Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Misconfigurations affect 93% of cloud deployments

    • A review of "hundreds" of cloud deployments from customers and community showed 93% of reviewed infrastructure had misconfigured cloud storage services.
    • The impact of misconfigurations in enterprise cloud deployments can potentially spread beyond organizations and reach their clients and stakeholders.
    • These type of cybersecurity flaws led to one of the largest data breaches the financial sector saw last year: the Capital One breach. A firewall misconfiguration allowed a malicious actor reach company data, which was hosted on Amazon Web Services.
    - Roberto Torres | August 5, 2020
  • What is Vishing? Voice Phishing Scams to Avoid

    • Vishing is a phone scam type of phishing attack.
    • In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.
    • Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted.
    BUSINESS 2 COMMUNITY - Steve Turner | August 5, 2020
  • Are your remote employees enforcing cyber security?

    • Studies shows that since the coronavirus outbreak, phishing attacks increased by 40%.
    • Working remotely comes with its own challenges for organisations, such as employees using personal laptops to access work materials.
    • While others might use their work machines to access personal applications, download materials from untrusted sites, or use USBs that have malware, which then creates attack vectors and additional vulnerabilities that could lead to a data breach.
    • Businesses should align their cybersecurity goals with business priorities, evaluate the effectiveness of their cybersecurity and Identify and protect the most valuable processes and information assets.
    MSN News | August 4, 2020
  • Hiring! SecOps engineers in demand as firms embark on cloud journey

    • SecOps, Security Operations, is the buzzword in the IT world now, especially after the outbreak of COVID-19.
    • Security Operations engineer works on the security and performance of network infrastructure. This means he should have knowledge about both cybersecurity and cloud architecture.
    • Apart from shielding networks from potential vulnerabilities such as ransomware attack or phishing, they should know social engineering aspects as well.
    MSN - Swathi Moorthy | August 3, 2020
  • SIM Swapping: Why Telcoms Need To Adopt Stronger Identity Proofing Methods

    • A growing threat, SIM swapping occurs when a cybercriminal calls a wireless network provider and tells them a legitimate user’s phone was lost or stolen.
    • They then ask the provider to activate a new SIM card connected to the legitimate user’s phone number on a phone owned by the fraudster.
    • If successful, fraudsters will then receive the real user’s text messages, calls and data to the newly activated device under their control.
    - Robert Prigge | August 3, 2020
  • Answers To Today's Toughest Endpoint Security Questions In The Enterprise

    • Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren't achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
    • 1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
    • Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast.
    • They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks.
    - Louis Columbus | August 2, 2020
  • Cal State Northridge Pays Ransom To Hackers After Cyberattack

    • The fallout continues Sunday after officials at California State University, Northridge announced it had indirectly paid ransom to hackers, who stole some of its data.
    • Students are now attempting to assess just how at risk they are, now that they have been notified that ransomware criminals broke into the CSUN network to lock users out of school servers.
    | August 2, 2020
  • Employers urged to ensure data privacy in work-from-home scheme

    • THE National Privacy Commission (NPC) is reminding employers of their responsibility under the Data Privacy Act to implement policies and processes that ensure the security and privacy of their customers and employees as telecommuting or work-from-home arrangements become widespread.
    • It is the employer’s responsibility to identify the risks inherent in a telecommuting or work from home arrangement and come up with the proper policies and processes for these arrangements and ensure that there are mechanisms to monitor that they are being implemented properly.
    Philippines | August 2, 2020
  • Businesses are preparing for a cloud-based approach to applications

    • The road to modern applications can be arduous as complex legacy infrastructure, inefficient manual processes and organizational silos persist as barriers to progress.
    • There are four pillars to a successful modern applications strategy: cloud native applications (built with microservices), cloud native platforms, continuous integration / continuous delivery pipelines and adoption of DevOps culture and practices.
    | July 30, 2020
  • Twitter pins its July 15th breach on a phone spear phishing attack

    • According to Twitter, the answer is a phone spear phishing attack that targeted a “small number” of employees who did not all have access to management tools. However, attackers then “used their credentials to access our internal systems and gain information about our processes.”
    • Twitter also released more details about what the attackers did with that access — targeting 130 accounts, tweeting from 45, accessing the DM inboxes of 36 and copying account data from 7.
    engadget - Richard Lawler | July 29, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017