In late August, the UK government introduced new cybersecurity rules aimed at protecting telecommunication networks against cyber attacks. The rules, which allow the government to boost the security standards of the UK’s mobile and broadband networks, come at a time when attacks on critical infrastructure are becoming more frequent and more dangerous.

Earlier this year, for example, Costa Rica was thrown into crisis after a ransomware attack affected 30 government institutions, including critical ministries and its social security fund. The group behind the attack, known as Conti, threatened to overthrow the government unless the US$10 million ransom was paid. With the help of international partners -- including the United States, Israel, Spain, and Microsoft -- it was able to get all its systems back online, but it took weeks. Montenegro, meanwhile, also saw critical digital infrastructure crippled following a cyber attack blamed on state-sponsored actors. The attack effectively sent some government departments back to the analogue era and was still being wrestled with more than three weeks after it was first detected.    

Major cyberattacks invariably make the headlines, but it seems that rather than take a proactive approach, many CISOs wait for a new threat to emerge before protecting their business. They simply hope they won't be caught up in the first wave of a new attack.

Dave Mitchell, CTO of cybersecurity investigation specialist HYAS Infosec, believes there is a better approach, one that detects threats by monitoring the communications that form the foundations of internet architecture. We recently talked to him to learn more.

What is the true cost of creating a robust cybersecurity defense for your organization? As cyberattacks accelerate around the world, organizations will continue to spend more money on security tools and services to shore up defenses. According to Cybersecurity Ventures, global cybersecurity spending overall will exceed $1.75 trillion from 2021-2025, anticipating a 15 percent year-over-year growth.

With the steady increase of budgets and IT spend, there is no denying the importance of investing in the people who run security operations. Enterprises often have an eclectic group of different vendor solutions added over time, sometimes with overlapping functionality and often with time-consuming onboarding and training requirements. Each cybersecurity product brings its own console, segmenting visibility, and threat correlation. The result is dangerous blind spots that leave enterprises vulnerable to damaging exploits. With the interminable shortage of qualified cybersecurity professionals, we need to investigate ways to more efficiently leverage the talent that we already have. The vast workload is burning them out. At best, this leads to a loss of productivity. At worst, they leave for greener pastures, which translates into turnover costs.

Despite increased spending on cybersecurity, a new report reveals that 90 percent of organizations were affected by ransomware in some way over the past 12 months, up from last year's 72.5 percent.

The study from SpyCloud shows that security efforts are being stepped up, the number of organizations that have implemented or plan to implement multi-factor authentication jumped 71 percent, from 56 percent the previous year to 96 percent. Monitoring for compromised employee credentials also increased from 44 percent to 73 percent.

Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.

The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".

The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.

A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.

According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.

Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).

Technology has evolved quickly in the past few decades and its growth has shown no signs of slowing down anytime soon.

Some trends come and go, but others stay as a way to solve catastrophic issues. These five areas of tech have been the most successful in 2022 and will be a mainstay for decades to come.

New research from Sevco Security shows that more than 10 percent of enterprise IT assets are missing endpoint protection, and that roughly five percent are not covered by enterprise patch management solutions.

Nearly 20 percent of Windows servers lack endpoint protection, far more than Windows clients and MacOS assets, which are just over 10 percent.

A new survey of over 500 IT decision makers at small and medium businesses, from threat detection and response specialist Vade, shows 69 percent say a serious breach had bypassed their current email security solution.

It's perhaps not surprising then that SMBs are increasingly likely to turn to managed service providers, with 96 percent of organizations either currently outsourcing at least some of their needs to MSPs or planning to do so in the future.

Some form of cybersecurity awareness training has been implemented in 97 percent of enterprises this year, according to a new survey of 1,900 security professionals from ThriveDX.

However, only 42 percent report involving their employees in security detection with the use of such measures as a Phishing Incident Button, while 65 percent agree that their training program needs expansion.

A new survey of over 300 UK security professionals shows 32 percent of respondents say they are kept awake by job stress, 25 percent by lack of opportunity, but only 22 percent by their organization suffering a cyberattack.

The study from The Chartered Institute of Information Security (CIISec) says organizations have been slow to adopt industry standards. Almost half (49 percent) don't follow the UK Government's Cyber Essentials practices, which provide basic best practice; and just 20 percent have formally adopted the NCSC's 'Ten steps to cyber security' guidance.

The world is becoming more connected via the use of cloud computing services and Internet of Things (IoT) devices. Over the last decade, we have watched cybercrimes skyrocket before our very eyes. Corporations today cannot afford to rely on basic firewalls and antivirus software to ensure data is protected. It is essential to create a more powerful cybersecurity ecosystem.

How big is the threat against data? First, take a look at how much data we are talking about here. By the year 2025, we can expect there to be 175 zettabytes of data across the internet and networked computer systems. Think streaming video, dating apps, your private healthcare information, banking data, social media posts, and messages. The list can go on.

Data breaches, cyberattacks and security concerns are growing exponentially in the digital climate, as new development practices, extra languages, and structural frameworks appear -- compounded by geopolitical tensions giving rise to state sponsored attacks. In 2022 to date, 39 percent of UK businesses have already experienced the disruption and costly consequences of cyberattacks. Some of the largest enterprises, such as Microsoft, T-Mobile, and Vodafone, have experienced attacks by highly organized groups, such as Lapsus$.

With the scale, type of attacks and target industries constantly evolving, the healthcare sector has joined financial services and the public sector in becoming a lucrative target. Healthcare data breaches reached an all-time high in 2021, impacting 45 million people -- personal health information (PHI) became worth more than credit card information on the dark web. Attack approaches are constantly evolving, with hackers searching for any weak links in growing infrastructure.

Supply chain attacks have been on the threat radar of many organizations and their security teams for several years. However, since the infamous SolarWinds attack in 2020 -- which led to widespread and damaging compromises of data, networks and systems -- the supply chain attack vector has taken on a new level of focus. Indeed, supply chain attacks, which have become an effective way for hackers to gain access to IT networks at scale, and as such, are among the most worrying cybersecurity risks currently facing organizations today.

Supply chain risks come in many forms -- from complex to relatively simplistic. The UK government’s Cyber Security Breaches Survey, which explores organizations’ policies, processes, and approaches to cybersecurity and is used to inform government cybersecurity policy, looked at this in its latest report. The 2022 survey reveals that just 13 percent of businesses review the risks posed by their immediate suppliers, with that number dropping to 7 percent for their wider supply chain. Possibly even more concerning, many organizations commonly perceive 'big tech' companies to be "invulnerable to cyber attacks".