The state of ransomware: Faster, smarter, and meaner
CSO: Despite a decline in ransom payment rates, the ransomware business reached a record high in 2023, with payments totaling $1.1 billion—double the amount in 2022. The increase is attributed to more attacks, a higher volume of attacks, and the emergence of new, independent groups, partly fueled by the proliferation of business activities online and law enforcement limitations in certain countries. Interestingly, individual ransom payments have increased with three-quarters exceeding $1 million. However, a positive trend emerged as only 29% of victims chose to pay ransoms in Q4 2023, opting instead to restore from backups, a significant decrease from the 85% in 2019. Phishing continues to be the predominant method for initial ransomware access, despite ongoing security awareness training. The emergence of AI-powered social engineering attacks has led to a decline in the effectiveness of traditional training programs, making phishing attempts harder to identify. The industry response includes implementing stricter controls to prevent email breaches and minimize their impact, recognizing the evolving threat landscape and the critical need for adaptive security measures.
AI is changing cybersecurity and businesses must wake up to the threat
ZDNet: Corporate boards urgently need to prioritize cybersecurity as part of their growth strategy, given the increasing use of artificial intelligence by cyber attackers. During a panel discussion at a cyber congress in Singapore, it was emphasized that digital security is crucial for business growth. The intersection of physical conflicts, such as those in Ukraine and Gaza, with the digital realm has heightened online threats. The importance of understanding these threats and their implications on business risk was noted. Despite growing awareness, there’s still a disconnect between boardrooms and operational teams, often becoming more proactive about cyber risks only after experiencing a breach. Utilizing threat intelligence from security vendors can help inform and unify boardroom strategies against cyber threats.
House-passed data privacy bill doesn’t thrill privacy groups
CyberScoop: The U.S. House of Representatives has unanimously passed a bill to restrict the sale of Americans’ data to adversarial nations, marking a significant move against data brokers. Despite this step, privacy advocates argue the bill doesn’t fully address the broader issues posed by the data broker industry. The legislation follows an executive order limiting sensitive data sales to certain countries and discussions around TikTok’s ownership. Critics assert that comprehensive privacy legislation is needed to more effectively protect Americans’ data by reducing the amount of data available online, rather than focusing on specific types of data transactions. The bill’s future in the Senate remains uncertain but its passage in the House represents a growing effort to regulate the misuse of data by brokers.
Recent research found that over 43% of enterprises failed a compliance audit in the past twelve months – highlighting a very clear correlation between compliance and data security. (source)
Since the inception of the FBI’s Internet Crime Complaint Center (IC3) in 2000, the total number of complaints received is over 8 million. (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.