Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Verizon Data Breach Report – IT Security Experts from FireMon, Prevalent, Inc. and Palo Alto Networks Comment
News & Analysis

Verizon Data Breach Report – IT Security Experts from FireMon, Prevalent, Inc. and Palo Alto Networks Comment

ISBuzz TeamBy ISBuzz TeamMay 1, 2017Updated:October 1, 20243 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Breach
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Verizon’s Data Breach Investigations Report (DBIR) highlights pretexting, or an attacker impersonating a CEO or CFO or corporate bigwig by spoofing and email to try and get information from employees. For example, the boss might send you an email asking you to help them transfer money or request information about how to do that from the company. IT security experts from FireMon, Prevalent, Inc. and  Palo Alto Networks commented below.

Paul Calatayud, CTO of Intelligent Security Management Firm at FireMon:

paul-calatayud“Pretexting is a very big threat that will continue to grow because it takes advantage of urgency and common cultural situations where employees will set aside procedures and policies in order to make sure the boss does not get upset. Most phishing training focuses on the content: malware and links more than the sender and in this case the sender and what is being asked is the issue.  People will no doubt feel under pressure to make sure the boss is happy and some of the requests will seem entirely legitimate to the right employee.”

Brian Zeman, Chief Operating Officer at Prevalent, Inc.:

Brian Zeman“Today’s 2017 Data Breach Investigations Report (DBIR) drives home four simple truths. It codifies that breaches are overwhelmingly perpetrated by outsiders, for financial gain, and that discovery sharply lags – enabling exfiltrations that do untold harm to consumers, businesses and their partners.

“The fourth truth that’s made plain is the industry’s continued blind spot: years after such major third-party breach events as the Target and Home Depot breaches, third-party risk management continues to be a blind spot.  Recent Ponemon Industry data shows that many organizations continue to fail at effective third-party risk assessment – with just 18% of respondents saying that their company assesses the cyber risks of third parties – yet this risk vector was unaddressed. Compelling breach events and  the third-party risk mandates of new regulations such as NYCRR Part 500 and GDPR make it clear: third party risk management must be a top-five priority for any security-driven organization.”

Greg Day, Vice President and Chief Security Officer at Palo Alto Networks EMEA:

Greg Day“The report highlights that whilst attackers are evolving, for example with ransomware, too many of the organisations targeted by cybercriminals, aren’t. Organisations are holding onto legacy solutions that weren’t architected to address how threats simply don’t stop adapting. There is a gap between where many businesses are and should be in their prevention strategy. This is something the process of how GDPR compliancy focuses businesses to understand and leverage state of the art cybersecurity capabilities on prevention will make clearer and resolve. It’s too easy to keep adding in new requirements, we must be just as diligent around ensuring legacy capabilities are still fit for purpose in an ever-changing threat landscape.

I really welcome how the report spotlights the next generation of social trickery, namely pretexting. Managing credentials is an ongoing challenge with many organisations struggling to get to grips with the implications the cloud brings. For example, once credentials are compromised they can be leveraged via cloud services often bypassing traditional boundary monitoring controls. Visibility and automated correlation over the increasingly diverse IT and associated security has never been more critical. Businesses must start to find better ways to identify misuse of credentials. With increasingly integrated and diverse information systems, we can only expect to see the scale and impact of such attack methods grow.”

 

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Lazarus Group Turns to Medusa Ransomware in Escalating Global Extortion Campaign

February 26, 20263 Mins Read

New Phishing Kit Starkiller Defeats Multi-Factor Authentication

February 23, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}