Articles about cyberattack

It’s no secret that cybersecurity has a significant skills shortage. According to ISC2 research, the worldwide shortage is as high as 3.4 million cybersecurity workers. As a result, security professionals’ skills are in very high demand, making finding and retaining talent challenging. Swimlane’s own research shows that 82 percent of organizations report it takes three months or longer to fill a cybersecurity role, with 34 percent reporting it takes seven months or more.

The situation isn’t improving either. Some 70 percent of companies also report that it takes longer to fill a cybersecurity role now than it did two years ago. The challenge has led one-third (33 percent) of organizations to believe they will never have a fully-staffed security team with the proper skills, according to Swimlane’s survey

Continue reading →

According to a new survey from Censuswide for Veeam Software, UK business leaders rate ransomware as a more significant threat to their organization (43 percent) than the economic crisis (41 percent), skills shortages (34 percent), political uncertainty (31 percent), and Brexit (30 percent).

The survey 100 directors of UK companies with over 500 employees who had suffered a ransomware attack in the past 18 months finds 61 percent are anxious about the prospect of another attack.

Continue reading →

In 2023, the total average annual cost of an insider risk increased to $16.2 million, a 40 percent increase over a four-year period.

This is among the findings of a new insider risks report from DTEX Systems, based on research from the Ponemon Institute. The study also shows that the average number of days taken to contain an insider incident has increased to 86 days.

Continue reading →

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

Continue reading →

New research shows that only 14 percent of businesses get back 100 percent of their data following a ransomware attack -- even if they agree to the ransom demand.

The study sponsored by Zerto and conducted by Enterprise Strategy Group also reveals that nearly 60 percent of organizations reported an impact to regulated data, such as personally identifiable information, in successful ransomware attacks.

Continue reading →

Emails from supposedly wronged and robbed Nigerian nobility asking for help in exchange for a payout of millions were one of the very earliest email scams.

For a while 'Nigerian prince' emails, also known as '419 scams' in reference to part of the Nigerian Criminal Code relating to fraud, were a regular feature in most people's inboxes.

Continue reading →

A new survey reveals that board members tend to feel good about their company's cybersecurity policy, but that many are still unprepared to face a cyberattack.

The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.

Continue reading →

Of the 90 percent of UK enterprises that have been forced to turn to their backup system, only 27 percent were able to recover all of their information and documents -- down from 45 percent in 2022.

A survey from encrypted drive maker Apricorn finds 32 percent of the security decision makers in large enterprises surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from two percent in 2022.

Continue reading →

The latest global threat analysis report from Radware shows that DDoS attacks are being reshaped in terms of tactics, vector, size, complexity, and hacktivism.

The number of malicious web application transactions skyrocketed by 500 percent compared to the first half of 2022, while the total number of DDoS events decreased by 33 percent. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer.

Continue reading →

Senior security professionals view generative AI as a disruptive cybersecurity threat, with 46 percent of respondents to a new survey believing generative AI will increase their organization's vulnerability to attacks.

The study from Deep Instinct shows the top three generative AI threat issues are seen as growing privacy concerns (39 percent), undetectable phishing attacks (37 percent) and an increase in the volume and velocity of attacks (33 percent).

Continue reading →

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.

Continue reading →

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Continue reading →

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

Continue reading →

Data centers are increasingly faced with more sophisticated attack techniques, putting the information they hold at risk.

Specific vulnerabilities such as misconfigurations may pass under the radar of traditional security scans. We spoke to Daniel dos Santos, head of security research at Forescout, to discuss the potential impact of these vulnerabilities and why data centers need to strengthen their risk management.

Continue reading →

Artificial intelligence (AI) chatbots like ChatGPT have become a tool for cybercriminals to enhance their phishing email attacks. These chatbots use large datasets of natural language and reinforcement learning to create typo-free and grammatically correct emails, giving the appearance of legitimacy to unsuspecting targets. This has raised concerns among cybersecurity leaders, with 72 percent admitting to being worried about AI being used to craft better phishing emails and campaigns.

Chatbots can help cybercriminals scale the production of advanced social engineering attacks, such as CEO fraud or business email compromise (BEC) attacks. Additionally, cybercriminals may use AI-powered chatbots to scrape personal or financial data from social media, create brand impersonation emails and websites, or even generate code for malware such as ransomware. In particular, without AI, creating malware is a specialized task that requires skilled cybercriminals. However, the use of chatbots could make it easier for non-specialists to do this, and we can also expect AI-generated outputs to improve over time.

Continue reading →