The Pegasus spyware sold by NSO Group, supposed to only be available to law enforcement and intelligence agencies for legitimate and legal uses, appears to be widely available to repressive governments with little oversight.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Here’s what needs to be done at the enterprise level to ensure bulletproof cybersecurity against state-sponsored cyber attacks in the most uncertain times of COVID-19 and beyond.
New vulnerability disclosure rules announced by the Chinese government have raised the prospect of "zero-day hoarding," as anything discovered in the country must now be reported to the CCP and to no one else (in most cases).
As ransomware attacks surge and hackers become increasingly bold, the Biden administration is forging ahead with a package of new measures that includes up to $10 million for information that leads to the identification of attackers that hit critical infrastructure.
With cybersecurity professionals spending as much as 30% of their time chasing down groundless reports of risky behavior or unauthorized data access, false positives are becoming a big problem for many organizations.
Nearly 100% of companies suffered at least one data breach in past 18 months. Most cited inadequate identity management and the lack of visibility as the major cloud security threat.
Knowing the common manipulative tactics – exploiting every emotional hot button (anxiety, uncertainty, urgency) – used in phishing is the first step to understanding how to identify and deflect them; and it requires a repetitive process.
President Joe Biden warned Vladimir Putin that there would be consequences for ransomware attacks launched from Russia even if they were not sanctioned by the Kremlin.
REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have very suddenly disappeared from the internet. The group has even closed up pages advertising its services on the dark web.
A third-party data breach on Morgan Stanley’s account maintenance contractor Guidehouse leaked customers' data via an Accellion hack in Jan 2021 and reported half a year later.










