According to Moody’s report, organizations tend to have upped their cybersecurity investments across the board, but with a strong preference for basic measures and cyber insurance.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Over the next 10 years, we will see companies continue to replace their on-premise network and security appliances with a secured corporate network over the internet. Remote access solutions like zero trust network access (ZTNA) and secure access server edge (SASE) are here to stay.
Analysis of leaked chats shows that the Russian Conti ransomware gang had developed proof-of-concept code for stealthy firmware attacks targeting Intel's Management Engine.
It is unclear if the website defacement with ransom notes signals a broader trend, but ransomware gangs have been known to change and evolve their tactics over time.
The Tim Hortons coffee chain became a cherished Canadian institution over nearly 60 years in business. However, questionable mobile app privacy practices tarnished the brand and now have the company facing the wrath of regulators and customers.
Sophos found that 64% of healthcare organizations chose to pay ransom after ransomware attacks in 2021, up from 34% in 2020, but only 2% of payers recovered all encrypted data.
The patch comes as attempts to exploit the zero-day vulnerability began to ramp up worldwide, and was badly needed as there were no other viable remediation techniques to stop remote code execution.
Myths about an SBOM further exposing an organization to attack or leaking trade secrets hamper an enterprise’s security efforts around visibility and transparency into software assets that could put an entire organization at risk.
Cybercrime outfits are increasingly shifting to highly structured and advanced fraud operations, with "scams-as-a-service" models that reflect the similar offerings for other attack types such as ransomware.
The FBI warned higher education institutions that cyber criminals were selling their login credentials on publicly-accessible and dark web Russian hacker forums.










