Fabian Sommer/picture alliance via Getty Images The US is preparing to ban the world’s most popular router over national security fears. According to a report from the Wall Street Journal, Chinese-owned TP-Link is currently under investigation by the US Justice, Commerce, and Defense departments because of its link to several high-profile hacking incidents. The move […] More

The highly orchestrated symphony of grouping employees into well-defined roles with specific and granular access to enterprise apps/services is breaking down under the frenetic rock ‘n’ roll era of dynamic business. The instruments of creative destruction — digital transformation, cloud migrations, DevOps, and Agile methodologies — are powering the new sound. If security and risk […] More

Brazil was the fourth most breached country in the world second quarter of 2022, according to a global data breach study produced by cybersecurity company Surfshark.With 3.2 million users breached in Q2, the report suggests Brazil has seen a seven-fold increase in leaked accounts quarter-over-quarter, and a 771% spike compared to the previous quarter when the country had seen a slight improvement in its data breach situation. Russia tops the list with 28.8 million breached users, followed by India (4.4 million) and China (3.4 million), while Brazil ranks fourth, surpassing the US (2.3 million) which appeared in the fifth position.According to the report, since data breaches became widespread in 2004, 15.1 billion accounts have been leaked, of which 244.4 million belong to Brazilian users. The study added that, for every ten leaked accounts in Brazil, half are stolen alongside a password.Across South America, an average person has been affected by data breaches at least once. However, in Brazil, these statistics go up even higher, said Agneska Sablovskaja, data researcher at Surfshark. “The difference could be due to user online habits or data collection practices by various services or applications. A high number of affected accounts show that there is more to be done in regards to online data protection,” she added.Breach rates in the second quarter of 2022 have seen a 2% increase globally, with 459 accounts being leaked every minute compared to 450 in the first quarter of 2021, according to the study. In Brazil, the breach rate in Q2 2022 has risen from around 3 to 25 breached accounts per minute compared to the first quarter of the year.According to a separate study released in December 2021 by PwC, the vast majority of Brazilian companies plan to boost their cybersecurity budgets in 2022. The study noted the increase in cyberattacks against local organizations was among the key concerns of senior decision-makers.The study suggests that 45% of Brazilian companies estimate an increase of 10% or more in investments in data security, compared to 26% worldwide. Only 14% of Brazilian leaders expressed the same levels of concern about cybersecurity in 2020, against 8% worldwide. In 2021, 50% of the companies polled by PwC claimed to have allocated up to 10% of their technology budget to security-related actions.
ZDNet Recommends More

Kayla Solino/ZDNETFollow ZDNET: Add us as a preferred source More

Microsoft unveiled a new suite of tools on Thursday built to protect nonprofits as threats against philanthropic organizations globally have skyrocketed, particularly from nation-states. The Microsoft Security Program for Nonprofits has three different components, including free access to the AccountGuard program, free security assessments and free training pathways for IT administrators and end-users.Justin Spelhaug, vice president of Microsoft Tech for Social Impact, and Flora Muglia, business strategy manager for Microsoft Tech for Social Impact, told ZDNet that the company’s goal is to sign up 10,000 nonprofit organizations in the next year and 50,000 organizations over the next three years.Spelhaug said the company was interested in creating the program because nonprofits have become the second most targeted industry by nation-state attacks.”31% of all nation-state notifications that we send out to organizations go to nonprofits. These are organizations that are human rights organizations, think-tanks, organizations with sensitive information that nation-states want to get their hands on,” Spelhaug said.”Cybersecurity threats are on the rise, and most nonprofit organizations do not have the same advanced network security protocols or resources or security models that a well-funded private corporation might have. 70% of nonprofit organizations haven’t conducted a vulnerability assessment, 80%, based on our research, don’t have a cybersecurity strategy in place. And that just makes cybersecurity threats more of a reality each and every day. The attacks are becoming more sophisticated.”He specifically mentioned Microsoft’s warning in May that Russian-backed group Nobelium was conducting a wide-ranging phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the email marketing platform Constant Contact. 

The attack targeted roughly 3,000 accounts at more than 150 organizations. At least a quarter of those involved work in international development, human rights and humanitarian work. “The sector is at a critical junction because we’ve all gone digital. The pandemic has made us all go even more digital, and threat vectors are increasing. Unfortunately, nonprofits are being targeted, and we need to do something about it. And that’s why we built this program,” Spelhaug said. Data from Microsoft shows that NGOs received 23% of all notifications from 2018 to 2021. These organizations are typically considered attractive targets for nation-state actors because they carry information about political views and loyalty to parties or individual political candidates. In a recent survey, 21% of North American foundations reported a security breach in the preceding two years, with ransomware attacks as the largest single cause (38%), Microsoft said, adding that the average cost of a security incident in the nonprofit sector is $77,000, with the current average cost of a data breach overall being $4.24 million, 10% higher than the average cost in 2019. Muglia said the program will also help organizations that need to comply with certain rules for cybersecurity insurance and assist in finding where their gaps might be. Muglia explained that the free security assessments will help organizations better understand their risk profiles, their vulnerabilities in their existing endpoints, identity access, infrastructure, network, and data with the objective of “supporting and prioritizing an immediate action and remediation plan to better protect their environment from any imminent risk with support from its partner ecosystem.”The AccountGuard tool identifies when an Office 365 organizational domains or Outlook and Hotmail personal domains are targeted or compromised by nation-state actors, letting organizations know before it’s too late. “Microsoft has cultivated training pathways to streamline the top-recommended training for nonprofits, regardless of role. Employees from any background will be able to learn the latest strategies to protect themselves from online scams and attacks and work from home more securely,” Spelhaug noted. Muglia added that ahead of the announcement on Thursday, a few hundred organizations signed up for the AccountGuard part of the program when it went live in many organizations’ Microsoft portals on September 26. “Most nonprofit organizations do not have large IT teams. They do not have in-depth security specialists, and they do not have consulting firms guiding their every action to protect their data and they often are federated, meaning they have disparate IT systems and different environments under the same organization,” Spelhaug said. “There’s a lot of work to be done in this industry. Every online NGO has donors, funders and beneficiaries. They have important information to protect, and our technology and the offers that we’re providing scale down to small organizations.”As an example, Spelhaug shared the story of the International Rescue Committee groups working in Afghanistan. He said they are one of the few organizations that stayed behind to help with the humanitarian situation caused by government change. As an organization working with dozens of different ethnic groups and vulnerable populations, they needed to protect their data. “It was critical for the IRC to get the right information security technology in place to protect the data of their staff members so that it did not fall into Taliban hands and be used for purposes of persecution, effectively allowing them to identify different ethnic and religious groups to do bad things,” Spelhaug said. “We mobilized immediately, and we’ve deployed our endpoint protection capabilities as well as some advanced security capabilities with IRC in an effort to protect the staff. But just as importantly, to protect the beneficiaries, they serve in Afghanistan.” More