CIO: Digital Trust: Cybersecurity Trends, Resiliency, and Strategies (March 28th)
IT News - Security

The energy industry is undergoing a massive evolution, much of which is driven by three distinct challenges: ensuring energy security, providing affordable energy, and moving to a cleaner and more sustainable energy future.

The United States Energy Information Administration (EIA) estimates that energy demand will increase by 50% over the next 30 years, while just in the last 12 months energy prices have increased significantly-with some parts of the world experiencing record energy prices and energy shortages. In addition, the energy industry is working to reduce its environmental footprint and accelerate the transition to renewable sources. Herein lies the question-how does the energy industry ensure affordable access to energy, but with a significantly lower environmental footprint?

While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere and increase productivity everywhere, the risks around using cloud technology are still slowly being realised and calculated by many organisations as they experience related attacks

That is according to the Cloud (In)Security research from Zscaler Threatlabz, which analyses cloud workload statistics from over 260 billion daily transactions globally across the Zscaler platform.

According to the report 98.6% of organisations have concerning misconfigurations that cause critical risks to data and infrastructure. This stat is alarming because the majority of cyberattacks on public clouds have been revealed to be due to misconfigurations rather than vulnerabilities. Cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, etc., have led to the exposure of billions of records.

Banks in the U.S. and Europe tout voice ID as a secure way to log into your account. I proved it's possible to trick such systems with free or cheap AI-generated voices.

The bank thought it was talking to me; the AI-generated voice certainly sounded the same.

On Wednesday, I phoned my bank's automated service line. To start, the bank asked me to say in my own words why I was calling. Rather than speak out loud, I clicked a file on my nearby laptop to play a sound clip: 'check my balance,' my voice said. But this wasn't actually my voice. It was a synthetic clone I had made using readily available artificial intelligence technology.

Despite Cybersecurity Investments, Breaches Increasing
Security Boulevard, February 28th, 2023
A survey of 300 CIOs, CISOs and security executives from enterprises in Europe and the U.S. that have more than 1,000 employees found 88% of organizations have been breached in the past two years

This is despite the fact that, on average, they have 44 security solutions in place. Nearly half of the respondents (45%) have been breached in the last 12 months.

Conducted by Surveyz Research on behalf of Pentera, a provider of an automated platform for validating cybersecurity controls, the survey published today also found that only 6% of respondents said their organization has less than 10 security tools and platforms in place.

Busting Myths Around Cybersecurity Team Training
Cyber Defense, February 28th, 2023
New Research Results from Omdia and Cybrary Point to Substantial ROI From Continuous Upskilling of Cybersecurity Teams.

In recent years, cybersecurity has garnered a staggering amount of attention, especially with the rise of high-profile data breaches. But, we still find companies grappling with an absent plan for preparing staff to handle impending and emerging threats. A new research report developed with Omdia examines several common myths about professional cybersecurity training in the hopes of assisting practitioners and technology vendors in dispelling some of these myths and better preparing your organization for the future.

Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents.

Incident response coordinates approaches to manage cyber incidents and fallout to limit the consequences. Incident response frameworks guide the direction and definition of response preparedness, planning and execution by outlining and detailing its elements, steps and stages.

Why is an incident response framework important?

In 2021 alone, there were nearly 24,000 security incidents, which resulted in more than 5,200 confirmed data breaches, according to the "2022 Data Breach Investigations Report" from Verizon. Because breaches continue to mount, often due to hacking or malware, exposure must be reined in.

Ransomware incidents have increased in frequency over the past several years, to the point where this method has become the weapon of choice for many bad actors, who can now launch attacks through ransomware service providers that resemble legitimate technology outfits.

Verizon reports a dramatic surge in the attack method in 2022 - a quarter of all breaches for the year included ransomware. Meanwhile, as Sophos reports in its 'State of Ransomware 2022' report, ransomware impacted 66% of organizations in 2021, an increase of nearly 80% over the prior year.

Let's take a look at 8 prominent ransomware attacks that illustrate the ways modern cyber criminals are approaching ransomware. These attacks also show how damaging ransomware can be to not only corporate organizations, but also to the general public when personal data and entities like municipal infrastructure organizations are targeted.

If your college-aged child is wondering what they should do for a living, here's a great suggestion - cybersecurity. It might be the best way to keep them from moving back home after they earn their diploma.

There simply aren't enough professionals with the right skill sets to fill the number of open cybersecurity positions out there. This means super low unemployment and very competitive pay. Lack of supply and high demand is a worker's best friend.

Some Shocking Numbers

Here's an encouraging, and shocking, stat - in the U.S., the job market for cybersecurity professionals is growing 12 times faster than the overall job market. The bottom line is that there simply aren't enough professionals who possess the right skill sets.

Why Data Breaches Keep Happening to Organizations and What Actions Companies Can Take to Stop It

Over the past decade, data breaches have become more frequent and more destructive, with the average cost of a data breach rising over 13% since 2020 according to IBM. Companies of all sizes and across all industries are struggling to protect their data, keep client and employee information private, and defend themselves from malicious cyberattacks.

See all Archived IT News - Security articles See all articles from this issue