Data breaches have been skyrocketing year after year bringing losses for users and companies all over the world.
Cybersecurity experts have made a top 5 of the places where you will be more likely to be hit in 2019:
Poorly Configured Cloud Storage
A recent report shows that 48% of all corporate data is stored in the cloud compared to 35% three years ago. The worse thing here is that 51% of those companies do not use encryption or tokenization in the cloud. If you add the fact that most of the third-parties are negligent and careless all the time, you end up having a hazardous pitfall that remains largely underestimated and thus disregarded. Cybersecurity advice: train your team, implement a corporation-wide cloud security policy, continuously run discovery of public cloud storage to maintain an updated inventory of your cloud infrastructure.
Anyone can anonymously purchase this data for Bitcoins without leaving a trace on the Dark Web. Many organizations are hacked every day without being aware of this due to the complexity of the attacks or simple negligence, lack of resources or skills.
Targeted password re-use attacks and spear phishing are simple to launch and do not require expensive 0day exploits. Such attacks are often technically undetectable due to insufficient monitoring or simply because they do not trigger usual anomalies just letting users in. Experienced hacking groups will carefully profile their victims before the attack to login from the same ISP sub-network and during the same hours outsmarting even the AI-enabled IDS systems.
Cybersecurity advice: implement a good password policy and incident response plan, permanently monitor the Dark Web and other resources for leaks and incidents.
Abandoned or Unprotected Websites
Cybersecurity experts revealed that 97 out of 100 the world’s largest banks have vulnerable websites and web applications.
More warring is the fact that 25% of e-banking applications were found not protected by a Web Application Firewall (WAF).
It was also found that even properly deployed web applications may become a weak spot if they are left unattended.
Most popular CMS, Drupal, are comparatively safe in their default installations, but it must be reminded that any modification with themes or plugins obliterate this safe component that they are offering you.
Cybersecurity advice: complete a website security test for all your external-facing websites and then continue with an in-depth web penetration testing for the most critical web application and APIs.
Backends of Mobile Apps
The world is now focused on mobile. Sadly, most of the cybersecurity solutions that companies are using only cover a small part of problems, because most of the time mobile applications backend are left untested and unprotected.
Companies seem to forget that previous versions of their mobile apps can be easily downloaded from the Internet and reverse-engineered.
So every APIs used by the mobile application which sends or receive sensitive data, including confidential information, can be then hacked.
Cybersecurity advice: build holistic API inventory, implement software testing policy, do mobile app security and on its backend, conduct mobile penetration testing for critical ones. Public Code Repositories
Developing cheap software is using third party code always dangerous and adds substantial drawbacks, and poor security into the final product
It was shown that a really small percentage of companies manage to keep control over the software code quality and security by conducting automated scanning and a manual code review. If we add here the human mistakes we got a good recipe for disaster.
Cybersecurity advice: implement a policy addressing code storage and access management, enforce it internally and for third-parties, continuously run public code repositories monitoring for leaks.