Tag Archive for: verizon

The significance of CIS Control mapping in the 2023 Verizon DBIR


Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS (Center for Internet Security) controls to Verizon’s incident classifications.

CIS Controls mapping

The CIS Controls serve as a starting point for organizations to build their risk assessments and implement safeguards to protect against system intrusions, social engineering attacks, basic web application attacks, miscellaneous errors, and lost and stolen assets—categories that have proven to be critical factors in previous security incidents.

Let’s examine how businesses can leverage this integration to proactively mitigate risks and strengthen their security defenses.

The importance of mapping CIS Controls to Verizon’s incident classifications

The mapping of CIS Controls to Verizon’s incident classifications presents organizations with an opportunity to optimize their security resources by aligning them with real-world security incidents. Organizations should consider conducting a comprehensive audit and risk assessment of the CIS Controls outlined in the DBIR by Verizon.

Instead of solely focusing on meeting the fundamental CIS Controls, organizations can now dive deeper into the analysis of CIS Controls that directly address the areas identified as having the highest impact in the report. By doing so, organizations can enhance their security posture, allocate resources more effectively, and better protect themselves against the most critical threats and vulnerabilities highlighted in the DBIR.

Leveraging CIS Controls to enhance risk assessments and safeguard implementation

The CIS Controls provide guidance on a comprehensive set of security measures that organizations can implement to mitigate risks and protect against various threats and vulnerabilities. Using something like DBIR research evidence to simplify the “why” (as to priorities in the CIS Controls) can help provide focus on the right actions to take.

These controls cover a wide range of critical areas, including data protection, secure…

Source…

Ransomware attacks have room to grow, Verizon data breach report shows


Ransomware attacks now make up an huge chunk of all recorded security incidents, the Log4j vulnerability was used in 3 in 4 digital espionage campaigns and employees continue to pose more of a practical cyber threat to most organizations than the Russian GRU or Chinese Ministry of State Security.

Those are some of the conclusions gleaned from the latest annual Verizon Data Breach Investigations Report released this morning.

Verizon’s findings are drawn from 16,000 security incidents over the past year, including over 5,000 data breaches from Nov. 1, 2021 to Oct. 31, 2022.

A plurality of 15,000-plus incidents (42%) were distributed-denial-of-service (DDoS) attacks, which can disrupt service from or access to websites and other systems.

There are solid indicators that DDoS attacks are getting worse, or at least more intense, as the internet of things (IoT) give attackers billions of zombie devices to hijack and incorporate into botnets. Over the past two years, companies like Cloudflare and Yandex have observed increasingly larger and record-breaking  DDoS attacks, while the U.S. Department of Justice recently highlighted its interest in the problem when it targeted and seized 13 domains used in various “DDoS for hire” operations earlier this year.

Ransomware holding steady

A number of threat intelligence and cybersecurity firms have said their internal data, gleaned from customers and incident responses, indicate that ransomware activity dropped off in 2022, before jumping back up in the first half of 2023. Verizon’s data shows a similar trend, with reported ransomware incidents plateauing over the past 24 months at 24%, after years of steady growth.

After steady growth since 2019, reported ransomware activity has plateaued over the past two years.(Source: Verizon Data Breach Investigations Report 2023)
After steady growth since 2019, reported ransomware activity has plateaued over the past two years.(Source: Verizon Data Breach Investigations Report 2023)

However, if someone does break into your system, the most likely cause will be ransomware. Encryption and extortion overall have risen to 15.5% of all reported cybersecurity incidents, the second most frequently reported action after DDoS. It’s also the No. 1 most-frequent action taken by hackers during incidents system intrusion incidents.

These results are “staggering,” and…

Source…

Google PassKey Next Gen Security Eliminates 2FA & Sim Swap Scam | How To Use Feature & Sign In Now



T-MOBILE THE RE CARRIER: ending autopay discount and putting you at risk!