Cisco Annual Cybersecurity breaches Report

Data breaches have been setting new records almost every year for the past decade, and as such, the numbers of compromised consumer records floating around the dark web is astronomical. But while companies of every size and in every industry work to clean up the aftermath of a breach or hacking event, one source has uncovered just how staggering this cost really is.

The latest Cisco Annual Cybersecurity Report shows that “more than a third of organizations that experienced a data breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent… after attacks, 90 percent of these organizations are improving threat defense technologies and processes.”

Sadly, it gets worse. According to, “The effect of breaches on organizations is substantial, 22 percent of breached organizations say they lost customers – 40 percent of them losing more than 20 percent of their customer base. In addition 29 percent lost revenue, with 38 percent of that group losing more than 20 percent. Lost business opportunities were cited by 23 percent, with 42 percent of them losing more than 20 percent.”

So what’s behind all these breach events? A lot of factors. After polling more than 3,000 chief security officers from 13 different countries, Cisco determined that budget issues, lack of integrated system compatibility, and a workforce that had not been trained in even the most basic cybersecurity measures were some of the biggest corporate threats. They also cited the complex nature of trying to navigate their own companies’ IT departments, along with a bizarre mash-up of antivirus and anti-malware software within even the same company. After all, it’s not possible to maintain data security when every workstation is running a different security protocol.

Of course, it doesn’t help that hackers are just as good at their jobs as some companies are ineffective. With new innovations every day and new tactics for stealing large amounts of corporate data, there doesn’t appear to be an end in sight where data breaches are concerned. That obviously doesn’t mean anyone should throw in the towel, but it certainly means that no company or industry is safe, or has a handle on how to block every threat.
Read More

Former Mozilla engineer makes controversial antivirus claim

. Anyone who’s been around a computer for a while has probably been beaten over the head with the long-standing mantra to install and update their antivirus software regularly. AV software is an industry all on its own, and it’s long been seen as the safety net that keeps all our data from falling into the abyss of hackers and scammers. But a new report from a former Mozilla developer sheds a little light on things: not only is it supposedly not as important as the tech world would have us believe, in some cases it may be leaving us vulnerable rather than protecting us.

Robert O’Callahan wrote a blog post late last week and stated that those who run an up-to-date newer Windows OS have no need of any third-party AV installs, and that opting for one of those titles could actually be putting flawed software on your machine.

“At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)”

O’Callahan goes on to cite a Twitter convo that highlighted a genuine problem: the people who are creating our mechanisms – like operating systems and web browsers – are actually hindered by the often-faulty code in antivirus software. When a third-party title attempts to block what it perceives as a threat, the browser developer never gets wind of it and therefore cannot strengthen the browser’s security capabilities.

The author’s recommendation? Run a Windows machine and keep its updates installed, then rely on Microsoft’s inherent security measures. You’ll be more likely to get your protection from the source rather than from what an outside company with a product-pushing agenda perceives to be harmful. That’s all well and good if you run a later Windows version or if you trust Microsoft not to meddle with your privacy, though, and that’s not something that critics of the Windows 10 forced rollout may be willing to do.
Read More