Friday Five: 7/26 Edition
Contact Us | |
Free Demo | |
Chat | |
News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.
1. Phishers Target Office 365 Admins with Fake Admin Alerts by Lawrence Abrams
Phishers have begun creating scams that target Office 365 admins with fake admin alerts about pressing issues, such as unauthorized access or problems with their mail service. When admins click on the links in these fake alert emails, they're redirected to a phishing landing page that prompts them to type in their Office 365 login credentials. If admins type in their credentials on the landing page, and they don't have two-factor authentication in place, phishers will be granted access to the Office 365 admin portal. Phishers are looking to gain access to an admin's account in order to create new email accounts under a company’s domain, send emails as other users, and read other users’ emails. Small businesses that don't have the funds to hire an IT admin are typically those affected by these types of phishing attacks.
2. Phishing attack: Students' personal information stolen in university data breach by Danny Palmer
On July 19, Lancaster University, a school in the U.K., realized that it had suffered a data breach. Hackers obtained unauthorized access to undergraduate application records for 2019 and 2020 and as a result, applicants' home and email addresses, phone numbers, and names were exposed. Hackers also stole ID documents from the university’s student record system and targeted a few undergraduate applicants with phishing emails that contained fraudulent invoices. Lancaster University created an incident response team to investigate the breach and reported the breach to the Information Commissioner's Office (ICO). Currently, the university is focusing on safeguarding its IT systems, as well as identifying and helping the students who were impacted by the breach. Every university should have an incident response plan in place; hackers have renewed their efforts at targeting schools for phishing attacks.
3. Criminals are using deepfakes to impersonate CEOs by Michael Grothaus
A still relatively new form of technology, "deepfakes," are becoming more popular among criminals looking to impersonate individuals and get access to valuable information. In “Deepfakes”, facial recognition and AI are used to create a nearly identical represenation of the real subject while by altering facial movements and what is being said. Anyone with access to the right software can produce a message seemingly spoken by whoever they want as long as there are pre-existing videos, podcasts or interviews that show a variety of expressions and language to assist AI. This is quickly becoming a security issue as criminals have the possibility of impersonating CEOs, celebrities or government officials and making them say whatever they please, helping criminals gain access to sensitive information. The possibilities for wrongdoing are vast and with limited tools to quickly detect if a voice or video is a deepfake, companies are on high alert to protect their employees and private data.
4. FTC fines Facebook $5B, adds limited oversight on privacy by Marcy Gordon
The Federal Trade Commission recently handed Facebook a $5 billion dollar fine, the biggest ever for a tech company, following countless privacy violations over the last 12 months. The social media company has received massive amounts of backlash in the past after it was revealed it were supplying private information to data research companies while providing deceptive disclosures around privacy policy agreements for its users. Many privacy advocates are pushing to limit Facebook’s access to user information and urging stronger company oversight from independent parties. Facebook CEO Mark Zuckerberg will have to personally certify that new security regulations are to be met and maintained amid calls for his power within the company to be restricted. Despite Facebook’s compliance with the investigation, Zuckerberg insists there was no wrongdoing on Facebook's end, something that could foreshadow that Facebook and its users will continue to have privacy issues down the road.
5. With Data Breach Costs, Time is Money by Jai Vijayan
One of the main findings from IBM’s annual data breach report, released this week, was that security teams that respond quickly after an attack can reduce costs from a breach by 25% or more. IBM worked with Ponemon Institute to analyze data from over 500 breaches and found that companies with a dedicated response team and plan saved $3.5 million dollars more on average compared to those who did not. The study also showed that companies with dedicated response teams can detect a breach 20% faster, in turn saving an average of $1.23 million dollars in damages. Time is money during a data breach, and the longer the company is exposed, the more money and valuable information is being lost. Having an efficient response team and a focus on rapid detection are critical in cutting down costs and ensuring that minimal damage is done in the short and long-term.
Recommended Resources
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business