Verizon – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР https://risk-academy.ru Управление рисками, риск менеджмент, обучение по управлению рисками, тренинг риск менеджмент Tue, 01 Sep 2020 13:37:47 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://raruswebsite.s3.amazonaws.com/wp-content/uploads/2018/02/10213225/cropped-favicon-32x32.png Verizon – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР https://risk-academy.ru 32 32 Good news about data breaches https://risk-academy.ru/good-news-about-data-breaches/ Sun, 30 Aug 2020 17:48:01 +0000 https://risk-academy.ru/good-news-about-data-breaches/

Protiviti has shared a useful summary of the latest Verizon Data Breach Investigations Report (DBIR), which is available from Verizon here.

The good news was put well by Protiviti:

One of the surprises in this year’s report is that organizations are discovering 60 percent of data breaches in days or less and containing 80 percent of breaches in the same timeframe.

As Protiviti says:

Verizon highlights that this is due to more breaches being detected by managed security providers, and not necessarily an improvement of internal detection and containment capabilities.

The Verizon report has a wealth of detail but it is awkward to navigate. So I suggest reading the Protiviti summary first.

One of the Verizon points which is of tremendous importance, although it is hidden in the middle of the Results and Analysis section[1], is this:

Last year, we looked at the median impact cost for incidents reported to the FBI IC3. With regard to business email compromises (BEC), we noticed that most companies either lost $1,240 or $44,000 with the latter being slightly more frequent (Figure 32).

Also, last year we stated that when “the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all U.S.-based business email compromise victims had 99% of the money recovered or frozen; and…

Подробнее…

]]> Pandemic highlights need for cyber risk management in SMEs https://risk-academy.ru/pandemic-highlights-need-for-cyber-risk-management-in-smes/ Wed, 26 Aug 2020 08:15:57 +0000 https://risk-academy.ru/pandemic-highlights-need-for-cyber-risk-management-in-smes/

/ MEDIA STATEMENT / This content is not written by Creamer Media, but is a supplied media statement.

If small and medium businesses had little appetite for cyber risk management before the Coronavirus pandemic, they may have developed one now. Mobilising remote workforces, provisioning the right set of tools, managing the flow of data, keeping it secure and controlling who has access to what has likely to have caused disruptions and headaches at best. At worst, lack of cyber risk management has caused companies to grind to a complete halt.

Douw Gerber, Business Development Manager at leading South Africa-based managed IT security services company, Securicom, says that lack of cyber risk management is a factor in the higher incidence of cyber related fraud amongst small businesses during the lockdown. Citing Verizon’s Business 2020 Data Breach Investigations Report, he says that about a third (28%) of data breaches this year has involved small businesses.

“There are no controls in place to manage access to and the share of information. Backs ups don’t happen when they should. Cyber security tools aren’t updated as they should be. Employees are using unsecured devices…

Read More…

]]> Understanding data breaches 2020 | Norman Marks on Governance, Risk Management, and Audit https://risk-academy.ru/understanding-data-breaches-2020-norman-marks-on-governance-risk-management-and-audit/ Wed, 01 Jul 2020 20:31:58 +0000 https://risk-academy.ru/understanding-data-breaches-2020-norman-marks-on-governance-risk-management-and-audit/ Home
> Risk > Understanding data breaches 2020

Understanding data breaches 2020

For 13 years, Verizon has shared their Data Breach Investigations Report. The 2020 edition is now available.

As usual, it contains some interesting information:

  • Only 70% of breaches were by external actors.
  • Organized crime was behind 55%.
  • Nation states, sysadmins, and end users were each behind about 10% of the breaches.
  • 22% included social attacks (pretexting and phishing), 96% of the time by email. 1% by phone or SMS.
  • 17% involved malware; 27% of malware was ransomware.
  • 8% was from misuse by authorized users.
  • Partners were involved in 1%; multiple parties were also involved in 1%.
  • 81% were contained in one day or less [a massive improvement from what I have read in the past].
  • 72% of the victims were large businesses.
  • 58% of victims had personal data compromised.
  • 20% of breaches take months to be discovered, a significant improvement from prior years
  • Of the 108,069 breaches and 157,525 incidents reported to Verizon, more than 100,000 breaches “were credentials of individual users being compromised to target bank accounts, cloud services, etc.”
  • There were 25,029 incidents involving organizations where they could identify the industry category. 7,463 (30%) involved professional organizations, 6,843 (27%) were…

Подробнее…

]]> Five cyber-security lessons from the pandemic | Article https://risk-academy.ru/five-cyber-security-lessons-from-the-pandemic-article/ Tue, 16 Jun 2020 15:34:43 +0000 https://risk-academy.ru/five-cyber-security-lessons-from-the-pandemic-article/

1. Don’t take the bait

Phishing remains a popular—and effective—technique for attackers. It is an attempt to steal credentials and obtain sensitive information, often by an e-mail message containing a link to a seemingly legitimate Website. Phishing is the top threat action used in cyber-security breaches, according to Verizon’s 2020 Data Breach Investigations Report. To combat phishing, employees should know how official communications will be sent, treat unknown e-mails and links as suspicious, and have an easy way to alert their IT security team.

2. Improve cyber-security training

Most cyber-security training revolves around workplace use, with passing mention of security best practices while on business travel. Remote work opens the door to risks posed by unknown Wi-Fi networks, shared workspaces, wireless printers, and similar technologies not vetted by IT security. Cyber-security training should include best practices for remote work, covering: working environment, router security, use of a virtual private network (VPN), oversharing screens during online meetings, personal use of company computers, and IT support.

3. Secure collaboration tools

Collaboration tools,…

Read More…

]]> These are the top 5 must-read cybersecurity books https://risk-academy.ru/these-are-the-top-5-must-read-cybersecurity-books/ Sat, 23 May 2020 19:30:20 +0000 https://risk-academy.ru/these-are-the-top-5-must-read-cybersecurity-books/

Hackers and cyber-criminals improve their tactics every day. As a consequence, the cybersecurity industry must perpetually adapt to stay ahead of malicious actors. Verizon points out in its 2019 Data Breach Investigations Report, which is based on 42,000 recorded incidents, that the best defense against cybercrime is knowledge. Unless organizations understand the digital threats they face, they will be powerless to stop them. 

Whether you are simply reading for pleasure or hoping to protect yourself by improving your cybersecurity knowledge, there’s no better place to turn to understand the nuances of information security than a good book.