One lesson that is underscored by the disruption of COVID and the resulting transformation of business operations is the importance of IT modernization. Here, we know that business leaders understand its significance, but we also see evidence that failing to embed security into the strategies and plans for IT modernization may be a difference-maker.
A cold reality in today’s enterprise is that ransomware is looming and threatening organizations constantly – like a lion behind the tall grass waiting patiently for its prey. It has unequivocally become the biggest threat to an enterprise alongside malware and phishing, even more so than a natural disaster or hardware failure, or a zero-day attack.
Recent data from Risk Based Security revealed that the number of records exposed has increased to a staggering 36 billion in 2020. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” Here, we bring you our list of the top 10 data breaches of 2020.
Ransomware penetrates an organization’s IT infrastructure through phishing emails or endpoint vulnerabilities and then encrypts files, holding data hostage until a fee is paid to decrypt them. The FBI has deemed ransomware the fastest growing malware threat, causing significant revenue loss, business downtime and reputational damage. It’s critical organizations protect their data by following the best practices.
Distributed denial of service (DDoS) attacks are more than an inconvenience; they paralyze operations and cause significant direct and indirect costs to those affected. Over 23,000 DDoS attacks are recorded per day, leaving companies to deal with disrupted online services. Recently, New Zealand’s Stock Exchange (NZX) was hit by a large DDoS attack for four consecutive days which led to a stock market closure that barred many from trading.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) will be releasing a document that provides a roadmap to threat mitigation of Position, Navigation, and Timing (PNT) services, a national critical function powering many of the critical infrastructure sectors that enable modern society. The conformance framework was developed with input from industry stakeholders and will help critical infrastructure owners and operators make risk-informed decisions when deciding what PNT equipment to deploy. It provides distinct levels of resilience so end users can choose equipment that’s appropriate for their needs, based on criticality and risk tolerance.
There is a need to rethink enterprise security. User identity has become a critical cybersecurity concern as more remote WFH users have gained secure ID and access to corporate documents and data. A one-problem, one-tool approach to security is no longer sustainable.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.
ESET researchers discovered a previously undocumented backdoor and document stealer used for cyber-espionage. ESET has been able to attribute the program, dubbed Crutch by its developers, to the infamous Turla APT group. It was in use from 2015 until at least early 2020. ESET has seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets. These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators.
On November 4, 2020, the YES on Prop 24 campaign announced the passage of the California Privacy Rights Act (CPRA), with a majority of Californians supporting the measure to strengthen consumer privacy rights. The new law aims to give Californians the strongest online privacy rights in the world. But, does the CPRA do enough to advance the data privacy of California consumers? Many security and privacy leaders argue that it does not. To find out more, we talk to David Bodnick, Chief Technology Officer and co-founder of Startpage, a private search engine.
RSS
