Re: Yahoo’s Data Breach May Be Good For Overall Security Standards
Sondra Pevy
To foster a better understanding of cyber risk across the organization, stakeholders must be well-informed about the relevant trends and drivers, including shadow IT, the financial ramifications of data breaches, the human factor in security, stringent governance, risk, and compliance (GRC) demands, and security tooling efficacy.
An effective cybersecurity asset management strategy is an essential foundation for CTEM, providing the requisite visibility, context, and control. However, the crucial question persists: How do we effectively articulate the potential returns within the boardroom?
Each year, companies allocate an average of 4,300 hours to achieve or uphold compliance standards. However, 76% of companies adhering to a point-in-time compliance strategy perceive the effort as burdensome (Drata). With comprehensive visibility and controls monitoring, organizations can streamline their GRC efforts, consolidating around a leaner set of essential tools.
This consolidation enables teams to produce comprehensive reports that effortlessly demonstrate adherence to regulatory requirements, saving valuable time and resources previously spent on manual efforts like audits and external assessments. Additionally, seamless integration with existing GRC tools like ServiceNow or Archer drive even more efficiencies.
As a result, teams can swiftly identify and address compliance gaps, proactively managing their cyber asset attack surface to ensure continuous compliance. By preventing costly non-compliance fines through vigilant monitoring of key technical controls and reducing manual GRC workload by over 60% through automation, Noetic adopters can experience tangible results and significant cost savings almost immediately.
Yahoo has recently come under fire for one of the largest data breaches ever recorded, where over 500 million user accounts with sensitive and personal information were compromised. This information, including passwords, names, banking information, and confidential documents, showcases yet another example of the importance of robust cyber-security standards to prevent such attacks from occurring, especially on a scale with hundreds of millions of users affected.
While most organizations already have disclosure protocols in place, compliance and policy managers need to keep a close eye on the ever-changing regulations they face and the policies they have to abide by them. The risk on non-compliance from failure of proper policies and procedures outlining how the organization responds to a crisis and discloses to regulators is too concerning to brush off.
CybeReady is proud to announce its exceptional achievement of being named for Easiest Setup/Admin, Highest User Adoption, and High Performer in the mid-market and enterprise categories on G2, the trusted online platform.
Got a Yahoo account? You may want to change your password. Between 2013 and 2014, Yahoo experienced two data breaches that led to over 3 billion personal records exposed in 2013 and an additional 500 million records leaked in 2014.
Every day, millions of people worldwide share their personal information and payment data on the internet as they shop and consume content and digital services. The enormous volume of data also means that there is a growing number of attack surfaces, triggering a growing need to protect it from data leaks, theft, and corruption.
As the number of data breaches has increased, government entities and industry regulators worldwide have enacted strict data protection requirements for companies and organizations. In a general sense, data protection includes the following elements:
Names, addresses, phone numbers, email addresses, and credit card information are some examples of the personal data organizations store, use, and share with third parties. Protecting this personal information has become critical to prevent hackers from stealing or otherwise compromising it during a data breach.
Fairness refers to how you collect PII data. Always perform data collection fairly and never through misleading or deceptive actions. Also, make sure PII usage keeps in line with general expectations. To achieve fairness, conduct prior planning and coordination to make sure data usage will not impact any specific people or groups.
Minimize accidental data leaks by taking appropriate technical and organizational steps, including ongoing security training for existing and new employees. Eliminate or contain issues like identity fraud and social engineering hacks as soon as they occur. Start with cybersecurity awareness training and phishing awareness training, and back them with multiple cybersecurity protection layers.
As the data controller, your organization is directly responsible for data protection. This principle is a big shift in the data protection philosophy, considering data processors (third parties) are no longer seen as GDPR violators. Document all data collection and processing activities to demonstrate compliance.
A lot is at stake when it comes to data protection. Regardless of whether you follow GDPR or other data protection standards, keep these nine principles in mind as part of your data protection strategy.
In today's rapidly evolving technology landscape, organizations increasingly embrace containerization to achieve greater scalability, portability, and efficiency in their application deployments. While containerization has its benefits, it also can present IT security challenges that must be addressed to improve the safety, confidentiality, and accessibility of containerized applications. As the use of cloud-native apps grows, improving the security posture of containers and Kubernetes becomes vital.
In secure software supply chain practices, a comprehensive understanding of the open source products utilized within an organization is crucial. According to the 2021 Future of Open Source Survey, conducted by Black Duck Software and North Bridge Venture Partners approximately two-thirds of companies rely on open source software, assessing the security practices and potential vulnerabilities associated with these technologies becomes paramount. According to the 2023 State of Open Source Security Report by Snyk, the average application has 49 vulnerabilities and 80 direct dependencies (open source code called by a project). The report also found that only 49% of organizations have a security policy for open source software development.
By actively staying informed about the open source code in use, your organization can better integrate trusted components into your software supply chain. This involves evaluating the features, security measures, and ongoing maintenance of specific solutions. It also entails monitoring software supply chain risks, such as compromised dependencies or vulnerabilities in third-party libraries.
According to the key findings based on IBM Security analysis of research data compiled by Ponemon Institute, the average total cost of a data breach reached an all-time high of USD 4.45 million in 2023. The latest report states that the average cost for this year is USD 4.45 million, reflecting a 2.6% increase compared to last year's average cost of USD 4.24 million. Additionally, this represents a significant 12.7% increase from USD 3.86 million in the 2020 report.
The IBM study found that 83% of organizations have experienced more than one data breach, and only 17% reported a data breach as their first one. Preventing potential data breaches, which could lead to reputational damage, financial loss, legal liability, regulatory fines, and productivity loss, is critical in containerization, hence the need for preemptive security measures to avoid escalating service or product costs.
The study also found that the rise of artificial intelligence (AI) and edge technologies has further contributed to increased security breaches. According to recent reports, AI/edge technologies have witnessed a significant surge in security incidents, with a staggering 300% increase in reported breaches compared to 2021.
The nature of AI/edge systems, with their distributed architecture and interconnected devices, presents unique security challenges. Deploying machine learning (ML) models on edge devices and processing sensitive data at the edge can introduce additional vulnerabilities and potential attack points.
Red Hat OpenShift can help improve your organization's security posture, helping manage image security, secrets, monitoring, and maintenance. You'll delve into image security policies, Red Hat Quay, and code signing with Sigstore, Tekton Chain, and Cosign for added protection. Our comprehensive guidelines provide the tools to strengthen your containerization environment and better secure your apps. By implementing these best practices, you can reduce potential risks and establish a stronger security foundation with Red Hat OpenShift.
Application development and deployment is a top priority for many organizations. Developers use the "shift left" strategy to help improve application security. This strategy involves integrating security practices and testing early in the development process. This is especially important in containerization and when using OpenShift.
To understand shift left, let's first define "developer flow." Developer flow is the process of development in which the developer goes through two "loops" that represent pre-release phases. The developer will enter the creative phase, or "inner loop," where the code is developed. Then the "outer loop" is released to production. This process is illustrated in the diagram below.
Inner loop: The inner loop is a frequent iteration cycle involving writing, compiling, running, and debugging code. The focus is on making small changes, testing them, and getting feedback quickly. It's all about rapid development and ongoing validation of code changes.
Outer loop: When it comes to the outer loop, it's essential to have a well-defined approach dedicated to decision-making and progress monitoring. This involves overseeing system integrations, driving compliance, and tackling high-level issues. Regular checkpoints, evaluations, and feedback loops should be established to help ensure everything stays on track.