The Most Read Content On Cyber Security Hub

Phishing, Credential Stuffing, Insider Threats, Cloud Misconfigurations and Retail Point-Of-Sale Malware

Add bookmark

Jeff Orr

The Most-Read Cyber Security Content

A good list of articles to read is only as good as those that build it. For this Most Read Content article, we ran the numbers to find out what you, our audience, found most worthy reading. We decided to cap the list at the Top 10. Let us know if this matched your own results.

“It’s All About That Breach, ‘Bout That Breach, … Ex-posed”

Sorry about creating that little earwig there. If there’s one thing we will gladly toot our own horn about, it’s getting you the analysis of how a mega-breach of 1+ million records could have been avoided and the steps your organization can take to make sure you have mitigated the vulnerability.

Our Top 5 Cyber Security Breaches So Far article ranks the five most damaging enterprise cyber security breaches to date. While we wish that the list was looking only into the past, the reality is that we’ll keep updating the content as new disclosures are made.

Machine Learning And Artificial Intelligence Enabling Cyber-Attacks To Scale

Technology is not only available to the enterprise cyber defense team. Affordable access to cloud processing and storage along with machine learning algorithms are empowering threat actors to scale both the quantity and frequency of their attacks. And the attacks vectors have shifted from critical network and system infrastructure to “whales”; people in your organization with access to sensitive company information and authorization to perform financial transactions. Here’s an example of how powerful impersonation phishing has become:

AI Could Escalate New Type Of Voice Phishing Cyber Attacks: The Israel National Cyber Directorate (INCD) issued a warning of a new type of cyber-attack that leverages artificial intelligence (AI) technology to impersonate senior enterprise executives.

Data Breach Cost: The Long-Tail Effect On An Organization

When thinking about cyber incident response planning, it often has these “bookends” defining the start and finish. Market research examining thousands of enterprise data incidents shows that organizations should instead expect a long-tail effect to occur. We say, “A data incident is a process and not an event.” The following article helps convey this business planning challenge:

Quantifying The Enterprise Cost Of A Cyber Security Data Breach: No industry sector can claim immunity from data breaches. The impact to an organization goes well beyond the actual incident. New data from actual incidents around the world suggests the estimated cost for an enterprise data breach.

Eight Economic Sectors Represent Bulk Of Reported Data Breaches

Top 8 Industries Reporting Data Breaches In The First Half Of 2019: The exposure of user records is one of the most detrimental outcomes from modern cyber-attacks. During the first half of 2019, more than 1,400 data breaches were publicly disclosed. In analyzing the data, eight economic sectors stood out for having the most reported breaches.

Incident Of The Week – Cautionary Tales For Enterprise Cyber Leaders

Phishing, credential stuffing, insider threats, cloud misconfigurations and retail point-of-sale malware. These were the underlying causes of some of the most impactful attacks on enterprise organizations. We capture the best-of-the-best every week in our Incident Of The Week column. And here are 8 of the most-read incidents and what you can be on the lookout for in your own organization:

Historic Capital One Hack Reaches 100 Million Customers Affected By Breach: A closer look at what happened in the Capital One mega-breach, the kinds of data compromised, and the financial services organization’s response.

State Farm Insurance Discloses Recent Credential Stuffing Attack: Insurance provider State Farm has notified policy holders that it recently observed login attempts to user accounts that were symptomatic of credential stuffing cyber-attacks. The company reset the passwords of affected accounts and has sent notifications alerting customers of the situation.

Dunkin Donuts Reports Credential Stuffing Attack: Dunkin’ Donuts first reported a credential stuffing attack at the end of November last year, and is now notifying users of more account breaches following a new attack.

Passwords And Biometrics Info For One Million Users Exposed In BioStar 2 Data Breach: Employee ID cards can be replaced if lost or stolen. However, if the leaked data contains your face, fingerprints, or iris scan, the effects may be felt for life. Cyber Security Hub examines data exposed for 1 million users of the BioStar 2 biometrics platform.

Oregon DHS Target Of Phishing Attack: The Oregon DHS recently began notifying about 645,000 clients that their personal data was potentially breached during a spear-phishing attack. Nine employees fell for the email campaign providing their user credentials, giving hackers full access to more than 2 million emails.

Multiple Yahoo Data Breaches Across 4 Years Result in a $117.5 Million Settlement: Yahoo has had a years-long history of both data breaches and cases where hackers break into systems but do not take anything. The collective hacks have led to an eventual court settlement. We address what CISOs must learn from this breach.

Dominion National Finds Evidence of Data Breach Nearly a Decade Later: In late April 2019, Dominion National investigated an internal alert with the assistance of an outside cybersecurity firm. The results showed that unauthorized parties could have had access to some of the company’s servers since August 25, 2010.

6 Lessons Learned From The Citrix Breach: On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network, according to Stan Black, CISSP and the CSIO of Citrix.

See Related: Cyber Security Hub Market Reports