One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8446956 |
| Date de publication | 2024-02-05 11:41:18 (vue: 2024-02-05 16:07:44) |
| Titre | 7 conseils pour développer une approche proactive pour éviter le vol de données 7 Tips to Develop a Proactive Approach to Prevent Data Theft |
| Texte | Data is one of the most valuable assets for a modern enterprise. So, of course, it is a target for theft. Data theft is the unauthorized acquisition, copying or exfiltration of sensitive information that is typically stored in a digital format. To get it, bad actors either abuse privileges they already have or use various other means to gain access to computer systems, networks or digital storage devices. The data can range from user credentials to personal financial records and intellectual property. Companies of all sizes are targets of data theft. In September 2023, the personal data of 2,214 employees of the multinational confectionary firm The Hershey Company was stolen after a phishing attack. And in January 2024, the accounting firm of Framework Computer fell victim to an attack. A threat actor posed as the Framework\'s CEO and convinced the target to share a spreadsheet with the company\'s customer data. Data thieves aim to profit financially, disrupt business activities or do both by stealing high-value information. The fallout from a data breach can be very costly for a business-and the cost is going up. IBM reports that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years. Other data suggests that the average cost of a breach is more than double for U.S. businesses-nearly $9.5 million. Not all data breaches involve data theft, but stealing data is a top aim for many attackers. Even ransomware gangs have been shifting away from data encryption in their attacks, opting instead to steal massive amounts of data and use its value as a means to compel businesses to pay ransom. So, what can businesses do to prevent data theft? Taking a proactive approach toward stopping someone from stealing your data is a must. This blog post can help jump-start your thinking about how to improve data security. We explore how data theft happens and describe some common threats that lead to it. We also outline seven strategies that can help reduce your company\'s risk of exposure to data theft and highlight how Proofpoint can bolster your defenses. Understanding data theft-and who commits it Data theft is a serious security and privacy breach. Data thieves typically aim to steal information like: Personally identifiable information (PII) Financial records Intellectual property (IP) Trade secrets Login credentials Once they have it, bad actors can use stolen data for fraudulent activities or, in the case of credential theft, to gain unlawful access to accounts or systems. They can also sell high-value data on the dark web. The consequences of data theft for businesses can be significant, if not devastating. They include hefty compliance penalties, reputational damage, and financial and operational losses. Take the manufacturing industry as an example. According to one source, a staggering 478 companies in this industry have experienced a ransomware attack in the past five years. The costs in associated downtime are approximately $46.2 billion. To prevent data theft, it\'s important to recognize that bad actors from the outside aren\'t the only threat. Insiders, like malicious employees, contractors and vendors, can also steal data from secured file servers, database servers, cloud applications and other sources. And if they have the right privileges, stealing that data can be a breeze. An insider\'s goals for data theft may include fraud, the disclosure of trade secrets to a competitor for financial gain, or even corporate sabotage. As for how they can exfiltrate data, insiders can use various means, from removable media to personal email to physical printouts. How does data theft happen? Now, let\'s look at some common methods that attackers working from the outside might employ to breach a company\'s defenses and steal data. Phishing. Cybercriminals use phishing to target users through email, text messages, phone calls and other forms of communication. The core objective of this approach is to trick users into doing what |
| Envoyé | Oui |
| Condensat | $46 2023 2024 214 478 ability about abuse access accidental according account accounting accounts acquisition across activities activity actor actors address adversary after aim aitm all along already also always amounts applications apply approach approximately apps are aren assessments assets associated attack attacker attackers attacks attempts audits authentication average avoid awareness away back bad based bec been behavior best billion blog bolster both breach breaches breeze brief brings broad business businesses but calls can capabilities case centric ceo chain changes clear cloud combination commits common communication companies company compel competitor complex compliance comprehensive computer conduct confectionary confidential configured consequences contain contractors control convinced copying core corporate correctly cost costly costs course credential credentials credentials crucial customer cybercriminals cybersecurity damage dark data database databases date deception decryption defenses depending deploy describe detect devastating develop devices digital discarded disclosure disrupt distribute diving” dlp documents does doing don door double downtime drives eavesdroppers eavesdropping education either email emails employ employees encrypt encryption endpoint enforce engineering ensure enterprise even example examples exercises exfiltrate exfiltration experienced exploit explore expose exposed exposure external fallout fell file financial financially firm five fix follow following form formal format forms framework fraud fraudulent from full functions gain gangs get given global goals going grant groundwork happen happens hard have hefty help helps hershey high highlight how human ibm idea identifiable identify illegitimate impact implement important improve inadvertently incidents include includes increase individuals industry information inside insider insiders install instead integrate intellectual intentional interaction intercepts invite involve itm its it january job jump keep key keyloggers keys known lack laptops latest lay lead leading leads learn least led let levels like like: like public limiting login long look lookout loss losses make malicious malware management manipulation manufacturing many market massive may means measures media messages methods mfa middle might million minimum misconfigured mishaps mitigate mix modern monitor more most movement much multifaceted multifactor multinational must nearly necessary need needs network networks not now objective obtain occurs offer once one online only operating operational opportunities opting option other out outline outside over password passwords past patches pathway pay penalties perform permissions personal personally phishing phone physical pii platform plays point policies polp poorly posed possible post potential powerful practices prevent preventing prevention principle printouts privacy private privilege privileges proactive proactively products profit proofpoint proper property protect protection protection for provide provides providing range ransom ransomware real recipient recognize records records reduce reducing regular remain removable report reports reputational requiring resides resist resources rest right rights risk risks risky robust role sabotage search secretly secrets secrets secured security see sell sender sensitive september serious servers services set seven share sharing shifting significant sizes smartphones social software solution solutions some someone soon source sources spots spreadsheet spyware staggering start steal stealing stolen stop stopping storage stored strategies strong success suggests supply sure surface suspicious system systems take takeover taking target targeted targets tasks teams techniques text than theft theft: theft them then these thieves thinking those threat threats three through tips together tools top toward trade training transit transmission trash trick typically unauthorized understanding unencrypted unlawful unpatched unreadable unsecured updates use user |
| Tags | Ransomware Data Breach Malware Tool Vulnerability Threat Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.