Security News
More organizations hit by ransomware gangs are starting to realize that it doesn't pay to pay up: "In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%," ransomware incident response firm Coveware has found. "LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site," the company said, noting that "Future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term."
Enforcing a password policy that helps end-users create stronger passwords and blocks the use of weak and common phrases will make it more difficult for hackers. Specops data shows that 83% of compromised passwords satisfied both length and complexity requirements of regulatory password standards.
60% of Australian small businesses don't survive a cyber breach. A recent report by ASIC found that "Medium and large" organisations consistently reported more mature cyber security capabilities than small organisations, which lagged behind in most critical areas: supply chain risk management, data security and consequence management.
"Malware free" attacks, attackers' increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to SMBs and managed service providers. Attackers deployed malware in 44% of cases, but the remaining 56% of incidents included use of "Living off the land" binaries, scripting frameworks and remote monitoring and management software.
Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions. Devolutions CEO David Hervieux states, "The results from our survey dovetail nicely with October's National Cybersecurity Awareness Month - as one of our primary goals with this report is to expand awareness of the vulnerabilities that many SMBs face. It's not just about presenting stats but about truly educating the industry on the various pitfalls - and how SMBs can use the survey findings to identify gaps, develop strategies, and make informed decisions regarding their cybersecurity posture."
Globally, 48% of SMBs have experienced a cybersecurity incident in the past year, while 26% of US SMBs have experienced more than one type of cyber breach. 75% of US SMBs say cyber threats are a major concern and 59% expect to increase their investment in cybersecurity in the coming year.
In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization's operations and long-term success. To minimize the danger of phishing, how can businesses create a culture of skepticism and caution among their employees? If they implement simulated phishing campaigns, how can they avoid eroding employee trust in the company? How can businesses make training programs more effective?
Small and medium-sized businesses are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report has revealed; here are some cybersecurity controls they should prioritize. SMBs often underestimate their appeal as a potential target.
A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. The biggest cybersecurity threat to SMBs is the use of exploits by attackers; there were 483,980 detections in the five first months of 2023.
By analyzing a year's worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three main trends of attacks targeting SMBs in the space of a year. SMBs often lack adequate cybersecurity measures, making them vulnerable to all kinds of cyber threats.