Tag: breach trends
The obvious takeaway here is that these two most commonly breached application vulnerabilities represent low hanging fruit for attackers. Forum software is a favorite target for attackers because they consume user content that if not sanitized properly could be a crafty little malicious script that injects a PHP backdoor. Forum makers (as well as CMS providers…
Read MoreAs I write this, the industry is still wagging its fingers at the latest big breach. But in the time that it takes to get this published, there could easily be another colossal security disaster that leaves large numbers of people’s private information exposed. And with every headline announcing a security failure comes the anger…
Read MoreFigure 1: Cost of confidential data breach – F5 Ponemon security survey What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…
Read MoreIn simpler times, cybersecurity was a fairly straightforward proposition. You had your firewall, your gateway. You monitored traffic and scanned for viruses. The bad guys weren’t even always that bad, per se. Sometimes they were just there for kicks. But these are not simpler times. In today’s world of sophisticated criminals, hacktivism, espionage and cyber…
Read MoreThose of us at a certain age (ahem) grew up in a simpler time. Email was largely unheard of. There was no social media, no Facebook, Twitter or Instagram. There was no e-commerce, no Amazon, Alibaba or Taobao. No online banking. No online dating. Credit card transactions were processed manually. Local businesses accepted personal checks.…
Read MoreLooking at cloud breaches over the last few years, it’s easy to get the impression that most were easily avoidable events that occurred due to silly misconfigurations, ugly failure modes, or borderline negligent architectures. To put it bluntly, these cloud breaches look stupid. But the people and the organizations designing and running these systems—both the…
Read MoreThe cloud, like every other technology, was developed to help us do more things faster and more efficiently. It’s a business tool that provides the self-service flexibility of on-demand technological services decoupled from the need to physically deliver hardware and software. Organizations are flocking to leverage this power, but there are nagging questions: Is cloud…
Read MoreIn part 1, we discussed the various definitions of cloud and looked at cloud incidents related to data breaches, such as outages. In this part, we’re taking a close look at major cloud data breach incidents over the past few years. Are the majority of these breaches associated with sophisticated advanced attackers or malicious insiders?…
Read MoreGood or bad, the cloud adoption represents a new pathway for anyone to become a software startup without having to hire operations or infrastructure personnel. Although they can quickly get a minimally viable application up and running, that application may lack both robustness and security measures of more traditional, well-engineered systems. I’m pretty sure that…
Read MoreIt’s that special time of year again! In perhaps the most festive of all end-of-the-year traditions, the cyber security community tries to predict the next big scary incident which will make headlines in the new year. At the risk of sounding cynical, building strategies to respond to cyber security threats are a bit like New…
Read More