Tag Archive for: Lacking

Enterprise ransomware preparedness improving but still lacking

/in


The majority of organizations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, “The Long Road Ahead to Ransomware Preparedness” by Enterprise Strategy Group, a division of TechTarget.

Ransomware is a top priority

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organizations plan to invest more in ransomware preparedness over the next 12 to 18 months.

How are companies handling ransomware preparedness?

With preparedness investments expected to grow, the survey asked how organizations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

Chart showing what ransomware preparedness activities companies engage in
Data recovery testing and employee security awareness training are among the top activities organizations are focusing on for ransomware preparedness.

How unprepared are companies?

Companies said they are improving their fight against ransomware, but it’s clear that more work needs to be done. Ransomware preparedness gaps exist, and few organizations have solid mitigation strategies in place. Among activities that need more attention are the following:

  • Vulnerability management. Only 47% of respondents said their organizations can remediate issues within 30 days of discovering them….

Source…

Cybersecurity: What a convicted hacker thinks Australia is lacking in cybersecurity

/in


In 1998, Skeeve Stevens was jailed for a hack that was described at the time as Australia’s most “notorious” internet cybercrime. Today, it sounds very similar to the breach that hit Optus in September.
Under the pseudonym Optik Surfer, Stevens hacked internet provider AusNet and shared the credit card and personal details of 1200 people with journalists. His aim was to lay bare the shortcomings of AusNet’s system. For his actions, he was jailed for 18 months.
These days Stevens spends his time consulting with state and federal police, intelligence agencies, the Australian Defence Force and law firms, among others, discussing the weaponisation of technology.

Here’s what he wants you to know about the state of cybersecurity in Australia, who is drawn to hacking, and why they turn criminal.

Money aside, why do people hack?

Stevens told The Feed: you don’t “become a hacker, you kind of always are.”
It’s for people who are curious, talented, but mostly, it’s for people who like puzzles. Stevens just wanted to keep prodding to see where it would take him. Decades ago he hacked into Australian universities, vending machines, and even US agencies, just to see if he could.

“I thought ‘oh that’s cool, now if I do that, do I get that? Does this plus that equal that?” he said.

But he said hackers can veer towards criminality when their skills and talent aren’t met with enough ethical guidance during their learning process.
“I’ve seen eight-year-old girls that are coding three [computer] languages. Some of our kids are amazing,” he said.

“But are they being guided by teachers that can actually help harness and frame those skills? This is where you’re going to end up with bad actors or bad hackers.”

What is missing in Australia’s approach?

Stevens said the first thing Australia is lacking is literacy around cyber security at various levels. He said it starts with the average Australian and extends all the way to those making decisions about data collection and storage.
“There’s a lot of ‘FUD’ in the industry: fear, uncertainty, and doubt from officials,” said Stevens, noting that companies and politicians should be clearer in their communication and messaging.
While cyberattacks are commonplace and…

Source…

Cyber security likely lacking for U.S. businesses | Business

/in


Cyberattacks are big business for computer crooks. In May, Russian cybercriminals crept into the computer-controlled Colonial Pipeline, which pushes petrol for jets and vehicles between Houston, Texas, through the South, and up to New Jersey.

The company itself shut the pipeline down and paid $4.4 million in bitcoin to the hackers, of which $2.3 million was later recovered by federal law enforcement agencies.

In six days, as many 80% of gas stations in the South and Southeast, including Central Virginia, were out of fuel. Panicked people pumped gas into a variety of containers from stock watering tanks to plastic grocery bags.

Some attacks can pose a health danger. In February, a hacker increased the amount of sodium hydroxide – lye – in Oldsmar, Florida’s water treatment system. The move could have had drastic health consequences to customers, but a worker spotted the adjustment and immediately reversed it.

Other attacks cost business big money. When Target Stores computer systems were hacked on Black Friday 2013, more than 110 million customers had their credit card numbers, associated personal identification numbers and even emails and addresses scooped up by hackers.

The data breach cost the company more than $300 million, officials estimated, not including $90 million that was covered by insurance.

Source…

Cyber security likely lacking for US businesses | Business | dailyprogress.com – The Daily Progress

/in



Cyber security likely lacking for US businesses | Business | dailyprogress.com  The Daily Progress

Source…