizations consider adding PIN codes or implementing single-factor authentication.

3. Keep Cloud-based Email Security Programs Updated to the Latest Version

Apparently, CISOs are pressuring the providers of email security to improve their anti-phishing tools and implement zero-trust-based controls for URLs that might be harmful and attachment screening. Computer vision is used by the top suppliers in this space to find URLs that need to be quarantined or removed.

Cyber security teams are switching to cloud-based email security suites with integrated email sanitization features. It has also been advised to organizations to consider email-centric security orchestration automation and response (SOAR) tools, like M-SOAR, such as M-SOAR, or Extended Detection and Response (XDR), which include email security in a way to safeguard from attacks pertaining to emails.

Moreover, one of the most effective approaches an organization can implement is by accepting and acknowledging the fact the breach is inevitable and allocating and investing in a well-formulated strategy rather than avoiding the risks. In order to withstand a breach attempt, developing a culture of cyber-resilience is one of the best actions a company may proceed to work on.