CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions.

A group of business women discussing something with people in the background
Source: Image Source Limited via Alamy Stock Photo

Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

In this issue of CISO Corner:

  • Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

  • Held Back: What Exclusion Looks Like in Cybersecurity

  • Why Haven't You Set Up DMARC Yet?

  • DR Global: 'Muddling Meerkat' Poses Nation-State DNS Mystery

  • Shadow APIs: An Overlooked Cyber-Risk for Orgs

  • The Cybersecurity Checklist That Could Save Your M&A Deal

Also: Dark Reading's brand-new podcast, Dark Reading Confidential, is coming this month, bringing you rare, firsthand stories from cybersecurity practitioners in the cyber trenches. Follow or subscribe on Spotify, Apple, Deezer or Pocket Cast, so you won't miss any episodes!

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

By Tara Seals, Managing Editor, Dark Reading

MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.

The Verizon Business' 2024 Data Breach Investigations Report (DBIR) this week detailed just how far patching can go in heading off a data breach, with big spikes in the use of zero-day use and the use of exploits overall marking the beginning point of breaches in the past year.

The MOVEit software breaches alone accounted for a significant number of analyzed attacks.

It also noted that a full 68% of the breaches Verizon Business identified involved human error — either someone clicked on a phishing email, fell for an elaborate social-engineering gambit, was convinced by a deepfake, or had misconfigured security controls, among other snafus.

In all, a picture in this year's DBIR emerges of an organizational norm where gaps in basic security defenses — including the low-hanging fruit of timely patching and effective user awareness training — continue to plague security teams, despite the rising stakes for CISOs and others that come with "experiencing a cyber incident."

Fortunately, there are ways to make these insights actionable for enterprises.

Read more: Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

Related: Anatomy of a Data Breach: What to Do If It Happens to You, a free Dark Reading virtual event scheduled for June 20. Verizon's Alex Pinto will deliver a keynote, Up Close: Real-World Data Breaches, detailing DBIR findings and more.

Held Back: What Exclusion Looks Like in Cybersecurity

By Jane Goodchild, Contributing Writer, Dark Reading

You can't think about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.

Systemic exclusion of certain demographics is a troubling reality for many in the cybersecurity industry, even as they try to innovate, collaborate, and make a meaningful impact in their roles. These groups still struggle in making connections with colleagues, being invited to key meetings, and getting face time with important executives in the company.

Women are five times more likely to report exclusion from direct managers and peers, according to Women in CyberSecurity's (WiCyS) "2023 State of Inclusion Benchmark in Cybersecurity Report." But exclusion is not just limited to gender. Individuals with disabilities and intersectional identities experience levels of workplace exclusion comparable to, or even exceeding, those related to gender, emphasizing the compounded impact of multiple differing identity traits.

It's not just about being left out of the room. Being on the receiving end of disrespectful behaviors, sexually inappropriate advances, and a lack of appreciation for skills and experience can also make it hard to advance in the workplace. These kinds of microaggressions are difficult to pin down, experts say.

Read more: Held Back: What Exclusion Looks Like in Cybersecurity

Related: Cybersecurity Is Becoming More Diverse … Except by Gender

Why Haven't You Set Up DMARC Yet?

By Robert Lemos, Contributing Writer, Dark Reading

DMARC adoption is more important than ever following Google's and Yahoo's latest mandates for large email senders. This Tech Tip outlines what needs to be done to enable DMARC on your domain.

In January, adoption of the email standard for protecting domains from spoofing by fraudsters — Domain-based Messaging Authentication, Reporting and Conformance, or DMARC — became a necessity as companies prepared for the enforcement of mandates by email giants Google and Yahoo. DMARC uses a domain record and other email-focused security technologies to determine whether an email comes from a server authorized to send messages on behalf of a particular organization.

Yet three months later, while almost three-quarters of large organizations (73%) have adopted that most basic version of DMARC, the share of those organizations that would pass the most stringent standards vary significantly by nation. At the same time, threats are ramping up that target those who last strong DMARC protection.

Here are the steps for setting up DMARC and avoiding an easily defended-against compromise.

Read more: Why Haven't You Set Up DMARC Yet?

Related: DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn

DR Global: 'Muddling Meerkat' Poses Nation-State DNS Mystery

By Rob Lemos, Contributing Writer, Dark Reading

Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.

A freshly discovered cyber threat group dubbed Muddling Meerkat has been uncovered, whose operations feature covert traffic immune to China's government-run firewall; it also uses open DNS resolvers and mail records to communicate.

The China-linked group has demonstrated its ability to get specific DNS packets through the Great Firewall, one of the technologies separating China's Internet from the rest of the world; and Muddling Meerkat is also able to get DNS mail (MX) records with random-looking prefixes in response to certain requests, even when the domain has no mail service.

The goal of the capability remains unclear — most likely it's for reconnaissance or establishing the foundations of a DNS denial-of-service attack, but it's sophisticated and needs further analysis.

The threat research comes as the governments of the United States and other nations have warned that China's military has infiltrated critical infrastructure networks with a goal of pre-positioning their cyber operators for potential future conflicts.

Read more: 'Muddling Meerkat' Poses Nation-State DNS Mystery

Related: China Infiltrates US Critical Infrastructure in Ramp-up to Conflict

Shadow APIs: An Overlooked Cyber-Risk for Orgs

By Jai Vijayan, Contributing Writer, Dark Reading

Organizations shoring up their API security need to pay particular attention to unmanaged or shadow application programming interfaces.

Shadow APIs are Web services endpoints that are no longer in use, outdated, or undocumented, and therefore not actively managed. Often neither documented nor decommissioned, they often translate to significant risk for organizations.

In recent years, many organizations have deployed APIs extensively to integrate disparate systems, applications, and services in a bid to streamline business processes, boost operational efficiencies, and enable digital transformation initiatives.

But one of the biggest surprises for enterprises that increase their visibility into API activity is the sheer number of shadow endpoints in their environment that they were previously unaware of, says Rupesh Chokshi, senior vice president, application security at Akamai.

How to tackle this proliferation challenge? The first step to enabling better API security is to discover these shadow endpoints and either eliminate them or incorporate them into the API security program, he notes.

Read more: Shadow APIs: An Overlooked Cyber-Risk for Orgs

Related: API Security Is the New Black

The Cybersecurity Checklist That Could Save Your M&A Deal

Commentary by Craig Davies, CISO at Gathid

With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.

When two companies are combined, a vast amount of sensitive data and information is exchanged between them, including financial records, customer information, and intellectual property. Additionally, different types of software and hardware often need to be integrated, which can create security vulnerabilities for cybercriminals to exploit.

With mergers and acquisitions (M&A) making a much-anticipated comeback, soaring by 130% in the US to top $288 billion, baking in cybersecurity to the process is critical to protect and safeguard the integrity of confidential data. In fact, it can make or break an M&A deal.

To avoid that terrible scenario, take a look at the M&A Cybersecurity Checklist, aimed at helping organizations safeguard their digital assets before, during, and after a deal goes through:

  1. Adopt risk metrics.

  2. Establish a dedicated, joint cybersecurity team.

  3. Develop a risk mitigation strategy.

  4. Plan for IT integration.

  5. Check for third-party risks.

  6. Establish identity and access governance and management.

  7. Create an incident response plan.

  8. Ensure ongoing monitoring.

  9. Train employees.

Read more on each of the steps: The Cybersecurity Checklist That Could Save Your M&A Deal

Related: Navigating Tech Risks in Modern M&A Waters

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights