Security News
The Romanian national cybersecurity agency has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services.
We examine the benefits of adopting a proactive cybersecurity approach, particularly in terms of cost efficiency and crisis management, and explore the impact of offensive security testing on compliance and zero-day response. A zero trust approach to cybersecurity has become the go-to model for many organizations because it embraces a framework that layers nicely across every possible threat vector.
In this Help Net Security video, Yochai Corem, CEO of Cyberint, explores the ransomware environment's development, effects, and emerging patterns throughout the previous year. 2023 marked a historic high for ransomware groups, with a 55.5% increase in attacks, reaching 4,368 victims globally, according to Cyberint.
He discusses ransomware gangs, the role of cyber insurance, and how governments and regulatory bodies are responding to the ransomware threat. In light of the increasing sophistication of ransomware attacks, can you discuss the dynamics of negotiating with ransomware gangs? How do these negotiations typically unfold, and what are the critical business considerations during these interactions?
Why is it that when a company becomes aware of a potential data security incident, the team working on it have an immediate and overwhelming feeling that the company is doomed? And yet, when there's another kind of high-risk event, such as an ethics investigation, it doesn't cause the same apocalyptic feelings? Cybersecurity professionals in legal and IT security departments have key roles in working through a data security incident, but often fail to build up a trusted relationship in advance.
This forms a core part of the upcoming 2023-2030 Cyber Security strategy, and it aims to build six cyber shields in service of citizens, businesses and government at all levels. As well-meaning as this initiative is, there are many implications about the impact the six cyber shields approach will have on Australian businesses.
84% of financial institutions have been exposed to a fourth-party breach - illustrating how a vast web of unseen risks are hiding in plain sight. "If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it's likely that the overall cyber resilience for other financial entities is actually much lower," said Matthew McKenna, Chief Sales Officer, SecurityScorecard.
Chinese law, specifically Article 7 of the National Intelligence Law compels all citizens and organisations to act as covert arms of state security on demand, even if overseas. Chinese owned technology companies can deny this as much as they like, in fact they have to, but the law is clear.
Even if things go well on the technical level, incident response is still a stressful and hectic process across the company; this is the reality of cyber crisis management. I recently managed a cyber incident in a large company where, on a technical level, the handling of the incident was excellent but the cooperation with the management was complex and frustrating, a real Tower of Babel.
We've got one zero-day, but perhaps even bigger than that, we say, "Thanks for the memories, Windows 7 and Windows 8.1, we hardly knew ye." There's one zero-day, which I think is an elevation of privilege, and that applies right from Windows 8.1 all the way to Windows 11 2022H2, the most recent release.