JBS, the largest meat producer, paid a $11 million ransom, according to Andre Nogueira, chief executive of Brazilian JBS SA’s U.S. division who shared this information with The Wall Street Journal. No data has been leaked as believed by the company. The decision was said to be painful but right. The transfer was made in Bitcoin in the beginning of June when the incident occurred. The case interfered with the normal flow of several JBS enterprises in Canada and Australia messing up the supply chain and could trigger the growth of the product price.

“Сost per minute of downtime can…

In case you are a CEO there is a set of preventive measures you can take to ensure company’s security and employee trust.

1. Create a culture of information management. The employer needs to explain to the staff that the equipment, software, and information are the property of the company. As practice shows, employees often don’t understand it, so the attitude to the safety of these resources is extremely negligent. …

Blocking within the agent

“Blocking” section has appeared in the Endpoint Controller, it brings together blocking rules managing programs for websites, printing, messengers and files. Their peculiarity is that they work within the agent — they don’t depend on a network connection or a server with the installed SearchInform solution. This allows for a continuous control and proactivity — data gets processed quicker, traffic doesn’t overload network infrastructure, as the system doesn’t have to transfer data between an employee’s PC and a server with the SearchInform DLP on it in order to make a decision whether to permit or limit.

85% of data breaches are the cause of targeting people, not software.

According to Verizon recent report, the majority of data leaks don’t happen due to software undermining, but ensue from scam communication with employees.

The analysis was based on 655 data incidents and 472 breaches in the healthcare industry.

Among the other conclusions drawn from this research there are:

  • Most breaches resulted from interaction with external actors — 61% — rather than due to human error. Anyway, human error might include some episodes of communication with external violators, whether it’s because of negligence or as an insider’s intent
  • Human…

According to SecureLink third-party data breach report, 74% of organisations dealt with leakage consequences due to excessive availability of data to third parties.

In half of cases too much access as well as poor monitoring of privileged access led to misuse of confidential data.

The risks calculation was improperly tackled, thus affecting the quality of third-party access assessment.

51% neglected evaluation of privacy practices and security policies exercised by third-party organisations.

54% granted full responsibility to third-parties after entrusting them with corporate information.

63% of companies literally confided their data to third-parties as to ones with good reputation instead of…

How to choose a system and not to get disappointed

SITA company’s security became compromised by fraudsters who copied personal data of Lufthansa, Air New Zealand, Japan Airlines, Singapore Airlines and about 4.5 million Air India passengers in the beginning of the year. The processing company could confirm the leak only a few months later. CNA Financial had to cover the “expenses” brought by violators’ activity and pay $40 million to retrieve the breached data after a ransomware attack. Opting to pay ransom can not only be a high-priced choice but also an illegal one. How does ransomware needle through…

SearchInform customer — scientific technological pharmaceutical company — has deployed FileAuditor, a DCAP system, and shared the first impression with the company. The purpose of file storage control became especially urgent after the company had introduced the concept of trade secret. The CEO emphasised a few reasons why the system had been purchased and what changes can still be made to FileAuditor to enhance its functions.

1. Detecting trade secret documents in a data flow

Everyone tries to prevent a data breach, although data at rest is as much of an issue. It is important to know both where corporate…

A company can’t ensure effective data and asset protection having only an IT specialist onboard. The main task of IT department is to make sure the infrastructure is sufficient, processes aren’t interrupted and systems work smoothly, whereas infosec officers try to protect your sensitive data putting the security of the corporate perimeter as their priority which doesn’t necessarily go along with the IT department’s concern. CISO takes responsibility for dealing with security threats, preventing possible incidents, supervising the conformity to a company’s internal regulations and providing employees, including IT specialists, with a strategy which would safeguard their activity.

The best…

Expansion of the IT infrastructure complicates controlling who accesses, makes copies, moves from folders, and deletes the information. In case company’s confidential files and folders are not organized, it’s almost impossible to keep that data secure. The task is solved with specialized DCAP systems.

Figure out who needs DCAP and for what purposes!

What tasks does DCAP solve?

The term DCAP, which stands for Data-Centric Audit and Protection, is relatively new. This does not mean that the companies did not need to audit the documents. …

Configure connection to internal services via VPN using two-factor authentication

Make sure that all the services are available outside the office and assess Internet and backup communication channel bandwidth

Install service performance monitoring system. Software is needed for prompt notifying of specialists responsible for risk mitigation of problems in services operating

If an employee works from home on a private PC, you should control operating system and software update installation, antivirus software package proper functioning, conduct malware and virus scan, configure access to terminal servers, provide two-factor authentication

In case an employee works on a corporate PC — deny employee…

Alex Parfentiev

Leading Analyst at https://searchinform.com/, I’m here to address those human factor risks many businesses often neglect or aren’t even aware of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store