The topic of cybersecurity is rapidly moving up the agenda of CIOs.
All about Virtualization and Cloud Security | Recent Articles:
It’s common knowledge that cyberattacks will escalate, so upper management has to develop an understanding of the threat landscape, the different types of attacks and what it all involves. Right now, the Trump administration is working on an executive order to clearly establish the duties of agency chief information officers.
2018 appears to be the year of regulatory compliance, threatening to hinder all IT initiatives and projects. Whether it’s The Payment Card Industry Data Security Standard (PCI DSS), the banking sector’s PSD2 (Revised Payment Service Directive), NIST for federal agencies or the EU’s boogey-man - Global Data Protection Regulation (GDPR), organizations worldwide are struggling to meet all industry-specific guidelines and recommendations to avoid substantial fines following an incident.
About a year ago, Europe’s largest electrical and telecommunications retailer was hacked, compromising 5.9 million customer cards and 1.2 million personal records. Dixons Carphone claimed it had been unaware of the breach until recently, so no information had been held back from their customers or regulatory bodies.
Dixons Carphone, the major electrical and telecommunications retailer in Europe, has just confirmed a data breach attempt that occurred almost a year ago in the UK. According to the company’s press release, the security incident affected 5.9 million customer cards and 1.2 million personal records, involving names, addresses and emails, were compromised.
Chances that ransomware will go away any time soon are slim, so security experts can’t emphasize enough the importance for enterprises to seriously invest in cybersecurity and focus on developing risk mitigation strategies to avoid being caught off-guard. For some reason, the number of businesses ready to pay ransom to get their data back is increasing, opening up endless opportunities for hackers working on complex malicious software to further compromise corporate networks.
A few years ago, companies were reluctant to adopt cloud computing because they thought a lack of physical access to the network would deprive them of control over their data. A major shift occurred when they understood that, with suitable configuration and security, cloud computing offers serious benefits.
Companies still struggle with ransomware, phishing, data breaches and other attacks that bypass their security and affect their budgets. Enterprises know they are in dire need of technology that will safeguard their infrastructures from known, unknown, and undisclosed vulnerabilities.
Security executives fear cyberattacks will heavily target critical infrastructures in the near future, but they don’t seem to be doing much about enforcing security policies that also cover IoT devices. Despite the major threat they pose, connected devices have so far been overlooked in security policies. It appears that in general, in spite of the increasing awareness of high-profile cyberattacks and threats, enterprises tend to look the other way rather than invest properly in a cybersecurity strategy.
Cloud security has grown into a major issue for enterprises, as only one company in six encrypts all data, according to a Bitdefender survey. While 85% of CISOs fear security flaws in the public cloud, as many as 51 percent of enterprises don’t properly secure their cloud storage services, according to RedLock, leaving their data exposed to hackers.
Businesses cannot come up with a mitigation strategy to efficiently detect, identify and manage insider threats, according to research from the Ponemon Institute, so they risk the loss of critical confidential data and resources, network shutdown and reputational damage. In the past year, 159 organizations from the United States, Canada, Europe, Middle East, Africa, and the Asia-Pacific region dealt with 3,269 security breaches caused by insider threats due to plain negligence.
In 2015, Russian hackers shut down Ukraine’s electrical grid after infecting the infrastructure with malware. It was only a matter of time until they would target the US power system. As of 2016, US critical operational infrastructures have been under siege by "Russian government cyber actors," as described by the Department of Homeland Security and the FBI.