Authentic8 Blog Category: News

2017 in Review: Data Breach Statistics and Trends

Illustration: 2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog

What were the biggest data breaches in 2017? Did the federal government's cybersecurity fare better, two years after the disastrous OPM hack in 2015?

Did ransomware live up to, or even beat, the dire predictions? Which industries were targeted or hacked most?

We have pulled together summaries, surveys and posts worth returning to, for use as a quick reference to consult when working on IT security presentations, cybersecurity plans and requests for budget or approvals in the year ahead:

The Biggest Hacks, Leaks and Data Breaches in 2017

...presented in 28 (illustrated) slides by ZDnet, with links to more in-depth information.

Source: ZDNet

ABA Tech Report 2017: Security

What does the American Bar Association’s 2017 Legal Technology Survey Report reveal about data security in the nation’s law firms? David G. Riess, attorney at Clark Hill PLC, summarizes.

Source: ABA Tech Report

2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog illustration

Largest Healthcare Data Breaches of 2017

78 healthcare data breaches in 2017 that affected more than 10,000+ records

The Long Con: Antivirus and Your Data

Illustration: The Long Con: Antivirus and Your Data - Authentic8 Blog

Officials and security researchers have named antivirus (AV) vendors as the new weak link in enterprise and government networks. They claim that sensitive files of the U.S. National Security Agency, the Republic of Korea Armed Forces and U.S. companies were targeted and exfiltrated thanks to the software that should be protecting the endpoint.

Antivirus solutions have been around since the mid-1980s. We gave them file system permissions to scan every file. Then we allowed access OS processes to scan active code. Then we allowed vendors to take our data to the cloud for “enhanced” security.

Now, as with many other services, our trust is used against us. The same AV tools that were supposed to help us fight malware are used as a backdoor to steal sensitive information and stage cyber attacks. This feels like a long con perpetrated by the antivirus industry.

Which vendors can you trust?

The irony is that for years we’ve been paying vendors to

How Do I Know If My Local Browser Extension Was Hijacked?

Illustration: How Do I Know If My Local Browser Extension Was Hijacked? - Authentic8 Blog

If you’ve installed add-ons or plugins with your browser (like the one that came with your computer), it could be a question you're asking yourself right now.

This week brought news that at least six more extensions for a popular browser were hijacked. Two similar attacks were uncovered only last week. In all these cases the hijackers “updated” the extensions to inject malicious code into web pages. More than a million local browser installations were affected.

*

At the risk of repeating myself - local browser add-ons put your data at risk. Browsers are targeted in more than 80 percent of online attacks because inherent design flaws and the security weaknesses of common internet protocols make them the most vulnerable component of your personal or business IT.

When connecting to a website, browsers indiscriminately fetch and process code from the web on the local computer. Malicious code may be hidden in a web app or passed through from an ad server on

So Much Leaking.

Illustration: So Much Leaking. - Authentic8 Blog

In the wake of the devastating WannaCry and NotPetya ransomware campaigns, it was hard to imagine that things could get more embarrassing for the IT profession.

That double whammy was possible because IT administrators left firewall ports 445 and 139 open, which allowed the ExternalBlue exploit to take hold. Thousands of companies around the world paid the price for IT's negligence.

Despite all the attention, many organizations still haven’t taken the simple step to close the obviously open ports.  Once they get hit, regulators and litigators will likely have a field day. Nobody can say IT wasn’t warned.

And now, just a few short weeks later, we learn that security researchers have discovered numerous preventable data leaks that exposed personal, sensitive data of hundreds of millions of users.  Where did they find this data?

On Amazon - where else?  The go-to web service for storing large amounts of data. Impacted organizations include:

The One IT Security Issue That Too Many Media Are Totally Missing

Illustration: The One IT Security Issue That Too Many Media Are Totally Missing - Authentic8 Blog

SECURITY, NEWS

Did you notice how some journalists ask one particular question at the end of an interview? It’s usually a good sign: "Is there anything I didn't ask you but should have?"

This question indicates curiosity to go past the obvious talking points. It shows the interviewer’s openness to considering new angles. We decided to rephrase and broaden that question and pose it to our InfoSec Luminaries:

"What's the one IT security issue that you wish journalists would cover more or better, and why?"

No media bashing or gripe-airing intended here. Reporting on IT security, computer crime, data protection and privacy - and getting it right - is tough enough. It looks like more fun from the outside (if you’re not  doing it yourself ) than it actually is. We get it.

But even those in the industry who enjoy stellar media coverage can point to an issue or two that deserves more attention than it is actually