In business, we measure everything. Like the saying goes, “What gets measured gets done,” and most companies pay close attention to KPIs like qualified leads, new pipeline, net customer retention and fraction of roadmap completed on time. But if you were asked, “Are you meeting all your trust obligations with your employees, customers, board members, and the government?”, how would you answer?
In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing). This is where an attacker phones up a victim to simulate a trusted source such as a bank to phish for sensitive information. No one is immune from a vishing attack, even the Social Security Administration.
A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
Recently, we discussed the most effective cybersecurity frameworks to reduce the risk of cyber threats. One of the most important systems is the Federal Information Security Management Act (FISMA). This act applies to certain organizations, and is imperative to help protect them against data breaches. Let’s take a look at four things to know about FISMA, from what it is to how to monitor FISMA compliance.
It’s a familiar nightmare you’ve heard of and might even face as a developer or security engineer: alerts firing in all directions warning that your company’s VPN and firewall — that supposedly “safe” defensive perimeter around your infrastructure — has been breached. And the scariest part is that you find out after the fact — after access credentials and customer assets have been stolen.
The security operations maturity model assesses an organization’s current security capabilities to reduce its cyber risk and incident cost by lowering its time to detect and respond to threats, become more cyber resilient, and draw a plan to mature over time.
