After the major threats and hacks of last year targeting some of the biggest global enterprises made headlines; cyber security has earned its position as one of biggest topics and concerns for 2018. Stay in the know with the latest trends, news topics and threats in the internet security space to help your business stay informed and on alert.
The New GDPR Just Launched
A new wave of data privacy regulation is here as Europe’s new General Data Protection Regulation (GDPR) hit the web May 25th. Changing the way companies around the world collect and handle personal data, the new law affects any organization that holds or uses data on people inside the European Union. The biggest result of this will fall on the companies that were previously making money from user data that now have more responsibilities to comply with.
Besides fines and pending lawsuits for businesses not practicing within regulations, the complications that come with the GDPR are pushing many to drop or cut down on services they are offering to European customers. With many organizations choosing to cut back on business operations over complying with the new laws enforced through the GDPR update, the impending lack of data privacy users have been facing for decades is growing more clear to those previously in the dark.
A main point around Europe’s improved GDPR for both users and organizations to consider is that this regulation has not fixed all data privacy issues and has its own limitations. As the internet is a global marketplace, users will still be subject to privacy concerns for services used that operate outside of the EU. This unlevel playing field puts the US and other parts of the world one step behind the benefits of Europe’s improved regulation.
As the new GDPR shapes the online marketplace for the better, organizations must remember this is just the first step towards a safer internet. Data privacy will remain a top priority for all and will rely on the continuation of internal measures in monitoring and filtering information allowed in and out.
Millions of Computers Are at Risk for Hacks at Their Core
A blind spot in millions of computers has been identified from Intel’s former chief threat researcher, Yuriy Bulygin, who has uncovered a weakness in hardware microprocessors that allows hackers the ability to access a computer’s firmware. Microcode that is permanently stored inside a computer’s processors and other chips – firmware houses some of the most sensitive information on devices and is now at risk of hackers through this recent breakthrough.
The hacking techniques found by Bulygin exploits the Spectre vulnerabilities that millions of computers and smartphones could still be compromised by, which works to take advantage of glitches in the ways processors try to predict data they believe users will need next, and fetch it in advance. Going a step further by enabling hackers the ability to read data from one of the most important types of firmware that links to the access rights from a machine’s control key functions, this weakness can potentially allow access to any data on a device – mainly the most sensitive in an organization.
Making matters even more complicated, this technique uncovered to infiltrate computers falls under a new class of hardware attacks that is virtually undetectable. Through tapping into the machine’s firmware, malicious code can stay in the backbone of a chip or processor forever. This leaves preventative measures and incident response tactics such as security updates used in software breaches unable to combat the threat.
As more news develops on this breach the potential it has been exploited previously will come to light, but for now hardware users must be aware of the systems affected by hardware flaws such as those of Meltdown/Spectre that impacted millions and have left machines compromised or at great risk for attack.
See our full report on the Meltdown/Spectre security flaws here.
How Deceptive Tech is Disrupting Cyber Security
A new trend in deceptive technology is changing the face of cyber crimes that look to limitations in company resources and security protocols to hide attacks with diversion tactics. As cyber criminals become more aware of the lack of security protection in many organizations, they are working to become more innovative and stealthy in the measures they are using against their victims.
By tapping into the patterns organizations rely on when they are facing a cyber threat; through what attackers are looking for, what they expect to find, and how they might attack; criminals are flipping the script and using this intel to their advantage. Through leveraging “attack” decoys that divert attention into the areas a firm would expect to be targeted, real hacks and breaches are implemented in the background through other areas, without notice.
With nearly 50% of companies ill-equipped to take on the cyber threats of today, hackers are getting stronger as they tap into the widespread liability faced by organizations with underdeveloped security protection.
And as the problem grows bigger with new security weaknesses identified daily, it will be even more critical for organizations to stay ahead of these threat trends and the irreversible damage they can inflict.
Highlights from Verizon’s Latest DBIR
In its 11th edition, Verizon released its latest Data Breach Investigations Report that takes an in-depth look at thousands of real-world incidents each year to identify the key cyber threats continuing to plague organizations. Much like the 2018 Security Incident Response Report from BakerHosteler we reported on last month, many parallels are uncovered in the DBIR that details the findings from over 53,000 confirmed incidents documented since the start of 2018.
Identifying over 2,000 data breaches across 65 countries, this report looks into the motivations behind cyber crime, the victims targeted and tactics used to trigger breaches with the key highlights as follows:
- Cybercriminals are still finding success with the same tried and true techniques of the past – with victims continuing to make the same mistakes. Weaknesses in cyber security measures, hardware faults, malware and overall lack of network protection are allowing more of the same cyber attacks in.
- 73% of attacks were conducted by outside parties. Although many threats are posed to an organization through their internal network, much of the crux in today’s cyber crimes stem from external threats and criminal groups.
- Attacks conducted on the inside are getting harder to spot as the signs of criminal intent are being masked and often not foreseeable in network activity and logs.
- The top motivation for cyber attacks in 2018 was financial gain with espionage following in second.
- Preventable errors were at the heart of almost one in five breaches which included employees failing to shred confidential information, sending an email to the wrong person or misconfigured web servers.
- The top malware in 39% of all breaches documented was ransomware.
- Cybercriminals are going beyond encrypting single user devices and are looking to encrypt file servers or databases with malware to maximize the damage and potential financial gain.
- The industries with the most breaches included Healthcare, Accommodation and Public sectors.
As the report goes into more detail in where the unique differences lie in cyber attacks through business size, industry type and security weaknesses; many breaches share similarities where a lack of organizational preparation allows threats in. Encouraging businesses to take measures to better protect themselves, the report emphasizes the use of fundamental tactics such as employee training, network protocols and incident response plans to best prepare and minimize losses from security breaches.
Get in touch with our team of security experts. Call 1.800.985.1365 or visit https://www.infonaligy.com/contact-us/.