Featured content

MITRE developed ATT&CK as a model to document and track various techniques attackers use throughout the different stages of a cyberattack to infiltrate your network and exfiltrate data.

It’s the beginning of a new year, and we have a huge new beta release to share with you. The beta release of the Varonis Data Security Platform 6.4.100 dropped earlier this month, and I wanted to share a few highlights:

According to the 2019 Verizon Data Breach Report, ransomware is the 2nd most frequent malware attack behind command & control (C2) attacks. Email is still the top delivery mechanism for all malware, including ransomware. So how do we get users to stop clicking phishing links?

All an attacker needs is time and motivation to infiltrate your network. It’s your job to make their efforts to break in and remain undetected as difficult as possible. First, you must identify all of the weak points in Active Directory (AD) that an attacker can use to gain access and move through your network undetected. The Varonis Active Directory Dashboard shows you where you are vulnerable – and helps track your progress as you strengthen your defenses.

Of all the verticals that need a complete data governance policy – healthcare might be at the top. Consider the incredible amount of healthcare data that exists for any human, the personal nature of healthcare data, and the life or death scenarios that depend on accurate data. It makes sense that data governance in healthcare is super important.

Used for strategic planning, process improvement and reaching customers, data is just as important as a company’s other resources like employees or inventory. You could even say, data is gold. This golden data is also in high demand for competing companies and the malicious individuals that can profit from stealing and selling trade secrets.

We’re more than a year into the General Data Protection Regulation (GDPR) era, and we now have a few enforcement actions under our belts as data points. Earlier in 2019, there was the jaw-dropping $56 million fine by the French regulators against Google. More recently, the UK’s data protection authority, the ICO, announced its intent to fine British Airways over $200 million — almost 1% of its worldwide revenue — and Marriott International $120 million for GDPR violations.

OSINT stands for open source intelligence and refers to the practice of collecting data from free sources that are available to the general public. As information becomes more available from a vast number of sources, skilled researchers can often find nearly any type of data they’re looking for, provided they know where to look. These sources include both public and private databases that hackers, journalists, spies, and ordinary people all use to do the work of collecting information every day.

If you’ve been reading our amazing blog content and whitepaper on breach notification laws in the US and worldwide, you know there’s often a hidden loophole in the legalese. The big issue — at least for data security nerds — is whether the data security law considers mere unauthorized access of personally identifiable information (PII) to be worthy of a notification.

“Geez, my computer is really running slow all of a sudden.”

The person in the cubicle next to you could be your company’s biggest security threat.

The “good news” about hacking is that while leaving you with potentially enormous incident response costs — customer notifications, legal fees, credit monitoring, class-action suits — your business can still generate revenue while all this is happening. Thank you cyber thieves for being merciful!