. home.aspx

NEWS

home.aspx
   


What you may be getting wrong about cybersecurity

October 29, 2019 / Lysa Myers

When we hear about breaches, we assume that attackers used some never-before-seen, zero-day exploit to breach our defenses. This situation is normally far from the truth. While it is true that nation-states hold onto tastily crafted zero days that they use to infiltrate the most nationally significant targets, those targets are not you. And they’re probably not your organization, either. At this year’s Virus Bulletin Conference, much like in years past, we were regaled with many tales of attacks against financially important, high-profile targets. But in the end, the bad actors didn’t get in with the scariest ’sploits. They got in with a phishing email, or, as in a case that one presenter from RiskIQ highlighted, they used wide-open permissions within a very popular cloud resource.