3 Interesting Articles

Why Do Employees Keep Ignoring Workplace Cybersecurity Rules?
Wall Street Journal ($): Despite rigorous cybersecurity training and rules in organizations, a Gartner study revealed that 69% of employees have bypassed security policies within the last year, with 74% willing to do so to achieve business objectives. This violation of guidelines, even in the face of potential penalties and knowledge of cyber risks, might be attributed to “neutralization techniques” – rationalizations that diminish the perceived wrongness of an action. Addressing these rationalizations directly in training has shown promising results, with one experiment indicating higher intended compliance and lower agreement with neutralization techniques. Additionally, messages that specifically undermine these rationalizations have also proven to effectively decrease the likelihood of policy violations, highlighting the necessity for organizations to comprehend and address these instinctive mental defenses against adherence to cybersecurity policies.

Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance
CSO: The ISACA’s “State of Cybersecurity 2023” report illustrates persistent issues in the cybersecurity skills gap despite increased investment in training initiatives worldwide. The emphasis on experience is creating a barrier for entry-level professionals who, despite completing pathway programs and acquiring relevant knowledge, cannot secure employment in the field due to a lack of practical experience. While an aging and understaffed cyber workforce grapples with a global spike in cyberattacks, the under-staffing crisis inhibits the investment of time into essential training and upskilling, perpetuating the skills gap. Although there’s been a small increase in retention, the primary drivers of cybersecurity professionals departing positions include recruitment by other companies and inadequate financial incentives. Furthermore, the report indicates a trend of underreporting cyberattacks, with discrepancies in cybersecurity team confidence and reporting fidelity across different global regions.

FBI: Crippling ‘Dual Ransomware Attacks’ on the Rise
Dark Reading: The FBI has highlighted an alarming rise in “dual ransomware attacks,” wherein a victim experiences two separate attacks within a short interval, typically 10 days or less, often within 48 hours. The modus operandi involves deploying different ransomware variants in each attack, resulting in a complex combination of data encryption, exfiltration, and extortion. This strategy exploits a victim’s vulnerability, as organizations are usually still recovering from the initial attack when the second one hits, magnifying the damage. Additionally, threat actors are increasingly utilizing malware, data theft, and wiper tools to exert further pressure on victims to negotiate. The FBI advises reporting suspicious activities and has issued a series of recommendations, such as maintaining and encrypting offline data backups, scrutinizing third-party security measures, and implementing policies to execute only known programs, to help safeguard against such threats.

2 Stats You Should Know

Despite more than three-quarters of boards having at least one cyber expert among the directors, only three in 10 directors rate their board’s ability to oversee a cyber crisis highly. (source)

560,000 new pieces of malware are detected every day. (source)

1 More Thing

October isn’t just about autumn leaves and spooky stories; it’s also recognized as Cybersecurity Awareness Month. This month, we challenge you to craft a compelling narrative about the consequences of cyber incidents.
We invite you to share a story that spotlights the significant and sometimes unforeseen impacts of cyber threats. From data breaches to ransomware attacks, illustrate the gravity of these events through your stories.
The most captivating story will be showcased in an upcoming newsletter. It’s an opportunity to inform, educate, and highlight the importance of cybersecurity awareness. If you have a story to share or an experience to highlight, please send it to marketing@talpoint.com. Let’s shed light on the chilling effects of cybercrimes together!