The article states that there are top five places in 2019 where hackers can steal corporate and government data without detection. The details are as follow;
- Misconfigured cloud storage: “(ISC)² Cloud Security Report 2019 assets that 64% of cybersecurity professionals perceive data loss and leakage as the biggest risk associated with the cloud.” In order to mitigate this, a cloud security policy should be established and regularly updated inventory of cloud infrastructure.
- Darkweb: “Notorious Collection #1, revealed in 2019 by security expert Troy Hunt, is a set of email addresses and plaintext passwords totaling 2,692,818,238 rows”. To protect, set up holistic password policy and incident response plan.
- Abandoned and unprotected websites: “The same report revealed that 25% of e-banking applications were not even protected with a Web Application Firewall (WAF). Eventually, 85% of applications failed GDPR compliance tests, 49% did not pass the PCI DSS test.” To mitigate, the in-depth web penetration testing should be conducted.
- Mobile Applications’ backends: There is a vulnerability on API. To protect, conduct mobile penetration testing.
- Public code repositories: Some organization store high sensitive data in the open and accessible repositories like GitHub. To mitigate this, the policy related to code storage and access management should be established and then enforcing it to both internal and third-party.
Leave a Reply
You must be logged in to post a comment.