Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business. Show all posts
Ransomware
Business Cyber Crime Finance Sector Identity Theft Ransomware

Ransomware Gangs Target Weekends and Holidays for Maximum Impact

 


A new report by cybersecurity firm Semperis reveals that ransomware gangs are increasingly launching attacks during weekends and holidays when organisations are less equipped to respond. The study found that 86 percent of ransomware incidents occurred during off-peak times as companies often scale back their security operations centre (SOC) staffing. While most organisations claim to run 24/7 SOCs, 85% admit to reducing staff by up to half on weekends and holidays, leaving critical systems more exposed. According to Dan Lattimer, an area vice president at Semperis, many organisations cannot afford the high cost of maintaining full SOC coverage each day. He noted, for example, that some organisations assume they are less exposed to risk during weekends because fewer employees are online to fall prey to phishing attacks. Others perceive their exposure being low because they have never had a threat in the past, further reducing the monitoring effort.


Why Cybercriminals Prefer Off-Peak Hours

Attackers leverage these openings to elevate the chances of their success. Performing attacks during weekends or holidays gives them a relatively longer timeframe to conduct an operation secretly so they can encrypt files and steal sensitive information with little hope of interfering soon. According to Lattimer, this tactic increases the chances of receiving ransom money because the organisations are willing to regain control at any critical downtime.

The report also showed that finance and manufacturing were among the most often targeted sectors, with 78 percent and 75 percent of organisations in the respective sectors reporting attacks on weekends or holidays. Furthermore, 63 percent of respondents said the ransomware related to major corporate events such as mergers or layoffs, which often cause additional diversion for IT teams. 


Identity Security Lapses Continue

Another concerning result of the report is that too many companies feel too confident about their identity security. While 81% said to have sufficient defences against identity-related attacks, 83% experienced successful ransomware incidents in the past year. This discrepancy is largely due to lack of budget and resources to properly protect identity systems like AD, a part of core infrastructure.

Semperis noted that without proper funding for identity threat detection and response (ITDR), many organisations are leaving themselves open to attacks. Around 40% of companies either lacked the resources or were unsure about their ability to secure these systems. 


Takeaway

SEMPERIS 2024 RANSOMWARE HOLIDAY RISK REPORT states that businesses must immediately address the vulnerability of weekends. Strengthening cybersecurity measures over holidays, investing in such robust identity protection, and maintaining consistent monitoring can help mitigate such growing risks for organisations. Cybercrime has become so dynamic, and hence organisations must adapt constantly to stay one step ahead.



Read more »
VoIP number
Business Cyber Security Security Subscription VoIP number

Fixed VoIP Numbers: Major Benefits and Disadvantages for Businesses

 





One other consideration a business would use to evaluate communications solutions would be the choice between a fixed VoIP number and non-fixed VoIP number. The former costs more money and is associated with complexities in the setting up process. It still possesses some benefits that an organisation needs to operate, however.

Advantages of Fixed VoIP Number


1. Trustworthiness

Tied to a physical address, the fixed VoIP number adds more credence to the business. As compared to the non-fixed VoIP numbers mainly targeted by scammers, fixed numbers are useful in the promotion of greater customer checks on the authenticity of the company, especially for those firms handling regulated sectors like finance, wherein building trust with customers can be very hard.


2. Security 

Fixed VoIP numbers guarantee security because they connect directly to a registered address. Non-fixed numbers are accessed from any internet connection; therefore, the chance of being misused rises. When dealing with sensitive information companies, the fixed VoIP number extra layer security is an added guarantee against such attacks as data breaches.


3. Easier Compliance with Regulations

As in other heavily regulated industries, including finance and healthcare, emergency response also relies on location data accuracy. Fixed VoIP numbers help businesses easily comply with all the requirements, making the cost of compliance low and administrative burdens low.


4. Business Professional Image

With a fixed VoIP number, it is easier to present a stable and established impression. A fixed number helps companies look less like a temporary operation. This can be particularly important for small businesses looking to establish authority and trust in their market.


5. Greater Control for Administrators

Fixed VoIP numbers can guarantee better control over caller IDs and databases over caller names to enable businesses to ensure that their identity is consistent on all calls. The need for maintaining a professional brand image and having precise control over how the business presents itself to clients and partners is very important.


6. Support for Emergency Services

Exact location is a must-have in emergencies. Fixed VoIP numbers provide accurate location information, and this makes it possible to have a quicker response time in cases of crises. This is missing for non-fixed numbers; therefore, fixed VoIP is very useful for industries whose data on location can be termed as a matter of life or death.


Drawbacks of Fixed VoIP Numbers


1. More Costly

Fixed VoIP numbers also require relatively high setup and subscription fees in addition to the expense of address verification for higher-security access. For companies catering to overseas clients, fixed VoIP numbers frequently translate to costlier long-distance calls-however, non-fixed numbers represent a saving grace.


2. Complex Porting Procedure

The transfer of a fixed VoIP number from one place to another can be quite hectic, especially for growing businesses and those changing locations. This is because the porting process is very slow, leaving behind the inflexibility required by the businesses in such cases.


3. Slower Setup

It takes more time to set up a fixed VoIP number as against the prompt setting up for non-fixed numbers. Verification of the physical address and more regulatory compliance requirements extend the time taken to set up, making it inconvenient for businesses that need to access immediately.


4. Geographic Limitations

The fixed VoIP numbers are directly associated with a specific location, hence quite limiting to access the business market. Some clients might be sceptical about communicating with a company that they view as "not local," which may hinder outreach and expansion in areas beyond the business's core location.


Selection Between Fixed and Non-Fixed VoIP Numbers


Depending on the priorities of the business, a fixed VoIP number can be selected. Organisations that require greater security, credibility, and adherence to regulations can invest in fixed VoIP numbers. When cost efficiency and flexibility top the list, then non-fixed numbers are a better option for them.


Read more »
Security
AI Business Cyber Security India Mallox RansomHub Ransomware Security

India Faces Rising Ransomware Threat Amid Digital Growth

 


India, with rapid digital growth and reliance on technology, is in the hit list of cybercriminals. As one of the world's biggest economies, the country poses a distinct digital threat that cyber-crooks might exploit due to security holes in businesses, institutions, and personal users.

India recently saw a 51 percent surge in ransomware attacks in 2023 according to the Indian Computer Emergency Response Team, or CERT-In. Small and medium-sized businesses have been an especially vulnerable target, with more than 300 small banks being forced to close briefly in July after falling prey to a ransomware attack. For millions of Indians using digital banking for daily purchases and payments, such glitches underscore the need for further improvement in cybersecurity measures. A report from Kaspersky shows that 53% of SMBs operating in India have experienced the incidents of ransomware up till now this year, with more than 559 million cases being reported over just two months, starting from April and May this year.

Cyber Thugs are not only locking computers in businesses but extending attacks to individuals, even if it is personal electronic gadgets, stealing sensitive and highly confidential information. A well-organised group of attacks in the wave includes Mallox, RansomHub, LockBit, Kill Security, and ARCrypter. Such entities take advantage of Indian infrastructure weaknesses and focus on ransomware-as-a-service platforms that support Microsoft SQL databases. Recovery costs for affected organisations usually exceeded ₹11 crore and averaged ₹40 crore per incident in India, according to estimates for 2023. The financial sector, in particular the National Payment Corporation of India (NPCI), has been attacked very dearly, and it is crystal clear that there is an imperative need to strengthen the digital financial framework of India.

Cyber Defence Through AI

Indian organisations are now employing AI to fortify their digital defence. AI-based tools process enormous data in real time and report anomalies much more speedily than any manual system. From financial to healthcare sectors, high-security risks make AI become more integral in cybersecurity strategies in the sector. Lenovo's recent AI-enabled security initiatives exemplify how the technology has become mainstream with 71% of retailers in India adopting or planning to adopt AI-powered security.

As India pushes forward on its digital agenda, the threat of ransomware cannot be taken lightly. It will require intimate collaboration between government and private entities, investment in education in AI and cybersecurity, as well as creating safer environments for digital existence. For this, the government Cyber Commando initiative promises forward movement, but collective endeavours will be crucial to safeguarding India's burgeoning digital economy.


Read more »
Privacy
Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions


In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities. 



Read more »
Technology
AI Business Data Privacy Tech Technology

From Hype to Reality: Understanding Abandoned AI Initiatives

From Hype to Reality: Understanding Abandoned AI Initiatives

A survey discovered that nearly half of all new commercial artificial intelligence projects are abandoned in the middle.

Navigating the AI Implementation Maze

A recent study by the multinational law firm DLA Piper, which surveyed 600 top executives and decision-makers worldwide, sheds light on the considerable hurdles businesses confront when incorporating AI technologies. 

Despite AI's exciting potential to transform different industries, the path to successful deployment is plagued with challenges. This essay looks into these problems and offers expert advice for navigating the complex terrain of AI integration.

Why Half of Business AI Projects Get Abandoned

According to the report, while more than 40% of enterprises fear that their basic business models will become obsolete unless they incorporate AI technologies, over half (48%) of companies that have started AI projects have had to suspend or roll them back. Worries about data privacy (48%), challenges with data ownership and insufficient legislative frameworks (37%), customer apprehensions (35%), the emergence of new technologies (33%), and staff worries (29%).

The Hype vs. Reality

1. Unrealistic Expectations

When organizations embark on an AI journey, they often expect immediate miracles. The hype surrounding AI can lead to inflated expectations, especially when executives envision seamless automation and instant ROI. However, building robust AI systems takes time, data, and iterative development. Unrealistic expectations can lead to disappointment and project abandonment.

2. Data Challenges

AI algorithms thrive on data, but data quality and availability remain significant hurdles. Many businesses struggle with fragmented, messy data spread across various silos. With clean, labeled data, AI models can continue. Additionally, privacy concerns and compliance issues further complicate data acquisition and usage.

The Implementation Pitfalls

1. Lack of Clear Strategy

AI projects often lack a well-defined strategy. Organizations dive into AI without understanding how it aligns with their overall business goals. A clear roadmap, including pilot projects, resource allocation, and risk assessment, is crucial.

2. Talent Shortage

Skilled AI professionals are in high demand, but the supply remains limited. Organizations struggle to find data scientists, machine learning engineers, and AI architects. Without the right talent, projects stall or fail.

3. Change Management

Implementing AI requires organizational change. Employees must adapt to new workflows, tools, and mindsets. Resistance to change can derail projects, leading to abandonment.

Read more »
Wipro Ltd
Business CISO Cyber Security Generative AI Wipro Ltd

Why Every Business is Scrambling to Hire Cybersecurity Experts


 

The cybersecurity arena is developing at a breakneck pace, creating a significant talent shortage across the industry. This challenge was highlighted by Saugat Sindhu, Senior Partner and Global Head of Advisory Services at Wipro Ltd. He emphasised the pressing need for skilled cybersecurity professionals, noting that the rapid advancements in technology make it difficult for the industry to keep up.


Cybersecurity: A Business Enabler

Over the past decade, cybersecurity has transformed from a corporate function to a crucial business enabler. Sindhu pointed out that cybersecurity is now essential for all companies, not just as a compliance measure but as a strategic asset. Businesses, clients, and industries understand that neglecting cybersecurity can give competitors an advantage, making robust cybersecurity practices indispensable.

The role of the Chief Information Security Officer (CISO) has also evolved. Today, CISOs are responsible for ensuring that businesses have the necessary tools and technologies to grow securely. This includes minimising outages and reputational damage from cyber incidents. According to Sindhu, modern CISOs are more about enabling business operations rather than restricting them.

Generative AI is one of the latest disruptors in the cybersecurity field, much like the cloud was a decade ago. Sindhu explained that different sectors face varying levels of risk with AI adoption. For instance, healthcare, manufacturing, and financial services are particularly vulnerable to attacks like data poisoning, model inversions, and supply chain vulnerabilities. Ensuring the security of AI models is crucial, as vulnerabilities can lead to severe backdoor attacks.

At Wipro, cybersecurity is a top priority, involving multiple departments including the audit office, risk office, core security office, and IT office. Sindhu stated that cybersecurity considerations are now integrated into the onset of any technology transformation project, rather than being an afterthought. This proactive approach ensures that adequate controls are in place from the beginning.

Wipro is heavily investing in cybersecurity training for its employees and practitioners. The company collaborates with major universities in India to support training courses, making it easier to attract new talent. Sindhu emphasised the importance of continuous education and certification to keep up with the fast-paced changes in the field.

Wipro's commitment to cybersecurity is evident in its robust infrastructure. The company boasts over 9,000 cybersecurity specialists and operates 12 global cyber defence centres across more than 60 countries. This extensive network underscores Wipro's dedication to maintaining high security standards and addressing cyber risks proactively.

The rapid evolution of cybersecurity presents pivotal challenges, but also underscores the importance of viewing it as a business enabler. With the right training, proactive measures, and integrated approaches, companies like Wipro are striving to stay ahead of threats and ensure robust protection for their clients. As the demand for cybersecurity talent continues to grow, ongoing education and collaboration will be key to bridging the skills gap.



Read more »
Targeted cyber attacks
Business Data Breach Digital Asset Digital era Digital Security Sensitive Information Targeted cyber attacks

Kraft Heinz Investigates Cybersecurity Threat

Big businesses are not immune to the risks of hacking in this age of ubiquitous cyber threats. Kraft Heinz is a multinational powerhouse in the food and beverage industry and the most recent organization to find itself targeted by cybercriminals. The company's systems may have been the target of a cyberattack, according to recent claims, which prompted Kraft Heinz to investigate further.

According to sources, the company is diligently looking into the alleged breach while assuring stakeholders that its systems are currently operating normally. The incident raises concerns about the vulnerability of critical infrastructure, especially in industries where information security is paramount.

The announcement serves as a reminder that, regardless of an organization's size or industry, cybersecurity is an ongoing concern. Companies need to be on the lookout for new threats all the time to protect their digital assets.

Kraft Heinz has not divulged specific details about the nature of the alleged cyberattack, but the incident underscores the importance of proactive cybersecurity measures. As businesses increasingly rely on digital infrastructure, the need for robust defense mechanisms against cyber threats becomes imperative.

Experts in the field have commented on the importance of cybersecurity in the connected world of today following the inquiry. Cybersecurity analyst John Doe highlighted, "The Kraft Heinz incident underscores the evolving tactics of cybercriminals. It's a stark reminder that no company can afford to be complacent when it comes to protecting sensitive data."

Kraft Heinz's cybersecurity team is actively collaborating with external experts to evaluate the potential breach's scope and enhance defensive measures against future cyber threats. This episode underscores the imperative for a comprehensive cybersecurity strategy, integrating advanced technologies and employee training to mitigate the inherent risks.

As the investigation unfolds, Kraft Heinz's proactive approach aligns with the broader trend of companies acknowledging the gravity of cybersecurity threats and promptly addressing them. In the ever-changing digital landscape, organizations must sustain agility and resilience to effectively navigate emerging cyber threats.

The purported intrusion on Kraft Heinz is a clear warning of the ongoing and dynamic nature of cyberthreats. The event emphasizes the value of strong cybersecurity defenses and prompt action to protect sensitive data. A thorough and flexible cybersecurity plan is essential for businesses navigating the intricacies of the digital era in order to protect vital infrastructure.

Read more »
Privacy
Android Artifical Inteligence Business CSE Gmail Google Google Workspace HTML iOS Mobile Privacy

Mobile Privacy Milestone: Gmail Introduces Client-Side Encryption for Android and iOS

 


Encryption is one of the most important mechanisms for protecting data exchanged between individuals, especially when the information exchange occurs over e-mail and is quite sensitive. As a result, it can be complicated for users to be able to achieve this when they use public resources such as the internet. 

Now that Gmail has added client-side encryption to its mobile platform, users may feel safer when sending emails with Gmail on their mobile devices. Earlier this year, Google announced that it would be supporting Android and iOS mobile devices with client-side encryption in Gmail too. 

Using Google's client-side encryption (CSE) feature, which gives users more control over encryption keys and data access, Gmail can now be used on Android and iOS devices, as well as web browsers. In the past few months, Gmail's web version has been upgraded to support client-side encryption. This app lets users read and write encrypted emails directly from their smartphones and tablets. 

In addition to the Education Plus and Enterprise Plus editions of Google Workspace, the Education Standard edition also offers the feature. Workspace editions that don't support client-side encryption, such as Essentials, Business Starter, Business Standard Plus, Business Pro Plus, etc., do not support client-side encryption. 

Furthermore, users who have personal Google accounts are not able to access it. For those using email via desktop through Gmail, client-side encryption will be available at the end of 2022 on a trial basis. Workspace users with a subscription to Enterprise Plus, Education Plus, or Education Standard were the only ones able to take advantage of this feature at that time. 

Client-side encryption also prevented certain features from working, including the multi-send mode, signatures, and Smart Compose, which all functioned properly when using client-side encryption. A more robust version of the feature has been added to the Google Play Store since then. 

The company added the capability to allow users to see contacts even if they are unable to exchange encrypted emails so that they can keep in touch. There is also a security alert that appears in Google Mail when users receive attachments that are suspicious or that cannot be opened because of security concerns. 

While client-side encryption will now be available under the Enterprise Plus, Education Plus, and Education Standard Workspace accounts shortly, it has remained relatively exclusive. This type of Workspace account will also be the only kind of account that will be able to take advantage of the mobile rollout of client-side encryption. 

By using the S/MIME protocol, Google said that it will allow its users to encrypt and digitally sign their emails before sending them to Google servers so that they adhere to compliance and regulatory requirements. This feature lets users access and work with your most sensitive data from anywhere with their mobile devices. 

The blue lock icon present in the subject field of Gmail for Android or iOS users allows them to enable client-side encryption while they are writing a Gmail email for Android or iOS devices. Administrators will, however, have to enable access to the feature through their CSE administration interface, as it is disabled by default. 

During the past week, the search giant celebrated its 25th anniversary by letting teens (age 13 and above) try out its generative search service. The company also announced a new tool called Google-Extended that would enable website administrators to control how Google's Bard AI can be trained on their content. It allows website administrators to control whether or not Google can access their content. 

In addition to pulling the plug on Gmail's basic HTML version, which used to support legacy browsers and users with slow connections and could be used to support legacy browsers, Google will also drop the automatic loading of Gmail's Basic view, instead loading the Standard view by default early next year. Customers who are using Google Workspace Enterprise Plus, Education Plus, and Education Standard will be able to take advantage of this feature. 
Read more »
Subscribe to: Posts (Atom)