Verizon's 2023 Data Breach Report

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] this is TWiT this episode of tech break is brought to you by ACI learning your it skills are outdated in about 18 months stay ahead of the curve and strengthen your it expertise with affordable certification-based learning that will launch or Advance your career individuals use the code twit 30 for 30 off a standard or premium individual it pro membership at go.aclearning.com twit so I want to jump in I'm going to continue the theme of data security and I want to take you through a recent report put out there by Verizon now the report is released each year and actually captures some really trendy topics for organizations to focus on now this adventure Brill actually distills some of the report down to a set of things that people should focus on essentially what it services in the report is that attackers are actually finding new ways to exploit human vulnerabilities such as stolen credentials privilege misuse human error social engineering and even business email compromise that's out there the report emphasizes the need for cyber security providers to actually enhance their identity privilege access and endpoint security to effectively protect their users and their customers now one key finding is significant rise in pre-texting attacks which have actually doubled in just a year tech companies are increasingly targeted with pre-texting as part of an orchestrated social engineering set of attacks and this is where actually threat actors assume a false identity in order to gain access to sensitive information now this tactic is actually aimed at manipulating their victims Goodwill and and Trust as well often involving you know financial assistance in fact the median theft amount for those business email compromise scenarios has increased to fifty thousand dollars so they make quite a bit out of it the report also highlights the challenge of Insider threats as well which account for one out of every five breaches Insider attacks are particularly difficult to detect and prevent making them really and nightmare for those csos out there in fact leading cyber security vendors are leveraging Ai and machine learning to actually detect and respond to suspicious network activity and provide real-time alerts additionally system intrusion basic web application attacks and social engineering continue to be a prominent attack strategy that's out there basic web applications attacks have increased understanding the need for robust application security and zero trust access Solutions now ransomware is also in there as well remains a lucrative strategy for attackers especially Industries like Financial Services now the medium cost per Ransom incident has more than doubled in the past two years to twenty six thousand dollars ransomware attacks now account for 62 percent of all breaches the report emphasizes the importance of prompt response to new threats and in fact it exemplified by the log 4J vulnerability that's out there exploits Peaks just 17 days after the flaw was discovered uh any need for organizations to actually prioritize patching in fact we just talked about a story recently at a Fortinet says this area the report also urges organizations to reassess their cyber security strategies and to consider the evolving nature of attacks a comprehensive approach that addresses human factors Insider threats and Rapid attack strategies is crucial now building a cyber security culture is you know it promotes vigilance it also helps resilience and it's a constant adapts into essentially in today's threat landscape lots of good information in this report so definitely check it out but what I would like to do is get your comments questions about it as well so I want to go ahead and post them in Discord or even isg right now we'll try to take them plus I want to see if I can maybe queue up a couple people in the Discord stage as well and I also want to bring my guest in here as well to get his thoughts on the report and today we have ROM Ron Ryder he's co-founder and CTO of Sentra welcome to show run thank you thank you for having me absolutely now you know our entire focus of this this episode is is data security and I wanted to start with just a couple questions for you know you you you probably had a chance to hear my summary even read the article what what's kind of jumped out at you from this particular report I think the most uh obvious thing that at least relates to daily security is the uh um prevalence of ransomware attacks I think this is something that's here to stay and it's just growing because it's just financially it makes sense financially for the attackers to use ransomware attacks um and it's you know Bitcoin making it very easy for them for the attackers to to extort the data to the the organizations to uh pay them back so they can have the data back um and it's something that I think just shows how much data is at the center and then the core of the the value of you know breaking in to an organization right so once you you break in it as you can see the number one thing that uh attackers do is look for the sensitive data or the data that involves business continuity right so that's that's really uh the thing that jumped out the first thing now the report actually highlights the grow like the really the growing prominence of pre-testing attacks you know this is where the social engineering attacks which are essentially doubled is this a common threat that you see organizations run into is just they have gaps in their processes and they're able to be um exploited that in that way yeah I think in terms of of these uh human weaknesses of course it's it's something that's also going a lot and it's something that's not really it this this type of attack is something that will is here to stay no matter what what will happen in the future right it's something that's the human factor is always the weakest link so no matter how much we can find daily security tools or any security tools to avoid that then this problem is is very uh it's it's a problematic problem but I do think that in the future uh actually due to things like large language models uh there might be some new additional novel ways to actually tackle this issue yeah I do any I definitely want to talk about Ai and I'm sure that we'll talk about that as well in in the central segment as well but I did I think it's interesting in fact Gumby mentioned in our chat room um the fact that human element is the growth area of these types of attacks and it's true in fact we're they were talking about a little about the pre-texting uh attacks as well as Insider threats this is essentially a big significant challenge for organizations out there because the fact that you are we we like to call them the Rogue admin attack or the the fact that these you know people have access to this data and it's really difficult to prevent have you is you are you seeing ways that organizations are essentially protecting themselves from that type of attack yeah I think uh first of all it's a it's a big problem right that um because because of for example things like cryptocurrency uh you could never actually find or disclose the attacker even if it's an Insider threat so this problem will also continue to evolve um so in terms of the from what I see and from what I can think of the only way to actually mitigate Insider threats is to have um zero trust data security right to proper access controls uh figure out where your uh dark data Shadow day uh your sensitive data is Overexposed over privileged if you uh do security right and specifically data securely right then insiders become much less of an issue right right yeah I think the you know it's interesting because you know these types of attacks are really hard to to uh detect and uh and obviously there are ways to do this there's there's obviously if you're storing data in places that can be audited where they can be audit Trails uh available for you know there can be tools that can essentially go out and determine if somebody's accessing something that they haven't accessed for a long time or they're essentially exporting it or downloading it um so there are ways to help mitigate this and detect this essentially but it means that you have to implement these solutions to get there so that's that's the hard part um and I'm sure that there's there's other ways to mitigate it as well but it requires additional X you know experts and additional support now there was it's interesting that this port report also calls out the fact that ransomware is on the rise now we know that that obviously and we've seen that in fact it says that uh 62 percent of all breaches that are out there are ransomware what are what are organizations doing to protect against that because that seems to be a combination of a little bit of social engineering because there's of course there's business email compromise that's in there there's um obviously exploiting other things that you know something on your network and being able to install something like you were saying uh maybe getting it onto a machine that they can then go and use as a starting point or as a vector to another machine that they can then go and compromise and then eventually eventually encrypt um so what are the same techniques that are for protecting against the other things they're also protecting for ransomware as well yeah I think um what organizations do and you should do more uh to avoid ransomware attacks is is mostly to affect our data security uh posture but also uh that what does that mean so it means uh first of all making sure that if someone gets your data uh for the sake of business continuity you have to make sure that it's backed up and that's the attacker isn't able to actually manipulate it or delete it in a way that's that the business continues is uh uh affected uh but it doesn't completely help the issue right because if ransomware even if um a good cyber security expert will be able to make sure that no data is is uh deleted and still um you know ransomware and in the form of of uh data leaks right of people threatening to uh to uh leaked it is also something that's a huge issue so so backing up data is one thing but it won't really help the only thing that could actually truly help is to uh mitigate the the exposure of sensitive data the the report suggests that despite you know the increased cyber security spending breaches continue to be you know coming in at an alarming rate now I want I want to maybe get your opinion on this what do you think some of the key factors are contributing to that maybe the disconnect between investment versus essentially Effectiveness what's going on there yeah that's a great question I think you know Insider threats or or uh social engineering attacks go through your uh whole security budget right it doesn't matter how much you put your dollars on the infrastructure security and once that people have access then you know that's one thing you're seeing I think again with data security and center of things my company right we realized that and we're trying to change that because putting dollars on infrastructure uh doesn't really uh change anything right so I think that's why we're seeing uh uh this change um and I think there's not much to do other than to really understand how to mitigate uh um the the exposure of data it just doesn't matter it doesn't matter which firewalls you buy or which uh application security you uh you try to put on SAS security it's it's it all comes down to locking your data up as much as you can makes sense now I'm not sure if this is um news but obviously report highlights the importance of proactive approaches to cyber security so you're the fact that you assume breach will help you essentially Implement preventative measures um can you maybe obviously maybe using tools like your company as well but can you maybe provide some practical steps you've seen for organizations that they can take take to essentially adapt that kind of mindset and maybe even strengthen their cyber security defenses that are out there yeah of course um so the goal to minimize the chances of ransomware attacks and data leaks is to protect your sense of data the crown jewels of your company right so the first thing you need to do is to really understand where your sensitive data is right so you have to continuously and automatically discover all of your data so actually in the cloud it's it's uh feasible uh uh and when you had your own Prime environments the technology didn't really allow it to do it easily but nowadays in Cloud you do have the apis and the technology to actually know exactly where your sensitive data is uh without even relying on your developers knowing uh how to do that right so so you you do need a good tool to do that uh once you have full discovery of sensitive data and automatic classification uh then you can at least know where your essential data is and then you put on top of that you put the security context you need to understand if the data is moving somewhere is it uh someone trying to copy it is it over privileged uh is it is it misconfigured in terms of data store that's hosting this data right once you understand the security posture of the data you can basically reduce the chance of it leaking [Music] [Applause] [Music]

Info

Channel: TWiT Tech Podcast Network

Views: 1,786

Rating: undefined out of 5

Keywords: TWiT, This Week in Tech, TWiT.tv, technology, tech news, Enterprise, data breaches, verizon 2023 data breach report, cybersecurity, sentra.io, ransomware, Lou Maresca, ron reiter

Id: uPEArG918uk

Channel Id: undefined

Length: 13min 34sec (814 seconds)

Published: Wed Jul 12 2023