BankInfoSecurity wrote: "Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one of the hottest commodities on underground or dark web marketplaces are credentials, which attackers can use to log into enterprises and make it appear that they're legitimate users."
"Because organizations don't have multifactor [authentication] rolled out, it makes it trivial to get in," says Chris Novak, director of global investigative response for Verizon, in a discussion about the company's latest Data Breach Digest, a companion report to the company's annual Data Breach Investigations report (see Verizon's Latest Breach Report: Same Attacks, More Damage).
In an audio interview with Information Security Media Group at the recent RSA Conference 2017 (see link below illustration), Novak discusses:
- Nitty-gritty details of what organizations go through when they suffer a breach;
- Organizations' ongoing inability to know where their top assets are and on which systems that data gets stored, especially after merger and acquisition activity;
- The move by even non-European organizations to comply with the EU's General Data Protection Regulation.
Novak is a co-founder and the director of the Verizon Investigative Response Unit - a division of the Verizon RISK Team. He's also worked as a principal for Cybertrust and a senior security consultant for Ubizen." We recommend you listen to the 10-minute interview here:
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch social engineering, spear-phishing and ransomware attacks on your organization. The Email Exposure Check (EEC) is a one-time free service. Sign up for your free EEC and find out now which of your email addresses are exposed.
Don't like to click on redirected buttons? Cut & Paste this in your browser: