Recent Cybersecurity Stats
- Global cybercrime damage predicted to hit $10.5 trillion annually by 2025
- Global cybersecurity spending will exceed $1.75 trillion cumulatively from 2021-2025
- The world will have 3.5 million unfilled cybersecurity jobs 2022
- Nearly 3 out of 4 companies experienced a phishing attack in 2020
- More than 25% of all website traffic is made up by bad bot traffic
Can your organization afford this? Of course not! Main Sail can assist your organization with implementing cybersecurity policies and procedures to protect your business.
iOS Threat Landscape
- Apple devices are NOT immune to bugs, despite what many people think. Recently, Apple has been hit with several zero-day bugs. Take precautions and update your Apple devices.
- Most iOS malware is nation-state malware, spread via targeted attacks through iOS vulnerabilities, such as NSO’s Pegasus spyware.
- If you get a virus warning in a pop-up, the first thing to remember is that Apple doesn't send out messages like these; don't tap on it or call any numbers listed on the fake alert. Don't even tap on the pop-up to close it! Some scam alerts seem to have an X or Close option that only resembles a close button but will actually direct you to the phishing site. You can find more information here about how to fix this problem.
Credential Stuffing
Credential stuffing is a type of cyberattack in which stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach), are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.
In a credential stuffing attack, collections of stolen login credentials from one service are used to attempt to break into accounts on various other services.
Credential stuffing is widespread thanks to massive lists of breached credentials being traded and sold on the black market. The proliferation of these lists, combined with advancements in credential stuffing tools that use bots to get around traditional login protections, have made credential stuffing a popular attack vector. Potential impacts of credential stuffing include:
- Cyber attackers can steal an employee’s credentials to carry out a number of criminal activities.
- Stolen credentials can be used to access your company’s network.
- A compromised cyber security infrastructure can lead to a data breach.
- Successful payment frauds or theft of passwords can result in substantial losses for the company and its employees.
- Recovery from a cyber-attack can be a huge financial hit.
- Damaged reputation and the loss of customer base.
Learn more about credential stuffing fraud attacks.
Benefits of Cybersecurity Training
Cybersecurity Training has proven to reduce cybersecurity risks by as much as 70%. Employees represent the highest vulnerability factor in an organization’s cybersecurity plan. 95% of cybersecurity breaches are caused by human error, according to IBM Cyber Security Intelligence Index. Spear phishing and other potentially devastating attacks are designed to slip through email security gateways. These ever-evolving, sophisticated attack techniques put businesses of all sizes at risk for data loss and financial fraud.
Check out this article on 5 Reasons Why Enterprises Need Cyber Security Awareness and Training.
More Cybersecurity Resources
The National Institute of Standards and Technology’s (NIST) SP 800-171 is a Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). You might think it only applies to Department of Defense contractors. However, NIST SP 800-171 provides an excellent framework for any organization to use for their cybersecurity environment. NIST 800-171 consists of 110 requirements, each covering different areas of an organization’s IT technology, policy and practices. Requirements cover aspects like access control, systems configuration, and authentication procedures. They also set out the requirements for cybersecurity procedures and incident response plans. If your organization needs guidance on how to best protect itself from cybersecurity threats and breaches, NIST SP 800-171 will provide that guidance. Main Sail’s Team has the experience and know how to assist your organization with the implementation of NIST SP 800-171.
Check out the Cybersecurity and Infrastructure Security Agency (CISA) website as a resource to keep up to date on the Apache Log4j Vulnerability.
Keep up to date with cybersecurity incident reports from the Center for Strategic and International Studies (CSIS).