There’s been a lot of focus lately on the best ways to safeguard corporate networks and fend off targeted attacks, and on total cost of ownership. But CISOs worldwide are struggling with an even worse problem that greatly affects their companies long-term: a widening cybersecurity talent shortage.
HOPLIGHT, a critical backdoor Trojan linked to North Korean APT group Lazarus, has been found in the wild, warn the FBI and the Department of Homeland Security in a new malware analysis report.
While digital transformation and the e-commerce bubble in late '90s have reshaped the way companies do business, increasingly sophisticated cyber-attacks call for immediate and sometimes overly complex defenses. Security tool vendors have been more than willing to provide an ever expanding array of tools and technologies, many with dubious value.
In about two months, two years will have passed since the WannaCry ransomware attack, a large-scale, global security incident that spread through the EternalBlue exploit targeting computers operating on outdated Windows systems. It affected over 300,000 computers that were still using vulnerable software such as Windows Vista and Windows 7, which had already been obsolete for quite a while.
The Facebook data breach of 2018, probably the biggest of the year, illustrates better than any other example that no company, big or small, is immune to hackers. One would expect a company of Facebook’s size to sustain top-tier research and development for cybersecurity, but last year’s breaches prove it’s vulnerable anyway.
In 2018, companies struggled to mitigate large-scale attacks and data breaches, but apparently too little action has been taken to improve defenses in 2019. Businesses are trying to be proactive. They have increased cybersecurity budgets and invested in resources, including in qualified IT staff. So why are they, financial services specifically, still falling for social engineering scams and malware attacks? What hampers efforts to safeguard their networks?
Only three months short of its first year anniversary on May 28, it’s time to take a look at EU’s GDPR by numbers. Enforced to protect European users from unethical and illegal commercial practices, the internet privacy law has so far led to three major fines for privacy infringement.
Financial services organizations operate with high volumes of valuable data, making them an attractive target for hackers. They are vulnerable to scams, fraud and banking Trojans, so data security in this sector is critical. IT executives struggle to optimize cybersecurity, as they often deal with low budgets and a lack of skilled workers to implement better security. These are top roadblocks, especially as open banking exposes their data and infrastructure to third-party vulnerabilities.
Not taking security strategy and execution seriously enough to come up with a proper incident response program is a problem that is regularly noticed. Businesses large and small fear customer information, financial data or corporate secrets will fall to the wrong hands in an advanced malware attack. But they keep investing in the wrong projects, work with outdated software, don’t train employees about passwords and phishing to prevent human error and internal attacks, and don’t look into third-party vulnerability protection.
The ‘bring-your-own-device to work’ trend has made traditional security methods appear obsolete. It seems the good old-fashioned password authentication or code received via text on a smartphone can’t cut it anymore. Multi-factor authentication and biometric security appear to be the answer for now for both organizations and consumers.
After 40 percent of UK businesses reported data breaches or security incidents in the past year, the government wants to completely “design out” complex cyber risks and attacks. To achieve this and strengthen national infrastructure and consumer security, officials plan to issue an impressive challenge to enterprises across the UK.
Businesses are struggling to develop cyber resilience to fend off attacks as they seek to create flawless operations and to scale systems. Efficient cybersecurity in an advancing digital economy is no easy goal, as many factors are at play, including third-party risks and increased attack surface, as a result of extensive interest in IoT deployments. This is why corporates and governments need to work together to set up priorities to help enable digital transformation and build trust through proper safeguards on consumer data privacy.
