Verizon recently released its annual Data Breach Investigations Report (DBIR), which provides valuable insight and analysis into the cybersecurity challenges faced by organizations. The report this year analyzed 29,207 security incidents, with data coming from 83 contributors and victims spanning 88 countries, 12 industries, and three world regions, which found a confirmed 5,258 breaches, a 33 percent increase in volume from last year’s report.
The 2020 DBIR found that ransomware continues to be a top cyber-attack, with a six percent increase in attack volume, while phishing cyber threats were also on the rise, with an 11 percent increase. Ransomware is a type of malicious software that restricts or limits users of a targeted organization from accessing their IT systems, while with phishing, attackers persuade and deceive employees in many ways to gain critical access, most commonly via email.
“Over the past years, phishing and ransomware have become the most rampant form of cybercrime and an exponentially increasing threat to organizations, said Orhan Yildirim, CTO of Ironsphere, a software and privileged access management company, when asked about cyber threats. “The two will often go together, with ransomware being the malware designed for the sole purpose of extorting money from victims, and phishing being the delivery mechanism in order to gain access to a user’s credentials.”
It’s not necessarily a surprise that cyber threats, in general, were on the rise this past year, as the global pandemic forced people to work from home, putting more people on the internet at once than ever before. However, breach data showed that 61 percent of breaches involved credential data, with 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year, which can have a devastating effect on a company.
“Ransomware and phishing attacks can have an overwhelming impact on businesses of all sizes, with personal and corporate data, financial and healthcare records, network share files, and all other valuable content being able to be taken hostage by ransomware.,” said Yildirim. “The stories are proving that it can halt businesses, slow down productivity, and potentially set an entire organization up for failure.”
However, while attacks are on the rise, there are a variety of practices organizations should follow to bolster their defense against cyber attackers. Solutions such as Privileged Access Management (PAM) can help companies protect against the threats posed by credential theft and privilege misuse.
PAM refers to a comprehensive cybersecurity strategy comprising people, processes, and technology, to control, monitor, secure, and audit all human and non-human privileged identities and activities across an enterprise IT environment. PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions.
“The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets,” said Yildirim. “By enforcing the principle of least privilege, organizations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches.”
Challenges that organizations face, such as managing account credentials, tracking privileged activity, monitoring and analyzing threats, and controlling privileged user access, can all be handled efficiently by a PAM solution. By prioritizing PAM programs as part of their larger cybersecurity strategy, companies can experience many organizational benefits, including mitigating security risks and reducing the overall digital attack surface, enhancing visibility and situational awareness across the enterprise, and improving regulatory compliance, all of which Yildirim states are essential as we continue to move toward a more digital future.
“As reliance on digital technologies continues to increase, cyber attacks have become increasingly sophisticated,” Yildirim explained. “Organizations that rely on outmoded cybersecurity strategies leave themselves vulnerable to threats, as organized criminal hackers, whose disruptive ambitions are only growing, search out the easiest organizations to target.”
New funding from CDPQ provides AppDirect with the power to help technology providers and advisors in transforming and scaling their businesses while m…
NextPlane's Affordable Microsoft Teams PSTN Calling Solution for UCaaS and Service Providers
The popular app Snapchat is now offering a new friend, of sorts: My AI. Powered by ChatGPT, the bot is already integrated for select users to experime…
Dialpad is further expanding its Tech for Black Founders program and partnership with Sacramento Kings' point guard Davion Mitchell to promote Black-o…
IDEA Showcase 2023 at ITEXPO in Ft. Lauderdale, Florida, gave entrepreneurs a chance to present pitches to a panel of judges.