Best of 2023: Enterprises Are Getting Better at Breach Prevention. But Attackers Are Getting Better, Too.

As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year.
2023 ForgeRock Breach Report underscores the need for AI-powered identity.
We are excited to announce the release of our fifth annual ForgeRock Identity Breach Report.
Our goal each year is to discover what's trending - how enterprises are being breached, how many records are being exposed, and how attackers are getting past security controls that cost companies roughly $88 billion a year.1.
As in previous years' reports, we have published our key findings, including the industries most vulnerable to attack, the rising costs, and the leading cause of breaches.
An emerging threat: they're using AI to devise new attacks.
Decisioning AI can also prevent attempts to gain unauthorized access by incorporating multiple contextual signals into the decision process, such as login location, IP network reputation, and the distance between login attempts and registered MFA devices.
Organizations with AI-powered identity and access management can detect unexpected activity, stopping intruders in real time as they try to authenticate.
They can also automate the process of eliminating over-provisioned access that enables attackers to use one compromised account to move laterally to higher-value targets.
The 2023 report shows how a tactic that emerged in last year's report is now routine: breaching high-value organizations through their third-party partners and vendors.
These attacks increased 136% from the year before and accounted for more than half of all breaches this time around.
Attackers know that hospitals, for example, face strict regulations for protecting patient data - but hospitals' suppliers may be less stringent.
In one breach alone, an accounts payable vendor supporting hundreds of healthcare organizations was the victim of a ransomware attack, which allowed attackers to access systems and documents containing patient-related data.
The breach affected more than 657 healthcare organizations and almost two million people.
Poorly protected integrations between third-party suppliers and the organizations that rely on them - weak access controls, vulnerable API integrations, or a lack of MFA for employee accounts - can be used to exploit third-party providers.
Without strong identity security and governance, API security, and a least-privileged access model, an attacker can breach one workforce user's account and move laterally, not just across a vendor's systems but also its partners' systems, to find and exploit valuable data.
Our report shows that ransomware and unauthorized access were the leading attack vectors in third-party service provider breaches.
The underlying theme of this year's report is that it takes only one compromised credential to pave the way for unauthorized access and the exposure of sensitive data, including customer data.
Implementing single sign-on, passwordless multi-factor authentication, and effective identity governance practices is vital for preventing unauthorized access.
Download the 2023 Identity Breach Report for all the data and to learn about ways you can protect your customers and your organization from breaches.


This Cyber News was published on securityboulevard.com. Publication date: Fri, 05 Jan 2024 13:43:04 +0000


Cyber News related to Best of 2023: Enterprises Are Getting Better at Breach Prevention. But Attackers Are Getting Better, Too.

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Omdia: Standalone Security Products Outsell Cybersecurity Platforms - In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms. Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of ...
11 months ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Best of 2023: Enterprises Are Getting Better at Breach Prevention. But Attackers Are Getting Better, Too. - As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year. 2023 ForgeRock Breach Report underscores the need for AI-powered identity. We are excited to announce the release of our fifth annual ForgeRock ...
10 months ago Securityboulevard.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
10 months ago Blog.checkpoint.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
11 months ago Securityboulevard.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
11 months ago Esecurityplanet.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
11 months ago Scmagazine.com
Strong Encryption Explained: 6 Encryption Best Practices - Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. Even the strongest ...
10 months ago Esecurityplanet.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
11 months ago Darkreading.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
9 months ago Securityzap.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
10 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
10 months ago Securityboulevard.com
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case - BLACK HAT EUROPE 2023 - London - Former Uber CISO Joe Sullivan last week shared new details about the 2016 data breach at the company that led to his firing from Uber and, later, felony charges. The Uber Breach Sullivan was in his second year as CISO ...
11 months ago Darkreading.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
11 months ago Jdsupra.com
Akumin Files Notice of Data Breach with the Securities and Exchange Commission - On October 16, 2023, Akumin Inc. filed a notice of data breach with the Securities and Exchange Commission after discovering that it had been the recent victim of a ransomware attack. In this notice, Akumin explains that the incident resulted in an ...
11 months ago Jdsupra.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
4 months ago Securityaffairs.com
Evolve Bank data breach impacted fintech firms Wise and Affirm - MUST READ. Evolve Bank data breach impacted fintech firms Wise and Affirm. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
11 months ago Bleepingcomputer.com
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)