The lack of political leadership to face targeted attacks is contributing to the poor job the UK is doing on its national security strategy, says a UK government report discussing the cyber security of the nation’s critical national infrastructure.
The US Department of Homeland Security Computer Emergency Readiness Team has just issued a technical alert earlier this week, warning that US companies operating in critical sectors are at risk, as cyberespionage attempts from foreign governments were detected. Key targets include Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing. From as early as May 2016, CERT says extensive Advanced Persistent Threat tactics, techniques, and procedures were deployed to infiltrate MSPs (managed service providers) customer networks to steal confidential information and interfere with government and business operations.
Bitdefender has recently investigated a series of advanced cyberattacks aimed at financial institutions, designed to covertly exfiltrate massive amounts of money in coordinated strikes.
Data breaches not only cost companies millions, but they also inflict reputational damage, customer turnover and operational costs. The average cost of a data breach has risen 6.4% to a global average of $3.86 million this year, according to research from the Ponemon Institute.
Security executives fear cyberattacks will heavily target critical infrastructures in the near future, but they don’t seem to be doing much about enforcing security policies that also cover IoT devices. Despite the major threat they pose, connected devices have so far been overlooked in security policies. It appears that in general, in spite of the increasing awareness of high-profile cyberattacks and threats, enterprises tend to look the other way rather than invest properly in a cybersecurity strategy.
Some 42 percent of IT security professionals ignore critical security issues, especially if they don’t know how to fix them (16 percent), according to a recent survey of 155 IT professionals by Oyutpost24.
Businesses cannot come up with a mitigation strategy to efficiently detect, identify and manage insider threats, according to research from the Ponemon Institute, so they risk the loss of critical confidential data and resources, network shutdown and reputational damage. In the past year, 159 organizations from the United States, Canada, Europe, Middle East, Africa, and the Asia-Pacific region dealt with 3,269 security breaches caused by insider threats due to plain negligence.
The ease-of-exploit rating has made the financial sector a cybercrime magnet for years, especially for targeted extortion attacks. The industry has fallen victim to numerous security breaches, data exfiltration hacks, DDoS attacks taking down global online operations and disrupting services, and has lost millions to malware and ransomware attacks. So what’s next?
Doctors can’t prescribe proper treatment for patients without identifying and analyzing symptoms to make a clinical diagnosis. It’s the same for CISOs, who are responsible for their organization’s digital health.
Government CIOs have a full agenda for 2018, including top investments in cloud services (19%), cybersecurity (17%) and big data analytics (16%), according to Gartner’s 2018 CIO Agenda Survey. The predictions are based on interviews with 3,160 CIOs from 98 countries, including 461 who work in government institutions.
While modern technology makes possible new business models to drive growth and profitability, digital transformation opens your business to more cybersecurity risks, according to a survey by Thales and 451 Research.
