 |
 |
 |
 |
 |
 |
 |
Protect Against the Number One Cause of a Data Breach – Human Error
CISOs around the world agree – human error is the most dangerous threat that any cybersecurity plan can face. In a recent study, 55% of survey respondents noted that human error and lack of cybersecurity awareness is their top concern. Even though they were concerned, 44% of the survey respondents stated they did not know how to discover who should be counted among the most at-risk employees for a major mistake.
So how can an organization add protection that helps guard against damage done by employee cybersecurity mistakes if it doesn’t know who might be in line to make those mistakes? By adding a strong guardian that protects your systems and data from all sorts of cybersecurity disasters that’s both effective and cost-effective.
Using a secure identity and access management solution like Passly to guard your access points is the fastest way to stop many of today’s worst threats without breaking the bank. It’s a crucial mitigation for today’s flexible workforce, enhancing security no matter where your staff is working from. That’s why more than 40% of CISOs chose secure identity and access management as their top cybersecurity priority in 2021.
The biggest shield that you gain against cybercrime with Passly is multifactor authentication. This single mitigation on its own can stop more than 90% of password-based cybercrime. That includes the majority of attacks based on credential compromise, the damage from password theft by phishing, the dangers of reused passwords and many other common human error driven catastrophes. Multifactor authentication is an absolute must-have for every business.
Every employee makes errors. Security awareness training and building a strong cybersecurity culture are important to reducing the incidence of mistakes, but you’ll never stop them all. By taking the proper precautions against damage caused by human error, you can keep your systems and data safe even when staffers aren’t on their toes.
Dark Web ID’s Top Threats This Week
United States – Syracuse University
Exploit: Unauthorized Access to Email
Syracuse University: Institution of Higher Learning
Risk to Business: 2.379 = Severe
An unknown party gained unauthorized access to an employee’s email account at Syracuse University. The university launched an investigation with a third party firm that determined in early January that emails and attachments in the account that had been improperly accessed did contain names and Social Security numbers of students, and those affected who have been informed by letter.
Individual Risk: 1.347 = Severe
Impacted students may have had names and Social Security numbers exposed. officials aren’t clear on how much data was stolen or who may have taken it. Students should be alert to potential identity theft or spear phishing attempts
Customers Impacted: 10,000
How it Could Affect Your Business: Data like this is a currency on the Dark Web, and it can hang around for years acting as fuel for future cybercrime like phishing.
IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – Chess.com
https://www.hackread.com/vulnerability-chess-com-50-million-user-records-accessed/
Exploit: Security Vulnerability
Chess.com: Gaming and Resource Site
Risk to Business: 2.211 = Severe
Security researchers found a critical bunch of vulnerabilities in chess.com’s API. The flaws could have been exploited to access any account on the site. They could also be used to gain full access to the site through its administrator panel. The website quickly fixed the problem after they were informed. There’s no current evidence that it was accessed by bad actors before it was patched.
Customers Impacted: 50 million
How it Could Affect Your Business Security vulnerabilities can lead companies down dangerous paths and expose them to unexpected risks. Building a strong security culture helps make sure everyone is on the same page when it comes to data protection.
IntegraMSP to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. LEARN MORE>>
United States – Nebraska Medicine
https://apnews.com/article/technology-data-privacy-nebraska-94d8a76d2b772a3014773023c989d71a
Exploit: Malware
Nebraska Medicine: Health System
Risk to Business: 1.663 = Severe
Nebraska Medicine and the University of Nebraska Medical Center have begun notifying patients and employees whose personal information may have been compromised in a breach in late 2020. Bad actors gained access to Nebraska Medicine and UNMC’s shared network using unnamed malware. The breach led to the interruption of some services including the postponement of patient appointments and required staff in the system’s hospitals and clinics to chart by hand.
Individual Risk: 2.101 = Severe
Nebraska Medicine officials say that the incident did not result in unauthorized access to the health system’s shared electronic medical record application. However, an unspecified number of records that included information such as names, addresses, health insurance data, Social Security numbers and clinical information was compromised. Patients and employees should carefully watch for identity theft, spear phishing or fraud attempts using this data.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware isn’t the only kid on the block when it comes to causing a data breach – many types of malware are available for bad actors to use, and they can do devastating damage without the ransom.
IntegraMSP to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. LEARN MORE>>
United States – Oldsmar Water Treatment Plant
https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/
Exploit: Credential Compromise
Oldsmar Water Treatment: Municipal Water System Plant
Risk to Business: 2.022 = Severe
In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Recycled, reused, and weak passwords can cause trouble for years, and that’s especially dangerous when they give access to critical infrastructure like this.
IntegraMSP to the Rescue: Passly is an essential protection for every business, adding multifactor authentication that stops more than 90% of password-based cyberattacks. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.