Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Company Safety. Show all posts

Why Can’t Company Giants Escape Cybersecurity Breaches?


Security breaches have constantly been on a rise in recent times. Just last month, in the course of a week, Uber took its internal communications and engineering systems offline after a network compromise but reported Q2 revenue of $2.7 billion. 

In the course of one week, a hacker obtained access to the personal information of American Airlines customers, even video game studio Rockstar Games was compromised when a bad actor stole in-development footage and data from the yet-to-be-released next installment of its billion-dollar Grand Theft Auto game. 

According to surveys conducted regarding cyber adversary detection, it has been revealed that cyber activities remain undetected for an average of 201 days, i.e. approximately six months. It is apparently a very short period of time for some company giants worldwide, in order to assume that they are protected from cyber threat actors. 

While attacks are becoming more frequent and expensive, the VC industry distributed a staggering $17.1 billion to support the development and complexity of recent cybersecurity companies as well as fund new disruptors. With an average cost of roughly $9.5 million per incident, the United States has held the record for the highest data breach cost for the past twelve years. 

However, despite all the efforts and money put into cybersecurity, there has not been a significant advancement in the field. Why can not these industry giants, who have the resources, access, and expertise to build world-class cybersecurity systems, prevent big breaches, and limit the scope of damage to their goods, services, and consumers? The conclusion is simple when you realize it. It is because they are not actively looking for the adversary intentionally and consistently. 

How Did it Get to This Point? 

The cybersecurity situation is poor, and a number of causes might be linked to its current state of frequent compromise and uncertainty. 

One of the factors is threats, which are continuously evolving. Every-time cybersecurity teams come forward with a solution for one threat, a dozen or more tend to follow. Consequently, before any defense could even be found and system flaws are patched, threat actors work up on scanning and developing further attacks. As soon as a solution is implemented, it no longer is relevant. 

Additionally, the cyber defense structures have grown more complicated and received more funding, which has resulted in a lack of accountability to monitor their efficiency. 

The aforementioned factors have consequently produced a false sense of security since one must note that investing a large amount in cybersecurity does not equal legitimate protection. Instead, cybersecurity vendors merely supply without dynamic monitoring and leave behind incremental security that could be more scalable. 

What is The Solution? 

It is being advised that much emphasis must be placed on developing or implementing capabilities that challenge the existing cybersecurity complacency. Do not assume that all adversaries are out of the network since there are chances that these threat actors are lurking in the network in real time. 

In order to establish a sense of certainty surrounding cyberattacks by implementing a factual, internal network-focused process of the continuous compromise assessment. 

One must also keep in mind that there is no one solution that would aid in mitigating attacks. But a constant compromise assessment would ease the decision-making process for companies and eventually impact the dynamics of its cybersecurity ecosystem.   

In reality, the adversaries would not banish from a company’s system. One can only take cautionary measures by effectively monitoring and responding to an organization’s cyber threats. One such measure for a successful cybersecurity plan starts with maintaining consistent visibility into the nature of compromises.  

Cybersecurity Resilience Now a Top Priority, as Companies Say Security Incidents Impacted Business Operations


The study done by Cisco included recognizing top seven success factors responsible for the security resilience of a particular firm. These factors were classified on the basis of culture and environment and solution-based business security. The study was based on a survey accomplished with the co-operation of more than 4,700 participants, responding from 26 countries. 

Resilience has emerged as an apex priority to companies, since at least 62 percent of the organizations surveyed reported having encountered a security event that negatively impacted business in the last two years. The most prominent types of security incidents include network or data breaches, network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent). 

The instances consequently resulted in severe repercussions that were significant for both the company involved and the ecosystem of businesses they interact with. The impacts significantly involved IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent). 

With such high stakes, 96 percent of the executives involved in the report’s survey, unsurprisingly mentioned that security resilience is a priority to them. The study as well emphasized the key objectives of security resilience for security specialists and their teams, that is to evade any security incident, and mitigate losses when it takes place. 

The Seven Success Factors of Security Resilience 

The Cisco report this year additionally established a methodology in order to generate a security resilience score for the surveyed firms, identifying the seven success factors. Organizations with these factors were apparently amongst the top 90th percentile of the robust businesses. While organizations that did not comprise the same were in the bottom 10th percentile of the performers. 

The study's findings supported the fact that security is in fact a human activity because leadership, corporate culture, and resource availability have a significant influence on resilience: 

• Organizations reporting insignificant security support from the C-suite scored 39 percent lower than the ones with stronger executive support 

• Organizations supporting a significantly better security culture scored 46 percent higher on the average than the one that did not. 

• Businesses that keep additional internal employees and resources in hand to respond to incidents saw a 15% increase in resilient results. 

Additionally, businesses as well needed to pay attention to minimizing the complexities faced while transitioning from an on-premises to a fully cloud-based environment. 

Eventually, the implementation and maturity of these advanced solutions offer significant impacts over the resilient outcomes: 

• Organizations reporting implementation of a mature zero trust model saw a 30 percent increase in resilience scores, compared to those that did not. 

• Enhanced extended detection and response capabilities have resulted in a remarkable 45 percent increase for organizations that reported witnessing no detection and response solution. 

• Converting networking and security to a mature, cloud-delivered secure access services eventually led to a 27 percent increase in security resilience scores.  

UK Councils and Hospitals Have Weak Cyber Security, Prone to Cyber Attacks

Weak Cybersecurity Spending

A cybersecurity investigation at UK public services disclosed huge inconsistencies in defense expenditure, hundreds of flaws in websites, and staff e-mail IDs and passwords. All these have been found at one council, and the full details have been posted online. 

The ITV News investigation revealed that a UK council spent a mere amount of €32,000 yearly on its cybersecurity budget. When compared to another council, a relatively smaller one- it had an annual cybersecurity budget of €1m, 30 times more. 

What are the findings

The investigation also disclosed that a hospital had just €10,000 per year for cybersecurity. The investigation hasn't disclosed the names of the public institutions. 

“Realistic funding, along with the right strategies, is vital to safeguard employees and members of the public. Public sector organizations must take steps to not only raise awareness of new and emerging cyber threats but also provide effective security training and support." 

By equipping and empowering employees with the knowledge and know-how to spot and avoid attacks, the UK’s local authorities will be able to remain one step ahead. This isn’t just about technical defenses; it’s about supporting people in their day-to-day lives," said Oz Alashe, CEO and founder CybSafe. 

 According to ITV News, the problems that cyber-attacks have caused are: 

  • Overpriced tax bills 
  • Hospital operations canceled 
  • Incorrect benefit payments 
  • People were forced to vacate their residence 
  • House sales falling 
  • Can't apply for council housing 
  • Private data leaked online 
  • Council houses repair is not done 

The investigation mentioned that experts informed ITV News of their concerns about the lack of understanding and standards for public services related to cybersecurity. In 2021, Gloucester City Council's servers were attacked by Russian threat actors. 

In June, the IT systems of the city council weren't functioning. The authorities had kept €380,000 for fixing and recovering from the incident. In October 2021, the UK council was attacked, leading to 33,645 data breach attacks that happened due to human error in the last five years, the officials say. 

According to InfoSecurity "the data, obtained following a Freedom of Information (FoI) request sent by VPNOverview to 103 county councils in the UK, broke down the number of breaches suffered by each body. The local authority with the worst record for human-caused data breaches was Hampshire County Council, with 3759 incidents since 2016. This included 902 breaches in the year 2018/19. Gloucestershire County Council had the next worst record, suffering 2723 breaches in this period. It also experienced the largest increase from 2016/17 (90) to 2020/21 (1004) of any UK council, a rise of 1016%."