by
Sarah Harvey / June 14, 2023
How much do you think a buyer on the dark web would pay for stolen data? How much would you estimate a hacker can profit off of personal data? The truth is, the price of stolen data is worth the risk for hackers but always costly for organizations that store, process, transmit, or destroy personal data. How Do Hackers Make Money? When a system is breached and personal data is…
by
Sarah Harvey / June 13, 2023
In 2019, State Farm notified policyholders of a cybersecurity attack in the form of credential stuffing, a tactic often used by hackers that relies on a lack of password maintenance. State Farm took proper measures to reset passwords and notify affected parties of the attack, but what if State Farm employees were properly implementing multi-factor authentication practices from the start? Would this attack have even happened? How could State Farm…
by
Sarah Harvey / December 15, 2022
In August 2019, a third-party bug bounty discovered a data breach that exposed email addresses, hashed and salted passwords, API keys, and TLS keys for a subset of Imperva’s, a leading provider of Internet firewall services, cloud WAF users. This proves that no matter the vendor, you must perform your due diligence to ensure your own security won’t be at risk by working with a certain vendor – even if…
by
Sarah Harvey / December 15, 2022
There were many missteps that led to the Capital One breach, but what’s the one thing that went as planned? From our perspective, Capital One’s incident response plan seemed to function as intended. Incident response is incredibly important following a breach – that’s why having a plan and team in place is required by so many information security frameworks. The data proves the importance of incident response plans as well.…
by
Sarah Harvey / December 15, 2022
When you think about how penetration testing is performed, do you think about testing physical security measures? While many people believe security breaches only happen on the technical side of an organization, they can also start in your physical environment. You may find it surprising to know that some of the most advanced security attacks originate from an area as simple as a garbage can. Items such as: Bank statements…
