The past half-decade has been a particularly tumultuous one for cybersecurity. It has borne witness to some of the most damaging attacks in history, unprecedentedly high data breach rates, and a staggering number of emerging threat groups. However, a new report from cyber insurance provider Coalition suggests that things are beginning to stabilize.
In the brisk air of early autumn, optimism fills our hearts as we celebrate the 20th anniversary of Cybersecurity Awareness Month, an annual event dedicated to fostering a deeper understanding of cybersecurity and inspiring behavior change. Two decades ago, the prevailing belief among security professionals was that raising awareness alone could lead to secure online behaviors. But in 2023, we've learned that hope is not a strategy.
A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web. 32-year-old Marquis Cooper, of Selma, California, was a chief petty officer in the US Navy's Seventh Fleet when he opened an account in August 2018 with a company that maintains a PII database for millions of people.
We often hear of how we need to protect ourselves from online scams. Criminals seek our personal information in order to use it for multiple nefarious purposes. However, there is a population who, while not having a broad online presence, are equally vulnerable to identity theft. Children are particularly vulnerable to identity theft, as they often have clean credit histories and their personal information is not monitored as closely as adults.
There are countless tools and technologies available to help an organization stay on top of its IT assets, and a configuration management database (CMDB) is an extremely useful one. The database keeps track of relevant information regarding various hardware and software components and the relationships between them. It allows IT teams to have an organized view of configuration items (CIs) that can enable more streamlined processes when it comes to IT work.
These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 705 sites comprising 12.6 billion accounts. This includes well-known names like Wattpad, Verifications.io, and Facebook.
Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping network topologies, and collecting information about hosts, their operating systems, IP addresses, and user accounts.
Gaming companies collect data concerning user behavior for a variety of reasons: to inform investment and content decisions, enable game and advertisement personalization, and improve gameplay, to name a few. However, the data available provides a daunting task for those attempting to make use of it, as well as a ripe target for attackers. Effectively utilizing and protecting this data can be a challenge, especially as the volume of gaming data increases over time.
Interconnected, data-enabled devices are more common now than ever before. By 2027, it is predicted that there will be more than 41 billion new IoT devices. The emergence of each new device offers a fresh vulnerability point for opportunistic bad actors. In 2022, there were over 112 million cyberattacks carried out on IoT devices worldwide. Without sufficient protection, attackers can exploit these weak points to gain access to sensitive data or restrict access to internet networks.
One of the most reliable constants in the cybersecurity world is that threats are always increasing as cybercriminals advance their tactics and develop new ones. It can be a daunting task for organizations to continually stay on top of these threats, protect their own data and assets, and monitor the threat landscape for changes.
