Ukraine warns of Russian plans for massive cyber attacks on Ukraine's critical infrastructure to slow down the counteroffensive and those of Kyiv's allies in retaliation for support.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Following Optus hack, the Telstra data breach appears to be limited to the signup process of a third-party rewards system for company staff, but two telcos losing personal information in two weeks has caused serious concern.
To ensure that the patient information being generated, stored and exchanged is secure, healthcare organizations are rapidly implementing mobile device management (MDM solutions) to push extensive security policies and tailor the usage of their diverse types of devices to ensure that the data stored on them is secured efficiently.
About 50% of those who had information stolen say they were victimized more than once. And the number of people that lost at least $10,000 to personal data theft jumped from 9% of respondents to 30% in 2021.
Microsoft Exchange zero-day vulnerabilities affect an estimated 250,000 on-premise servers. The company is aware of attacks involving a single state-sponsored group that compromised less than ten organizations.
APIs are being deployed so fast and at such scale that companies risk both not knowing what they have (Shadow APIs), and losing control of API security, including exposing vital data and processes.
The fallout from the Log4j vulnerability has prompted bipartisan action to beef up open source software security. Proposed act would task CISA with developing a risk framework to evaluate open source code used by the federal government, and could be passed on to critical infrastructure businesses.
Generally speaking, the more SaaS applications an organization has in its tech stack, the greater the risk of suffering a cyberattack. Many organizations take a hands-off approach to SaaS security, making these applications a prime target for hackers.
15 year-old flaw in a default python module introduces supply chain vulnerability to over 350,000 open source projects and the applications that use them, including SDKs, AI/ML, security, management, and developer tools.
The days of managing from the shadows are long gone for the CISO. Today’s CISO is more than an advisor to the C-suite with 88% of boards of directors viewing cybersecurity as a business risk. The role for the CISO has expanded to encompass advising the entire business and employees on how they can help ensure data security.










