Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs
Welcome to CISO Corner, Dark Reading’s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we’ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We’re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
In this issue of CISO Corner:
-
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
-
Held Back: What Exclusion Looks Like in Cybersecurity
-
Why Haven’t You Set Up DMARC Yet?
-
DR Global: ‘Muddling Meerkat’ Poses Nation-State DNS Mystery
-
Shadow APIs: An Overlooked Cyber-Risk for Orgs
-
The Cybersecurity Checklist That Could Save Your M&A Deal
Also: Dark Reading’s brand-new podcast, Dark Reading Confidential, is coming this month, bringing you rare, firsthand stories from cybersecurity practitioners in the cyber trenches. Follow or subscribe on Spotify, Apple, Deezer or Pocket Cast, so you won’t miss any episodes!
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
By Tara Seals, Managing Editor, Dark Reading
MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
The Verizon Business’ 2024 Data Breach Investigations Report (DBIR) this week detailed just how far patching can go in heading off a data breach, with big spikes in the use of zero-day use and the use of exploits overall marking the beginning point of breaches in the past year.
The MOVEit software breaches alone accounted for a significant number of analyzed attacks.
It also noted that a full 68% of the breaches Verizon Business identified involved human error — either someone clicked on a phishing email, fell for an elaborate social-engineering gambit, was convinced by a deepfake, or had misconfigured security controls, among other snafus.
In all, a picture in this year’s DBIR emerges of an organizational norm where gaps in basic security defenses — including the low-hanging fruit of timely patching and effective user awareness training — continue to plague security teams, despite the rising stakes for CISOs and others that come with “experiencing a cyber incident.”
Fortunately, there are ways to make these insights actionable for enterprises.
Read more: Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
Related: Anatomy of a Data Breach: What to Do If It Happens to You, a free Dark Reading virtual event scheduled for June 20. Verizon’s Alex Pinto will deliver a keynote, Up Close: Real-World Data Breaches, detailing DBIR findings and more.
Held Back: What Exclusion Looks Like in Cybersecurity
By Jane Goodchild, Contributing Writer, Dark Reading
You can’t think about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.
Systemic exclusion of certain demographics is a troubling reality for many in the cybersecurity industry, even as they try to innovate, collaborate, and make a meaningful impact in their roles. These groups still struggle in making connections with colleagues, being invited to key meetings, and getting face time with important executives in the company.
Women are five times more likely to report exclusion from direct managers and peers, according to Women in CyberSecurity’s (WiCyS) “2023 State of Inclusion Benchmark in Cybersecurity Report.” But exclusion is not just limited to gender. Individuals with disabilities and intersectional identities experience levels of workplace exclusion comparable to, or even exceeding, those related to gender, emphasizing the compounded impact of multiple differing identity traits.
It’s not just about being left out of the room. Being on the receiving end of disrespectful behaviors, sexually inappropriate advances, and a lack of appreciation for skills and experience can also make it hard to advance in the workplace. These kinds of microaggressions are difficult to pin down, experts say.
Read more: Held Back: What Exclusion Looks Like in Cybersecurity
Related: Cybersecurity Is Becoming More Diverse … Except by Gender
Why Haven’t You Set Up DMARC Yet?
By Robert Lemos, Contributing Writer, Dark Reading
DMARC adoption is more important than ever following Google’s and Yahoo’s latest mandates for large email senders. This Tech Tip outlines what needs to be done to enable DMARC on your domain.
In January, adoption of the email standard for protecting domains from spoofing by fraudsters — Domain-based Messaging Authentication, Reporting and Conformance, or DMARC — became a necessity as companies prepared for the enforcement of mandates by email giants Google and Yahoo. DMARC uses a domain record and other email-focused security technologies to determine whether an email comes from a server authorized to send messages on behalf of a particular organization.
Yet three months later, while almost three-quarters of large organizations (73%) have adopted that most basic version of DMARC, the share of those organizations that would pass the most stringent standards vary significantly by nation. At the same time, threats are ramping up that target those who last strong DMARC protection.
Here are the steps for setting up DMARC and avoiding an easily defended-against compromise.
Read more: Why Haven’t You Set Up DMARC Yet?
Related: DPRK’s Kimsuky APT Abuses Weak DMARC Policies, Feds Warn
DR Global: ‘Muddling Meerkat’ Poses Nation-State DNS Mystery
By Rob Lemos, Contributing Writer, Dark Reading
Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.
A freshly discovered cyber threat group dubbed Muddling Meerkat has been uncovered, whose operations feature covert traffic immune to China’s government-run firewall; it also uses open DNS resolvers and mail records to communicate.
The China-linked group has demonstrated its ability to get specific DNS packets through the Great Firewall, one of the technologies separating China’s Internet from the rest of the world; and Muddling Meerkat is also able to get DNS mail (MX) records with random-looking prefixes in response to certain requests, even when the domain has no mail service.
The goal of the capability remains unclear — most likely it’s for reconnaissance or establishing the foundations of a DNS denial-of-service attack, but it’s sophisticated and needs further analysis.
The threat research comes as the governments of the United States and other nations have warned that China’s military has infiltrated critical infrastructure networks with a goal of pre-positioning their cyber operators for potential future conflicts.
Read more: ‘Muddling Meerkat’ Poses Nation-State DNS Mystery
Related: China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
Shadow APIs: An Overlooked Cyber-Risk for Orgs
By Jai Vijayan, Contributing Writer, Dark Reading
Organizations shoring up their API security need to pay particular attention to unmanaged or shadow application programming interfaces.
Shadow APIs are Web services endpoints that are no longer in use, outdated, or undocumented, and therefore not actively managed. Often neither documented nor decommissioned, they often translate to significant risk for organizations.
In recent years, many organizations have deployed APIs extensively to integrate disparate systems, applications, and services in a bid to streamline business processes, boost operational efficiencies, and enable digital transformation initiatives.
But one of the biggest surprises for enterprises that increase their visibility into API activity is the sheer number of shadow endpoints in their environment that they were previously unaware of, says Rupesh Chokshi, senior vice president, application security at Akamai.
How to tackle this proliferation challenge? The first step to enabling better API security is to discover these shadow endpoints and either eliminate them or incorporate them into the API security program, he notes.
Read more: Shadow APIs: An Overlooked Cyber-Risk for Orgs
Related: API Security Is the New Black
The Cybersecurity Checklist That Could Save Your M&A Deal
Commentary by Craig Davies, CISO at Gathid
With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.
When two companies are combined, a vast amount of sensitive data and information is exchanged between them, including financial records, customer information, and intellectual property. Additionally, different types of software and hardware often need to be integrated, which can create security vulnerabilities for cybercriminals to exploit.
With mergers and acquisitions (M&A) making a much-anticipated comeback, soaring by 130% in the US to top $288 billion, baking in cybersecurity to the process is critical to protect and safeguard the integrity of confidential data. In fact, it can make or break an M&A deal.
To avoid that terrible scenario, take a look at the M&A Cybersecurity Checklist, aimed at helping organizations safeguard their digital assets before, during, and after a deal goes through:
-
Establish a dedicated, joint cybersecurity team.
-
Develop a risk mitigation strategy.
-
Check for third-party risks.
-
Establish identity and access governance and management.
-
Create an incident response plan.
-
Ensure ongoing monitoring.
Read more on each of the steps: The Cybersecurity Checklist That Could Save Your M&A Deal