In our previous post we talked about the importance of the role of the CISO when it comes to helping organizations to maintain solid security programs and maintain alignment between what an enterprise decides its security posture should be and the personnel, technical, and process controls that need to be in place to enforce that policy.
A Deloitte survey of 400 executives in the consumer product segment indicates that businesses are confident they can fight cybercrime, but at the same time they are ill prepared to do so. Going by the numbers, business execs indeed have a ways to go to protect customer trust, intellectual property, payments and human capital.
The WannaCry ransomware family took only 24 hours to infect 200,000 computers in over 100 countries last month, affecting companies such as Renault, Nissan, Telefonica Spain, FedEx and more than 40 hospitals in the UK. Researchers around the world were surprised how fast the malware spread without user interaction as a result of outdated Windows versions and inefficient security solutions.
Small and medium-sized business have become top targets for ransomware attacks as a result of poor security, a willingness to quickly give in to ransom demands and ransomware-as-a-service business model, according to a Bitdefender survey.
Let’s face it, being a CISO can be one of the most thankless jobs in the c-Suite. I’m sure there are many security professionals who will say it is in fact the most thankless job in the c-suite.
.jpg?t=1505898813323)
Attackers are now targeting small and medium businesses to extort higher fees, a Bitdefender survey shows, meeting the company’s predictions for 2017.
More than two-thirds (71 percent) of IT security decision makers in France say their companies could ‘definitely’ be a target of cyberespionage campaigns using advanced persistent threats (APTs), according to a recent survey by security firm Bitdefender. These complex cyber tools are crafted for high-profile entities and operate by silently gathering sensitive data over long periods. Another 27 percent of respondents say their IT infrastructure could ‘possibly’ be targeted in high-level cyberespionage actions that exfiltrate intelligence systematically.
Companies care most about information related to clients (i.e. credit cards, demographics, contracts) and employees (i.e. income, salary, service fees, contact information, stakeholders), research data about new products and competition, and financial information, as shown in a Bitdefender survey of more than 500 IT decision makers.
Hybrid infrastructures, a mix of public cloud services and privately owned data centers, have become the major architecture in the enterprise environment. Most companies choose to virtualize more hardware by substituting it with less expensive and more versatile software, as shown in a Bitdefender survey of more than 500 IT decision makers. US IT decision makers say hybrid environments allow more flexibility and room for expansion, while they also increase productivity and security.
• Reputational, financial costs seen as worst consequences of APTs
• IT execs perceive competitors as the main interested parties that could target their organisations
• Most companies have an incident response plan for advanced persistent threats, but underestimate the complexity of targeted attacks
We’re getting to the point where it’s nearly impossible to differentiate between “IT infrastructure” and “cloud.” Organizations continue to shift data and workloads to cloud services, whether they’re private clouds that have emerged from virtualized data centers, private cloud services from a vendor or hosted public clouds offered by service providers.
