Published By: Mimecast
Published Date: Aug 16, 2018
Email. You use it constantly. And itís the number-one application to keep your organization functioning, lines of communication flowing, and productivity seamless. Organizations need email to stay up-and running all the time. After all, itís supposed to just work, right?
This is where trouble often sets in. Cybercriminals use email constantly, too. Itís the number-one vector used to initiate attacks like malware delivery (think ransomware), impersonations and phishing attacks. In fact, almost 90% of organizations* have seen the volume of phishing attacks either rise or stay the same over the past 12 months. Internal threats have also been on the rise: Most organizations have encountered internal threats driven by careless employees (88%), compromised accounts (80%) or malicious insiders (70%) over the last year.
In the not so distant past, the way we worked looked very different. Most work was done in an office, on desktops that were always connected to the corporate network. The applications and infrastructure that we used sat behind a firewall. Branch offices would backhaul traffic to headquarters, so they would get the same security protection. The focus from a security perspective was to secure the network perimeter. Today, that picture has changed a great deal.
Many breaches happen because of compromised privileged user accounts. Risks spread like wildfire in the dynamic traditional, virtualized and cloud environments common in enterprises today. One improperly authorized privileged account can cause widespread and irreparable damage to an organizationís infrastructure, intellectual property and brand equity, leading to sudden drops in market value, broad organizational disruption and costly compliance penalties. Effectively managing privileged access across your hybrid enterprise is an imperative to reducing security and compliance risks.
Published By: SpyCloud
Published Date: Mar 30, 2018
Because of widespread password reuse, Account Takeover (ATO) attacks have become an extremely lucrative business for cybercriminals. Organized crime rings are performing ATO attacks at a massive scale by leveraging botnet-infected armies to attempt credential-stuffing attacks against various web and mobile applications. Cyber criminals exploit compromised accounts for financial gain by pilfering financial or personally identifiable information (PII) directly or by selling access to these accounts on underground markets.
Download our report to understand:
The Underground economy driving these attacks
The tools criminals are using to automate ATO
Remediation Strategies to prevent ATO in your organization
Published By: Mimecast
Published Date: Feb 13, 2017
Security and risk (S&R) pros have the challenging task of using finite resources (including budget, time, and people) to protect their businesses from every possible attack type. On top of this, S&R pros donít just need to watch out for threats coming from outside their walls, but must keep an eye on internal threats as well.
S&R decision-makers face threats from three groups of insiders Ė compromised accounts (internal accounts that have been compromised by external attacks), careless misuse (internal policy violators and those who accidentally leak or expose data or systems), and malicious insiders (insiders who purposefully take or misuse data or exploit systems), and they must be prepared for each.
In February 2017, Mimecast commissioned Forrester Consulting to evaluate the state of enterprise security readiness for internal email threats.
Use of cloud computing services continues to grow rapidly as organizations migrate business applications and data to cloud-based software, platform and infrastructure services. Gartner estimates 2017 will see growth of 18% in spending on public cloud services and that cloud adoption will infuence more than 50% of IT spending through 2020.
Deloitte Global predicts that by the end of 2022 more than half of all IT spending will go to IT-as-a-service providers. In the 2016 edition of this survey, 56% of the security professionals responding said limitations on access to collect incident response data and evidence for forensic analysis was a key challenge to securing the cloud. Sixty-two percent said they were concerned about unauthorized access by outsiders, and 59% said they worried about access by other cloud tenants. Of the 10% who reported being breached, half blamed stolen credentials or compromised accounts.