Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Beamsplitters’ appeared first on Security Boulevard.

In a groundbreaking move, the House Administration Committee, along with the Chief Administrative Officer (CAO) for the House of Representatives, have introduced a comprehensive policy aimed at governing the use of artificial intelligence (AI) within the lower chamber. This policy is a significant milestone designed to foster the secure and effective deployment of AI technologies while addressing cybersecurity risks. The policy, which took effect on August 28, presents a structured approach to assessing and prioritizing AI tools, enabling all House personnel to contribute ideas and technologies. 

The post Breaking Down the House’s New Artificial Intelligence Policy appeared first on Security Boulevard.

APIs are crucial in our digital world, but they also introduce new vulnerabilities. Attackers often exploit these vulnerabilities by concealing malicious payloads within encrypted traffic, rendering them undetectable to traditional security tools. As we observe Cybersecurity Awareness Month, it's important to emphasize the significance of advanced solutions that can detect hidden threats.

eBPF: Illuminating the Dark Corners of API Traffic

eBPF (extended Berkeley Packet Filter) is a powerful method for inspecting network traffic, including encrypted traffic. It works within the Linux kernel to analyze API calls at a detailed level, identifying and blocking malicious activity with speed and efficiency. eBPF provides significant advantages in detecting and responding to hidden API threats without complex decryption processes.

Why eBPF Matters for API Security

eBPF offers several key advantages for API security:

• Deep API Visibility: eBPF offers unparalleled visibility into encrypted API traffic, enabling security teams to detect and respond to hidden threats.
• Performance and Scalability: eBPF is designed to be highly efficient and scalable, making it ideal for analyzing large volumes of API traffic without impacting system performance.
• Flexibility and Extensibility: eBPF is a flexible framework that can be extended to support a wide range of API security use cases, including threat detection and prevention, compliance monitoring, and incident response.

Salt Security and eBPF: A Powerful Combination

Salt Security, a leader in API security, has utilized eBPF to gain exceptional visibility into encrypted API traffic. By leveraging eBPF, Salt Security can:

• Inspect Encrypted Traffic: eBPF enables Salt Security to inspect encrypted API traffic at the kernel level, after ssl termination. This capability allows Salt Security to detect suspicious patterns and anomalies within encrypted payloads, providing essential protection against attacks that would otherwise be unnoticed.
• Increased Visibility: eBPF gives Salt Security detailed insight into API calls, including request and response headers, payloads, and metadata. This information allows Salt Security to create thorough API behavioral profiles, pinpoint subtle deviations from normal patterns, and accurately identify potential threats.

The Future of API Security with eBPF

The evolving nature of API attacks highlights the increasing importance of eBPF in API security. With its ability to offer comprehensive visibility, high performance, and flexibility, eBPF enables security teams to proactively protect their APIs from advanced threats, especially when combined with next-generation security solutions like Salt Security. Salt Security's incorporation of eBPF support demonstrates the potential for this technology to revolutionize how organizations approach API security. eBPF will be a critical component of our future API protection capabilities, allowing us to achieve comprehensive security across all layers by integrating it with our existing AI-powered engine. This integration will facilitate the identification and mitigation of threats at both the kernel and application levels, providing unparalleled protection against sophisticated attacks.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Seeing the Unseen: Salt Security and eBPF appeared first on Security Boulevard.

Modern businesses are increasingly reliant on APIs. They are the building blocks facilitating data exchange and communication between disparate systems. Because of their prevalence and importance, they are also under attack by actors exploiting vulnerabilities and misconfigurations.  Unauthorized access, data exposure, injection attacks, broken authentication, DoS attacks, shadow or unmanaged APIs, insecure API dependencies, and [...]

The post API Gateways and API Protection: What’s the Difference? appeared first on Wallarm.

The post API Gateways and API Protection: What’s the Difference? appeared first on Security Boulevard.

Authors/Presenters:Yiluo Wei, Dennis Trautwein, Yiannis Psaras, Ignacio Castro, Will Scott, Aravindh Raman, Gareth Tyson

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – The Eternal Tussle: Exploring the Role of Centralization in IPFS appeared first on Security Boulevard.

As we enter October, we once again recognize national Cybersecurity Awareness Month, a pivotal initiative to raise awareness about the importance of securing our digital world.

The post Cybersecurity Awareness Month: Building a safer digital world together appeared first on Security Boulevard.

Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

The post OWASP Global AppSec SF 2024: Empowering Developer Security As A Community appeared first on Security Boulevard.

Security operations platform provider Exabeam announced its first product release since acquiring LogRhythm earlier this year, a provider of self-hosted and cloud-native SIEM platforms, log management, network monitoring and behavior and security analytics products.

The post Exabeam Brings AI Security Operations to On-Premises, Cloud Native and Hybrid Environments appeared first on Security Boulevard.

The U.S. and its Five Eyes alliance partners are warning enterprises techniques threat actors use to target Microsoft's Active Directory and ways that they can detect and mitigate such attacks.

The post Five Eyes Agencies Put Focus on Active Directory Threats appeared first on Security Boulevard.

Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have issued a Secure by Design alert to reduce the prevalence of these vulnerabilities. While XSS attacks have been around for years, they remain a persistent threat due to improper handling of user inputs in […]

The post CISA and FBI Issue Alert on XSS Vulnerabilities appeared first on TuxCare.

The post CISA and FBI Issue Alert on XSS Vulnerabilities appeared first on Security Boulevard.

A critical SAML authentication bypass flaw was recently identified in GitLab’s Community Edition (CE) and Enterprise Edition (EE). As of now, GitLab patches aiming to fix the flaw have been released; however, if the fixes had not been released, potential exploits of the flaw may have been detrimental. In this article, we’ll dive into the […]

The post GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed appeared first on TuxCare.

The post GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed appeared first on Security Boulevard.

Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World
madhav
Tue, 10/01/2024 - 06:44

Cybersecurity Awareness Month is an international initiative that focuses on simple ways to protect ourselves, our families, and our businesses from online threats. The 2025 theme “Secure Our World” highlights the pervasiveness of digital technologies that enable connections across the globe and how straightforward, yet effective measures can have a lasting impact.

In a world where our digital lives are increasingly intertwined, every attack vector secured increases the safety of other connected people. And considering how connected we all are to our devices, networks, and the internet at large, this can be a lot of us.

Key Cybersecurity Practices to Implement 1. Use Strong Passwords and a Password Manager

Sadly, less than 40% of all online users use a distinct password for each account, according to the National Cybersecurity Alliance 2023 Oh Behave! report. Reused passwords give cybercriminals bonus access to other areas of a person’s digital life when they’ve only done the work to steal (or buy, or crack) a single credential. Aside from having a different login for each site, current wisdom (a la CISA) suggests that a strong password contains:

• At least 16 characters.
• Randomization, with a mix of letters, symbols, and numbers.
• Potentially a “passphrase” of 4-7 words, although randomization is recommended.

However, even strong and unique passwords have well-documented limitations and risks. As threat actors get savvier about targeting our access credentials, the industry is gradually moving away from passwords altogether and into a passwordless future. This means switching wholesale to other forms of authentication, which may leverage biometric data, PINs, patterns, and passkeys in place of passwords. With more and more platforms supporting passkeys and passwordless authentication, moving away from passwords is becoming easier and frictionless.

In either case – passwords or passwordless passkeys – a password manager is needed (here’s why). With the average person having to keep track of roughly 100 distinct credentials, it’s no wonder that nearly one-third of the internet uses a password manager to wrangle (and “remember”) them all.

2. Recognize and Report Phishing

According to the Thales 2024 Data Threat Report, phishing is the second fastest-growing attack. Phishing tactics are getting sneakier, thanks to AI, and it is more important than ever that employees be able to recognize their telltale signs. Now, AI-based campaigns can churn out word-perfect emails in any language, typically:

• Creating a sense of urgency (creating panic and short-circuiting your critical-thinking brain)
• Encouraging some unsolicited action (like “change your password now” or “download now”)
• Asking for some form of personal information (usually financial data, like in BEC scams)

However, the most effective way to enable people to spot and report phishing emails is to strengthen the “human firewall.” Businesses should invest in security awareness training programs not only for their employees but also for their families to establish a positive culture where everyone is invited to report mistakes, like clicking on a malevolent link.

3. Turn on Multifactor Authentication

Multifactor Authentication (MFA) is a required layer of security by many cloud service providers and even more everyday organizations. CISA, ENISA, and other global security agencies advise that everyone adopts it, as it provides additional layers of defense on top of just passwords alone (a text verification code, or a fingerprint, for example). There are various MFA options available:

• Phishing-resistant MFA is known by CISA as the “gold standard” and encompasses FIDO/WebAuthn authentication and Public Key Infrastructure (PKI)-based methods.
• App-based MFA methods increase security by sending a pop-up or “push” notification to the user’s phone, generating a one-time password (OTP), or using a token-based OTP.
• SMS or Voice MFA simply relies on sending the user a verification phone call or text.

Despite the importance and the variety of MFA methods, Thales 2024 DTR report shows that only 46% of the organizations use multi-factor authentication for more than 40% of their employees. It is essential to note that while phishing-resistant MFA is most effective against AI-enabled social engineering attacks, any form of MFA is much better than no MFA at all. In addition, there’s great business value behind adopting MFA. The Thales 2024 Digital Trust Index indicates that 81% of customers expect brands to offer MFA, which serves as a means to greater loyalty and trust.

4. Update Software: A Critical Defense, But Proceed with Caution

It is crucial that all employees know to accept and apply software updates every time the reminders come up because these are how vulnerabilities stay patched. One Ponemon report noted that 60% of breaches originated from unpatched vulnerabilities, making this simple practice even more vital.

Criminals have quickly embraced AI to spot and exploit even zero-day vulnerabilities. Interestingly, these unpatched gaps open the way for spreading disruptive ransomware attacks. However, businesses, especially in critical infrastructure settings, should patch their systems with caution and not out of fear. Although timely security updates are crucial, it is equally important to test those updates in a controlled environment before rolling them out to minimize the possibility of breaking critical systems.

A Little Goes a Long Way

The overall goal of the Cybersecurity Awareness Month celebration is to enhance data security—either personal or corporate data. As these highlighted methods show, it doesn’t have to be difficult to use or implement. In fact, keeping it simple will help you meet your users where they are and give them practical tools they can implement without reaching too far outside their comfort zones, which will increase the chances of engagement and long-term adoption.

Also, if you are a business, complement the above best practices with solutions that offer robust application and data protection to reduce the potential of a data breach. These solutions can provide a proactive compliment to employee security awareness efforts, letting you know where your data resides, who is accessing it, and when it is at risk. Combined with the above user-friendly methods, Imperva’s solutions allow employees to be your first line of defense and enterprise-ready cybersecurity tools to be your last.

Now that’s defense-in-depth to secure our world!

Data Security Identity & Access Management

Ashvin Kamaraju | Vice President of Engineering, Strategy & Innovation
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World",
"description": "Learn practical tips for enhancing cybersecurity during Cybersecurity Awareness Month 2024. Discover key strategies like strong password management, recognizing phishing attacks, enabling MFA, and updating software.",
"datePublished": "2024-10-01",
"author": {
"@type": "Person",
"name": "Ashvin Kamaraju",
"url": "https://cpl.thalesgroup.com/blog/author/akamaraju",
"sameAs": "https://www.linkedin.com/in/ashvinkamaraju/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/identity-data-protection/cybersecurity-awareness-month-2024"
}

basic

The post Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World appeared first on Security Boulevard.

User interaction with online platforms, applications, and websites has become a fundamental aspect of daily life. Whether you’re shopping, managing finances, or engaging with social media, your interaction with a user interface (UI) shapes your experience. However, not all UI designs have your best interests in mind. Hackers sometimes use clickjacking and dark patterns to […]

The post How Dark Patterns Trick Users into Unintended Actions? appeared first on Kratikal Blogs.

The post How Dark Patterns Trick Users into Unintended Actions? appeared first on Security Boulevard.

The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs (‘game hacks’) to get ahead. Although some of these programs offer legitimate game boosts, malicious actors frequently leverage these game hackers’ interest in modifications to deliver malware. One such example can be found in the game […]

The post Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters appeared first on Blog.

The post Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters appeared first on Security Boulevard.

After putting its controversial AI-based Recall feature on hold in June, Microsoft rearchitected many of its features to address the security and privacy concerns that users and experts raised and will release it for the upcoming Windows Copilot+ PCs.

The post Microsoft Readies a More Secure Recall Feature for Release appeared first on Security Boulevard.

Authors/Presenters:Jinzhu Yan, Haotian Xu, Zhuotao Liu, Qi Li, Ke Xu, Mingwei Xu, Jianping Wu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Brain-on-Switch: Towards Advanced Intelligent Network Data Plane via NN-Driven Traffic Analysis at Line-Speed appeared first on Security Boulevard.

The financially motivated Storm-0501 threat group is attacking hybrid cloud environments in the United States by compromising on-prem systems first and moving laterally into the cloud, stealing data and credentials and dropping the Embargo ransomware along the way, Microsoft says.

The post Storm-0501 Gang Targets US Hybrid Clouds with Ransomware appeared first on Security Boulevard.

Overview: IBM's Cost of a Data Breach Report 2024About the report

IBM’s annual 2024 Cost of a Data Breach Report provides IT, risk management, and security leaders with timely, quantifiable evidence to guide them in their strategic decision-making. The report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024.

About the research

The research for this report was done by Ponemon Institute on its own and was sponsored, analyzed, and published by IBM. Researchers looked at organizations across 17 industries, in 16 countries and regions, and breaches that ranged from 2,100 to 113,000 compromised records. It also included interviews with 3,556 security and business professionals from the breached organizations.

This article delves into the key takeaways from the report, examining the financial impacts and emerging trends in data security. We will explore the effectiveness of new technologies in breach mitigation, the costs associated with cloud security threats, and the other elements that play a critical role in preventing breaches. By unpacking these insights, organizations can better prepare themselves against the rising tide of cyberthreats.

Seven Key Takeaways Let’s look at some of the most important insights and lessons from this year's report and how companies can transform them into strategies.

Takeaway 1: Data breach costs hit new highs with a 10% spikeNotable stats: The global average cost of a data breach surged to $4.88 million in 2024, reflecting a 10% increase from 2023‌—the largest annual spike since the pandemic. The main factors contributing to this increase are the costs associated with business disruption, lost customers, and post-breach responses, such as regulatory fines and customer remediation efforts.

Other findings:

The United States had the highest average breach cost at $9.8 million
Healthcare remains the costliest industry for breaches at $9.8 million per breach
Mega breaches (those involving 1 to 10 million records) represent only a small fraction of incidents but were nearly nine times more expensive than the average breach, starting at around $42 million per breach
Noncompliance with regulations - 22.7% increase in the share of organizations paying fines of more than $50,000
Law enforcement involvement lowered breach costs by 20%

Fig. Global average cost of a data breach, IBM Cost of a Data Breach Report 2024

These figures demonstrate the rise of cyber assaults and the progressive complexity of the daily dangers that organizations encounter. Bad actors are using various advanced methods to breach defenses and carry out their attacks.

Key lesson: Know and protect your data landscape

Data breaches significantly impact businesses, rather than just causing small disruptions. They lead to substantial financial losses, reputation damage, and the erosion of customer confidence. It's then vital to enhance data security measures and assess potential data risks to prevent attackers from breaking in.

How Zscaler helps

Zscaler Data Security Posture Management (DSPM) can identify and protect sensitive data to mitigate the risk of data exposure, breach, and regulatory non-compliance. With Zscaler, organizations can improve visibility, conduct regular risk assessments, prioritize risk remediation, ensure compliance, and reduce data breach risk.

Takeaway 2: Exploding cloud data is a prime targetNotable stats: About 40% of all breaches involved data distributed across multiple environments. Data breaches solely involving public clouds were the most expensive type of data breach, costing $5.17 million on average, a 13.1% increase from last year.

Key lesson: Strengthen risk assessment and remedy

Multicloud environments and cloud native architectures have created both complexity and a data explosion that’s becoming increasingly difficult for security professionals to manage, making organizations vulnerable to breaches. Teams struggle to understand which data is in the cloud, where it’s located, and who’s using it.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

Moreover, cloud services and configurations change frequently, which can lead to data exposure. It's crucial to actively monitor, assess, and fix risks associated with new and changing data services before bad actors can exploit them.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

How Zscaler helps

DSPM seamlessly covers a variety of cloud environments and reads from various databases, data pipelines, object storage, and much more. What’s more, it’s managed and self-hosted to provide a single, consistent view of data across clouds, geographies, and organizational boundaries. This single view helps security teams to evaluate the risk of sensitive data across multicloud environments rather than individually.

Takeaway 3: Shadow data increases the risk and potential cost of breachesNotable stats: As per the report, 35% of data breaches involved shadow data, and breaches involving shadow data led to a 16% higher cost on average. Moreover, breaches involving shadow data took 26.2% longer to identify and 20.2% longer to contain. These resulted in data breaches lasting longer than the normal average life cycle of 291 days, 24.7% longer than data breaches without shadow data.

Fig: Cost of data breach including shadow data, IBM Cost of a Data Breach Report 2024

Key lesson: Monitor and protect shadow data

Managing data security across environments becomes further complicated by the impact of unmanaged or shadow data. Shadow data can cause large financial losses to a business if breached, and must be tightly secured as such. This data is often invisible to security teams, making it difficult to track, classify, and secure.

How Zscaler helps

Zscaler DSPM scans cloud data repositories to discover structured and unstructured data stores to give a clear view of the data landscape, inventory, and security posture. Security teams can easily track, classify, and secure shadow data while reducing the risk of breaches.

Takeaway 4: Common attack vectors cause substantial damage Notable stats: Credential-based attacks were the most common attack vector, accounting for 16% of all breaches. On top of that, they took the largest amount of time to identify and contain—an average of 292 days, approximately 10 months—resulting in some of the highest breach costs.

Phishing was the second-most costly common attack vector, at $4.76m on average, which led to 15% of breaches. Other common vectors included cloud misconfigurations, email compromises, and vulnerabilities that led to 15%, 9%, and 5% breaches.

Fig: Average response time to identify and contain breaches caused by common attack vectors, IBM Cost of a Data Breach Report 2024

Key lesson: Focus on consistent security across environments

Organizations need a robust data security strategy that can decode weak signals to uncover hidden risks and threats, analyze attack patterns, and help security teams with swift incident response to secure data.

How Zscaler helps

Integrating DSPM solutions with cloud environments allows security teams to monitor data flows—including tracking data, access, actions, and data transfer. Organizations can leverage artificial intelligence (AI), advanced threat correlation, analytics, and machine learning (ML) to identify patterns that indicate potential security risks, such as unauthorized access, abnormal data transfers, or attempts to exfiltrate sensitive data.

Moreover, encompassing a single DLP engine for your entire data protection solution lets organizations create a policy once and apply it everywhere in their environments.

Takeaway 5: Critical infrastructure organizations under pressure to secure crown jewelsNotable stats: For the 14th year in a row, the healthcare sector saw the costliest breaches across industries with average breach costs reaching $9.77 million. While the report highlighted a 10.6% decrease from 2023, healthcare remained a prime target for cybercriminals, followed by financial services, industrial, technology, and energy organizations. Organizations in these industries also reported the largest fines for regulatory violations such as GDPR violations.

Fig: Cost of data breach by industry, IBM Cost of a Data Breach Report 2024

Key lesson: Modernize and simplify security stack

Organizations in these industries generate and hold a vast amount of personal and sensitive information, with data often data scattered with default access. It’s loosely exchanged with third-party partners, such as agencies, research firms, and service providers, which creates opportunities for data breaches and insider threats, underscoring the need for stringent data protection protocols.

Most organizations opt for a siloed security approach with multiple security products that exacerbates the complexity of security challenges. As such, it’s crucial for organizations to modernize their security stack to better protect data and reduce breach costs.

How Zscaler helps

With Zscaler's comprehensive data protection platform, organizations can secure their structured and unstructured data across all channels, including web, SaaS, public clouds (AWS, Azure, GCP), private apps, email, and endpoints.

Takeaway 6: AI and automation reduce breach costsNotable stats: 53% of organizations that experienced a data breach in 2024 reported significant shortages in their security staff. This shortage is directly linked to higher costs associated with data breaches, as organizations with severe staffing shortages had to pay an extra $1.76 million for breach-related expenses.

In the face of this growing challenge, there’s been a marked shift towards AI and automation tools within security operations. The report highlights the fact that AI and automation can alleviate some of the workload and optimize security. According to the report, organizations that deployed security, AI, and automation extensively across their operations saved an average of $2.2 million compared to those that did not.

Fig: Cost of a data breach by AI and automation usage level; IBM Cost of a Data Breach Report 2024

Key lesson: Implement advanced AI and automation for data security

For organizations seeking to mitigate the risk of a data breach, investing in security automation is no longer optional—it’s essential. Due to a shortage of skilled manpower, companies have had to manually enforce security processes and data security policies, which can prove to be error-prone and inefficient, particularly in complex cloud environments.

Moreover, human error can introduce risks such as misconfigured access control or overlooked data transfers. AI and automation can enable security teams to act faster, reducing the time to identify and contain breaches, which in turn lowers breach costs overall.

How Zscaler helps

Organizations can leverage AI-powered DSPM to understand data context, making discovery and classification affordable at scale, and empowering cross-functional teams to be part of the solution. Moreover, DSPM can enforce automated, consistent security policies, like encryption, access control, data retention, and deletion, across various environments, ensuring uniformity and reducing non-compliance risk. By automating security policies, organizations can streamline processes to ensure that data is secured according to established rules and regulatory requirements.

Takeaway 7: Slow response increases risk and costNotable stats: The average time to identify and contain a data breach dropped to 258 days, reaching a 7-year low, compared to 277 days the previous year. Roughly one-third of organizations took more than three-quarters for a complete recovery.

Fig: Time to identify and contain a data breach, IBM Cost of a Data Breach Report 2024

Key lesson: Enhance breach detection and incident response plans

This is a significant amount of time to detect and contain breaches, and it highlights the importance of having a strong plan in place to detect and contain data breaches as quickly as possible.

How Zscaler helps

Zscaler DSPM leverages AI, ML, and advanced threat correlation capabilities to aggregate and effortlessly transform security data into meaningful insights to uncover hidden risks or attack vectors that could lead to a compromise or breach. This can be backed by near-real-time alerts and notification with remediation guidance that enables security teams to focus on what matters most.

The Bottom Line

The IBM Cost of a Data Breach Report 2024 highlights the growing financial impact and operational risks posed by data breaches. The threat landscape is becoming more challenging, growing more complex and dangerous. Given the report's findings, it’s clear that organizations without a modern and advanced security stack are at a considerable disadvantage, facing longer breach life cycles and higher associated costs. ‌

Investing in the right tools and strategies like Zscaler Data Protection and DSPM is not just a good choice, but a critical action that organizations must take to better protect themselves from the rising costs of data breaches. This will help them succeed and be resilient in the future.

Interested in learning more about Zscaler and how it can help prevent risk of data breaches?

Register for our upcoming webinar: Dissecting Cloud Data Breaches with DSPM
Watch on demand: Webinar: Why Does DSPM Belong In Your Data Protection Strategy?

Schedule a 1:1 Demo today to learn more about ‌our innovative solutions that secure your valuable data assets against the evolving threat landscape. Our team will work with you to assess your current security posture, identify potential vulnerabilities, and tailor a solution that maximizes protection and efficiency.

The post 7 Key Takeaways From IBM's Cost of a Data Breach Report 2024 appeared first on Security Boulevard.

by Source Defense A new report by Recorded Future’s Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Source Defense.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Security Boulevard.

URL rewriting, a service designed to neutralize malicious URLs by redirecting users to a safe environment, has been a common practice in email security. However, as cyberthreats evolve, it’s becoming clear that this approach has limitations and potential vulnerabilities. Contact us to learn more. The Origin of URL Rewriting  URL rewriting emerged as a creative […]

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security first appeared on SlashNext.

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security appeared first on Security Boulevard.