Security News

As artificial intelligence amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. "The digital world is expanding rapidly, and with it, the human element of cybersecurity becomes ever more important as it evolves as a primary target for cyber threats globally," says Lance Spitzner, SANS Security Awareness Director.

Insurers, just like health systems themselves, need the full context of clinical operations to see the true impact. Better informed health systems with strong cybersecurity governance will pose a lower risk to insurers, creating greater opportunity for a more sustainable insurance market.

Healthcare, manufacturing, and utilities are suffering long-term financial impact of major cyber attacks, according to ThreatConnect. "With the National Cyber Strategy coming out of the White House focusing on decreasing cyber risk from critical infrastructure and the new SEC Cyber Proposals, organizations across industries are now being tasked with reporting on cyber risk," said Jerry Caponera, GM of Risk Quantification, ThreatConnect.

In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. One of the most effective ways for CISOs and CIOs to make the best use of their limited resources to protect their organizations is by conducting a cyber risk assessment.

Trend Micro's overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors. The top three MITRE ATT&CK techniques show us that threat actors are gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilize valid accounts.

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. Over 93% of cybersecurity experts and 86% of business leaders believe "a far-reaching, catastrophic cyber event is likely in the next two years" and there is a critical skills gap that is threatening societies and key infrastructure.

"Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up a cyber defense against less easily exploitable but equally damaging threats." BlueVoyant analyzed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe.

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. The news is troubling, especially as email remains the most common vector for security compromises across all industries, observed Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a statement.

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can't keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today's rapidly shifting threat landscape.

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated. There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.