Authentic8 Blog

2019 in Review: Data Breach Statistics and Trends

Posted by: Gerd Meissner
Published on:

What were the most significant data breaches in 2019? Will ransomware still be a threat in 2020? (Spoiler alert: It’s forecast to be worse than ever.) Which industries were attacked most?

*

We have put together a shortlist of overview articles, surveys, and posts worth returning to for use as a quick reference to consult in 2020.

2019 Data Breach Hall of Shame

Cnet’s Rae Hodge revisits the biggest data breaches of the past year, and she has two words for readers: “unsecured database.” Two years after we posted this, security researchers report more unintentional leakage than ever in 2019.

According to Risk Based Security, (reported) breaches were up 33% over 2018, with a total of 7.9 billion exposed records. As early as in November, the research firm labeled 2019 the "worst year on record."

Illustration: 2019 in Review: Data Breach Statistics and Trends (Authentic8 Blog)

ABA Tech Report 2019: Cybersecurity

The American Bar Association conducts an annual Legal Technology Survey, which culminates in a report on attorney’s use of

Authentic8 Completes FedRAMP ‘In Process’ Authorization Milestone

Posted by: A8 Team
Published on:

Authentic8, the maker of Silo, the leading web isolation platform for commercial and government organizations, announced today that it has completed all requisite steps and is formally “In Process” for FedRAMP authorization.

What Is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide certification program that standardizes the security, reliability, and integrity of cloud products and services. FedRAMP certification aims to ensure consistent compliance across all federal agencies and streamlines approval and procurement processes.

Authentic8 began working with government organizations in 2015. With more than 160 federal, state, and local agencies relying on Silo cloud browsing and web investigation solutions to execute their most important missions, Authentic8 is the largest provider of isolation technology to US government organizations.

“Something as simple as going online presents significant risk to any organization, and government data is a particularly sweet target for cybercriminals and nation states,” said Justin Cleveland, Head of Authentic8’s government business. “Achieving FedRAMP authorization will help us expand

2019 - the Year of Fake Security

Posted by: Scott Petry
Published on:

Record data breaches and a new survey published in December indicate that cybersecurity snake oil peddlers had a ball last year. Their customers, not so much.

*

Remember Francis ("Frankie") Archibald Keyes, Esquire from RSA 2018 and 2019? According to survey results from last year's RSA Conference in San Francisco, the fictitious cybersecurity figure enjoyed significantly higher trust among IT professionals than most real-life vendors or experts.

Of those surveyed in our Cybersecurity Approval Poll at RSA, a total of 88% stated that they trusted Mr. Keyes "much more," "slightly more" or "about the same" as "other cybersecurity vendors and experts."

Frankie was completely made up by Authentic8, and for a short while, his meteoric rise to notoriety had our sales team worried. Would he become more famous than Silo, our pioneering Silo cloud browser and web isolation platform?


Francis ("Frankie") Archibald Keyes, the face of Fake Security in 2019

Those fears were put to rest quickly (sorry, Frankie). At the same time,

Hollywood Hacks & Hackers

Posted by: Amir Khashayar Mohammadi
Published on:

Hollywood’s depiction of hacking, on the big screen and in TV dramas or on Netflix, isn’t always accurate, to put it mildly. A closer look.

*

Flashy pop-ups and green-on-black text screens, with the occasional cat GIF thrown in for good measure, cannot gloss it over: When scriptwriters and directors want to show us what hackers (blackhat, whitehat, and everybody in between - character development!) actually do when plying their trade, reality is relegated to the backseat.

If you spend your days glued to your terminal, compiling piles of code or debugging software, you know first-hand how wrong they have it. Glamour? Suspension? The thrill of the hunt? Let’s get real.

Mr. Robot hides data in CD

Source: Mr. Robot

There are exceptions, though. Many readers are probably familiar with this picture. If you're not, it’s taken from the award-winning TV series Mr. Robot (USA Network). Mr. Robot deserves mentioning in this context as one of the few shows that gets it right (most of

JavaScript: How NPM Maintainer Accounts Amplify Risk

Posted by: Guest Contributor
Published on:

20 compromised JavaScript package “maintainer” accounts - that’s all it takes to bring down the global digital supply chain through malicious code executed in the browser.

*

Attackers need to target only 20 specific maintainer accounts to reach more than half of the entire JavaScript npm ecosystem, security researchers warn. With regular browsers on the receiving end, ready to indiscriminately execute code from affected web pages, this can trigger a disastrous chain reaction.

More than 800,000 free and reusable software packages are available through the npm (“node package manager”) software package registry. Should an attacker breach one of these at-risk accounts, it could bring down the digital supply chain worldwide, the findings of the Technical University of Darmstadt (TU Darmstadt) in Germany indicate.

In their report for Usenix, Small World with High Risks: A Study of Security Threats in the npm Ecosystem, Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel shine a light on the widespread use of npm packages