A few weeks ago, a cybersecurity analyst unexpectedly discovered that he could dump files from the hotel network system where he was staying in Qatar to his own computer using the sync tool (used for file synchronization). Through an HSMX Gateway, he managed to access a welter of sensitive data held on an FTP server used for backup purposes. This included personal information on guests such as their room numbers, emails, and cell phone numbers.

A data breach occurs when sensitive data is copied, transmitted, viewed, stolen, or accessed by an unauthorized individual. For a security incident to constitute a data breach, the exposure of sensitive data must be intentional. The presence of intent differentiates a data breach from a data leak, where exposure is accidental. A data leak occurs when data is accidentally exposed through a vulnerability, such as weak passwords.

Everyone is at risk of a data breach or cyber attack, no matter how small or large a company is. Hackers and cybercriminals come up with new ways every day to steal sensitive information or personal data that they can potentially sell or ransom for money. According to a report published by the Identity Theft Resource Center (ITRC), a record number of 1862 data breaches occurred in 2021 in the US.

The attack surface is an organization’s digital exposure that an attacker could exploit to get unauthorized access to a system and extract data or other sensitive information. It could also be used as a point within a chain of attacks. As Organizations increasingly rely on SaaS services and products, the digital attack surface is more than the firewall and network.

Nowadays, it’s common to hear about yet another high-profile security breach in which critical data is leaked, resulting in damage to the organization’s reputation and bottom line. Unfortunately, it's impossible to remove all risks in your organization but there are ways to best protect against them and improve your security posture.

Whether you view a data breach as your worst nightmare, or simply an inevitable occurrence for the average organisation, knowing what to do and how to respond when it happens to your organisation is critical. A well-executed response contains a crisis and stops it from snowballing, as well as helping you navigate your organisation—and your suppliers and customers—through any follow-on analysis or potential post-incident investigations.

If you’re a Google Chrome user, you may have received the pop-up alert “Your password was exposed in a non-Google data breach” in your web browser. The alert informs users of any recent security breaches which may have compromised their account passwords. Read on to learn more about what this alert means for your data security and the appropriate steps to secure your personal data.

Third-party data breaches are one of the most concerning issues in cybersecurity today. You need your third parties to do business, but you can’t always trust (or verify) that their cybersecurity controls are as strong as they say, no matter how many questionnaires you send out. And of course, cybercriminals know that by hitting vendors rather than every single company separately, they can get the most ill-gotten gains for their effort.

Another day, another data breach has become a common refrain, in a world saturated with data breaches and other types of data exposures. But over the past few years, a subtle change in the nature of breaches has taken place. We documented some of this change in our analysis of the 100 largest breaches in the 21st century, highlighting that breaches were getting larger and more likely the result of misconfigurations.

This blog was written by an independent guest blogger. Businesses that allow employees to work from home are more likely to encounter a new security threat — compromised smart home devices. Smart technology connected to an employee’s home network, like smart thermostats, appliances, and wearables, can all fall victim to hackers. Workers that join their employer’s network remotely can unwittingly allow compromised devices to open the doors to hackers.