Security News

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic. While COVID-19 caught many businesses off guard, smart executives are already thinking about the next global crisis and what challenges it might present for IT security.

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. Many scammers have rolled out campaigns offering COVID-19 vaccines, free medical tests and testing kits, tax rebates for donation to pandemic relief funds, information on COVID-19 cases, and new job opportunities due to the economic downturn.

The pandemic's unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry's cybersecurity defenses. Woods, who has worked for the past 10 years with small hospitals, healthcare focused nonprofits and government entities, added, "If technology goes offline, doctors and nurse practitioners can no longer give the quality of care that they were able to, or to as many people. Right now, with COVID-19, there's a dramatic rise in the attack surface and the number and types of systems that are being used," he said.

Texts were received by unsuspecting members of the public between 29 February and 30 April, said the UK Information Commissioner's Office. The texts promoted Zoono-branded hand cleaning products that purported to be "Effective against coronavirus," said the ICO. Reg readers will remember that silly members of the public bulk-bought certain products, including toilet paper and hand sanitisers as the spread of the potentially deadly virus made its way across Europe.

Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training. "In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."

Today, a stark disconnect exists between the inadequacy of crisis exercising and the desire to build an effective cyber crisis response function, according to an Osterman Research study. "With three quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary."

Cybersecurity professionals know all too well that crises tend to breed new threats to organizational security. Health agencies are being attacked, massive phishing operations are underway, and security flaws in leading communications platforms are coming to light.

Researchers find critical RCE vulnerabilities in industrial VPN solutionsCritical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more. Lack of training, career development, and planning fuel the cybersecurity profession crisisThe cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Bug in widely used bootloader opens Windows, Linux devices to persistent compromiseA vulnerability in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise.

The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Cybersecurity profession crisis. Cybersecurity pros need a globally accepted career development plan.

"Our study reinforces that organizations who act quickly and decisively on their data strategies - or Data Leaders - will recover from the global crisis better and even accelerate their success," said Greg Betz, Senior Vice President, Data Intelligence and Automation, NTT DATA Services. Data crisis: Organizations struggle to use data for transformation.