Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which came from third-party breaches.
The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places. Corporate employees, like most other users, often reuse their credentials in several places. But the worrisome thing is that many of them are using their work email addresses and passwords as credentials on third-party sites.
Far from running into millions, the average cost of a data breach is less than $200,000, or roughly what firms are spending on IT security systems, according to a study from non-profit thinktank RAND.
The study, published in the Journal of Cybersecurity, challenges the much higher cost estimates provided by the Ponemon Institute. This year that research organization put the average cost of a breach at $4m.
RAND policy researcher Sasha Romanosky analyzed 12,000 events between 2004 and 2015 and found that the cost to each firm was on average less than $200,000. This figure is on a par with the 0.4 percent of revenues that firms in the study spent annually on IT security.
Spam is back in a big way – levels that have not been seen since 201o in fact. That’s according to a blog post today form Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet, stated the blog’s author Jaeson Schultz.
“Many of the host IPs sending Necurs' spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two to three weeks. This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again. At Talos, we see this pattern over, and over again for many Necurs-affiliated IPs,” he wrote.
This scan is looking for devices that contain a vulnerability in their IKEv1 packet processing code that could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
The goal of this project is to identify the vulnerable systems and report them back to the network owners for remediation.