DomUpravljanje rizikomOrganizations are still vulnerable to predictable cyber-attacks

Organizations are still vulnerable to predictable cyber-attacks

Objavljeno na

spot_img

Many organizations continue to be caught off guard by cyber threats, despite experts pointing out that most incidents are preventable. During the IRISSCON 2024 conference in Dublin, it was highlighted that the majority of cyber incidents involve human error, social engineering, and ransomware, according to Phillip Larbey, Associate Director for EMEA at Verizon.

Ransomware and extortion were found to be the main components of attacks in the Verizon Data Breach Investigations Report (DBIR) 2024, making up 32% of incidents. Attackers often exploit vulnerabilities and steal credentials to gain access to sensitive systems undetected. Shockingly, data from the DBIR showed that 47% of vulnerabilities remain unremediated after 60 days of discovery, with 8% still unremediated after 365 days.

To combat these threats, organizations need to be more proactive with their vulnerability management strategies. Larbey emphasized the importance of addressing excessive user privileges, which can make it easier for attackers to move within networks. By utilizing services that monitor dark web activity for compromised credentials, businesses can stay ahead of potential threats.

Dave Lewis from 1Password and Rich Mogull from FireMon discussed the need to prepare for ‘Black Swan’ cyber events, unforeseen incidents such as the NotPetya malware attack in 2017. According to Mogull, while these events cannot be predicted, organizations can still plan for them. By adopting incident response processes similar to those used by emergency services, companies can effectively respond to unexpected cyber incidents.

Incident response frameworks like the US National Incident Management System (NIMS) provide clear steps and procedures for communication and command and control infrastructure in times of crisis. Mogull stressed the importance of having a system in place to account for the unknown and prioritize actions for a swift recovery.

Overall, the key takeaway from the IRISSCON 2024 conference is the necessity for organizations to be proactive in their approach to cybersecurity. By addressing vulnerabilities, limiting user privileges, and preparing for unforeseen events, businesses can strengthen their defenses against evolving cyber threats. Experts urge organizations to take action now to prevent future cyber incidents and protect sensitive data from malicious actors.

Link na izvor

Najnoviji članci

Discussion With An Ethical Hacker

Automated network penetration testing tools have revolutionized the cybersecurity landscape, making vulnerability discovery more...

Enhanced Focus Needed on Mobile and IoT Security in the Industry

The increasing proliferation of Internet-connected devices in our everyday lives, from mobile devices to...

You do not have permission

The cybersecurity company Quick Heal Technologies is gearing up to launch a new anti-fraud...

The Impact of AI on Cyber Risk Quantification

In the realm of cyber risk management, there exists a significant gap in understanding...

Još ovako

Discussion With An Ethical Hacker

Automated network penetration testing tools have revolutionized the cybersecurity landscape, making vulnerability discovery more...

Enhanced Focus Needed on Mobile and IoT Security in the Industry

The increasing proliferation of Internet-connected devices in our everyday lives, from mobile devices to...

You do not have permission

The cybersecurity company Quick Heal Technologies is gearing up to launch a new anti-fraud...
hrCroatian