Human Error â€“ SANS Institute Report | NFT Marketplace Data Breach | Mid-Year Cyber Security Report
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
Human Error – SANS Institute Report
To begin, the SANS Institute has issued their annual security awareness report which examines data on 1,000 InfoSec professionals. In the report, they found that employees and their lack of security training and awareness remain common points of failure for data breaches and network attacks. These findings fall in line with the previous three reports from the last three years. The cyber security training and education organisation said:
"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it"
The report also noted that while many companies are pouring money into expensive IT security products and investments, spending money on training and drilling employees on how to spot and block scams might be the best investment for companies.
"People have become the primary attack vector for cyber attackers around the world, so humans rather than technology now represent the greatest risk to organisations," the SANS Institute said. "Security awareness programs, and the professionals who manage them, are key to managing that human risk."
The study found that of the top threat’s companies face, two of the top three rely on social engineering tactics. Phishing attacks topped the list, with business email compromise (BEC) attacks coming in second and ransomware filling out the top three.
Part of the problem, SANS said, lies with a lack of engagement from IT. The report suggests that investing time in security research and reporting could help executives and IT decision-makers understand the importance of training and employee vigilance.
"Dedicate two to four hours a month to collecting metrics about the impact and value of your awareness program and communicating it to leadership."
The full report can be read below:
Source - SANS Institute Report
NFT Marketplace Data Breach
OpenSea, the world’s largest NFT marketplace, has suffered a data breach after an employee at their email delivery service leaked user data. It’s believed that this breach could affect millions of people, as any customer who has shared their email address with the company may be vulnerable.
In a statement, OpenSea claimed that an employee at Customer.io, a marketing platform that OpenSea uses to deliver emails to customers, “misused their employee access to download and share email addresses with an unauthorised external party.”
Any customer who has shared their email address with OpenSea has been urged to remain on high alert for possible phishing scams. A statement from OpenSea warned customers to remain vigilant about their email practices and to be alert for any attempts to impersonate OpenSea via email.
The company says it is assisting Customer.io with its own investigation and has reported the incident to law enforcement.
A spokesperson for Customer.io said:
“As soon as we learned of the incident, we took immediate steps to investigate, contain its impact and determine its source, including hiring a third-party forensic investigations firm. We are working closely with OpenSea and are reviewing exactly how these email addresses were compromised."
"We believe this resulted from the actions of an employee who had role-specific access privileges that were abused. We do not believe any other clients’ data has been compromised, but we are continuing to investigate. The employee in question has had all access removed and has been suspended pending the conclusion of our investigation.”
Source - OpenSea Statement
Mid-Year Cyber Security Report
Finally, following much anticipation, we here at Rela8 Group and the Technology Leaders Club have released our very own 2022 Mid-Year Cyber Security Report!
This report is the culmination of 6 months’ worth of independent roundtable discussions, podcasts, and interviews with CISOs, Security Directors, IT Heads, and other IT Security executives from across a wide range of industries. We have heard their challenges, their success stories, their thoughts on the future, and translated them into a mid-year report.
There is no clear-cut playbook for how to handle security debt or Cloud transitions because no two businesses are alike. As such, it is vital that the industry comes together in the spirit of cooperation to share their insights and face these challenges as a community.
No spoilers! Click the link below to check out the full report.