Category: Corporate Risk

The Haunting Horror Story Of Cybercrime

Businesses worldwide face a sense of creeping dread and imminent disruption due to the threat of cybercrime. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to menace both browser and mobile clients.

There’s no way around it. Getting your cybersecurity posture right is the only way to stay safe. Get it wrong, however, and you’ll get the fright of your life in the shape of EU’s General Data Protection Regulation (GDPR) enforcement. There is definitively nowhere to hide this Halloween if you’re breached or fall short of tightening compliance expectations.

Read about the cybercrime threat and about the preventative measures you can take to improve your security posture and safeguard your employees’ applications and sensitive data on Information Security Buzz.

Audits: The Missing Layer in Cybersecurity

There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits. Recent audit findings revealed gaps in the Washington Metropolitan Area Transit Authority’s cybersecurity posture, while deficiencies were similarly pinpointed in an audit of the Michigan Department of Technology, Management and Budget.

There is no question that, in many cases, earlier and expanded input from auditors would have helped organizations that have suffered high-profile cyberattacks from sifting through the financial and reputational damage that ensued.

Read more about the importance of cybersecurity audits on DarkReading.

Why digital transformation puts you at greater risk for cyberattacks

Digital transformations could expose your organization to a greater risk of costly cyberattacks, according to a joint study from ESI ThoughtLab, WSJ Pro Cybersecurity, Security Industry Association, and other organizations. The study surveyed 1,300 companies and found that those whose digital transformations surpass their cybersecurity practices are likely to see a loss of $1 million or more, said the press release.

The study found cybersecurity risks to spike as companies adopt new technology, embrace open platforms, and collaborate with partners and suppliers. Businesses are currently facing the largest attacks from malware (81%), phishing (64%), and ransomware (63%).

Read more about the findings of the new study on TechRepublic.

7 Ways A Collaboration System Could Wreck Your IT Security

It can seem as if no corporate meeting is complete until someone says the word “collaboration.”  And for good reason: Use of collaboration tools is spreading to keep up with the phrase’s ubiquity, with the global collaboration tool market projected to reach nearly $10 billion by 2021.

But before an IT group blithely answers the call for a collaboration system, i.e. groupware applications such as Slack, Microsoft Team, and Webex Team, it’s important to consider the security risks these systems may bring. That’s because the same traits that make these, and similar, applications so useful for team communications also make them vulnerable to a number of different security issues.

Read about seven risks of using collaboration systems on DarkReading.

Nearly Half of Americans Willing to Give Brands a Pass for a Data Breach

New data shows that the U.S. public is surprisingly forgiving despite data breaches and controversies as long as companies demonstrate good faith.

Consumer Attitudes Toward Data Privacy and Security Survey by Janrain also found that 42 percent of U.S. consumers surveyed report at least being open to forgiving the brand, while 7% refuse to forgive brands for allowing bad actors access to their personal data. Fourteen percent have lost all faith in an organization’s ability to protect their data.

Read more about the findings of the new survey on Security Magazine.

UK firms face 65,000 cyber attacks a day

Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks each day, according to figures released by Hiscox to help raise awareness of the prevalence of cyber crime.

Cyber security incidents cost the average small business £25,700 (over $33,700) last year in direct costs, including ransoms paid and hardware replaced, in addition to indirect damage such as the impact on reputation or loss of customers. The insurer estimated the hacking figures based on tests which monitor, in real-time, the total number of attempted attacks on three “honeypot” computer systems typical of those used by small firms.

Read more about the findings of the new Hiscox report on The Scotsman.

ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident

Nearly half (46 percent) of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event.

The survey, of more than 3,150 professionals, found that a lack of organizational policy awareness when it comes to cybersecurity is hampering efforts to improve incident response benchmarks. About a third (30 percent) of CEO and executive-level respondents identified a lack of employee understanding of the organization’s cyber-incident response plan as their biggest challenge when it comes to dealing with an attack.

Read more about the findings of the new survey on Threatpost.

FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors

An empirical assessment of cybersecurity risk across multiple industries shows that media, telecom, and technology firms are at least twice as likely to experience a material breach in the next 12 months compared with organizations in the energy and utilities sectors.

The assessment, by the US Chamber of Commerce and FICO, also shows that larger companies are at greater risk of cybersecurity incidents than smaller businesses, and that the construction industry is the highest scoring sector on the security front.

Read more about the findings of the risk assessment on DarkReading.

9 in 10 organizations have a cybersecurity culture gap

With cybersecurity threats continuing to escalate worldwide, the ISACA/CMMI Institute Cybersecurity Culture Report found that just 5 percent of employees think their organization’s cybersecurity culture is as advanced as it needs to be to protect their business from internal and external threats.

Cybersecurity culture is a workplace culture in which security awareness and behaviors are integrated into everyone’s daily operations, as well as an executive leadership priority. In a threat-ripe environment, an effective cybersecurity culture can help employees understand their roles and responsibilities in keeping their organizations safe and customer data secure. However, just 34 percent of respondents say they understand their role in their organizations’ cyber culture.

Read more about the findings of the new report on Help Net Security.

Almost half of cyberattacks are directed at SMBs, here’s how to stay safe

Cyberattacks on big companies often make headlines, but some 43% of all cyberattacks actually target SMBs, according to data compiled by SCORE. Macro malware is the most impactful form of cybercrime affecting SMBs currently, according to a press release announcing the findings.

In 2017 alone, SMBs faced 113,000 incidents of macro malware, the release said. Macro malware is often found in malicious email attachments, appearing as a word processing document or similarly familiar type of file.

Read more about the findings of the new SCORE report on TechRepublic.