Data breaches are on the rise and they can be both unexpected and costly. The average estimated cost of a data breach has peaked at an all-time high—an astounding $4.35 million, according to a 2022 report by IBM and the Ponemon Institute. Poor password hygiene and legacy software are two key culprits that will increase your chances of falling victim to a password breach.
When news of the recent CircleCI breach broke, developers everywhere scrambled to rotate tokens and remove hardcoded secrets stored in the popular CI/CD platform to minimize their exposure. Now that the dust has settled and more details are available, we’re reexamining the CircleCI attack chain to highlight the importance of a holistic Identity Security strategy in thwarting future damaging attacks.
Data breaches exposed at least 42 million records between March 2021 and February 2022. With the increasing risks associated with the cyber world, this comes as no surprise.
Read also: Financial firm ION hit with a cyber-attack, Hive ransomware disrupted in a global cyber operation, and more.
According to a report released by IBM and Ponemon, the healthcare sector has the highest rates of security breaches and cyber attacks globally. The average cost of a data breach for healthcare organizations is around $10.1 million, while the global average for all industries sits around less than half of that amount, at about $4.35 million.
It would be big news, to say the least, if a large quantity of Google source code found its way into the public domain. Now imagine if the leak also included source code from Amazon and Uber. That’s the scale of the data leak that hit Russian tech giant Yandex. The risk here is that malicious actors could analyze the leaked code and discover exploitable security gaps.
Data breaches have become an unfortunate reality of the digital world we live in. While there is no doubt that efforts can be made to mitigate the chances of a data breach, living in a completely data breach-free world is not realistic. Apart from having processes and technology in place to prevent data breaches, companies should also have a plan of action in case they do suffer a breach. One aspect of being prepared is understanding how vulnerable your industry may be to data breaches.
The January 2022 International Committee of the Red Cross (ICRC) data breach was caused by an unpatched critical vulnerability in the Single Signe-In tool developed by Zoho, a business software development company. After exploiting the vulnerability (tracked as CVE-2021-40539), the cybercriminals deployed offensive security tools to help gain access to ICRC's contact database, resulting in the compromise of more than 515,000 globally.
