The proposed EU certification scheme (EUCS) has taken another step closer to being implemented. The new law aims to ensure cybersecurity for cloud services and guide EU governments and companies in selecting reliable vendors. The EU's focus on cloud services is intended to protect sensitive data that could have significant consequences for public safety, human life, health, and intellectual property if compromised. But there are potential hurdles to overcome. While the EU wants to safeguard data rights and privacy, there are concerns about fragmentation of the single market as individual countries can implement the rules at their discretion. Similarly, these measures face criticism from US tech giants, such as Google, Amazon and Apple, concerned about potential exclusion from the European market.
Recent research shows that 56% of FTSE 100 employees reset their passwords monthly, costing over $1.7 billion annually. The cost of these password resets is estimated to be around $70 per reset, resulting in a total cost exceeding $156 million per month for the FTSE 100 alone. Julia O'Toole, CEO of MyCena Security Solutions, suggests that businesses should take control of their own access and passwords to eliminate the need for password resets. O’Toole emphasises that when employees know their passwords, companies are vulnerable to phishing attacks – a major cause of data breaches. To address password resets, businesses can regain control through access segmentation and encryption management solutions that generate strong random passwords for all systems, which are encrypted and distributed to employees. By implementing such solutions, businesses can eliminate password resets, reduce security risks, and save millions of dollars per year.
During the recent RSA cybersecurity conference, experts and officials expressed concerns about the use of artificial intelligence (AI) by cyber criminals. Criminals are using AI to automate personalised phishing attacks across email, voice and encrypted channels like WhatsApp. They’re also creating more sophisticated and believable disinformation campaigns. Experts fear that AI-powered software will enable attackers to breach corporate networks, disguise themselves to evade detection and extract data undetected. To fight against the growing threat, companies should ensure their systems don’t make an easy target for bad actors. Key defences include strong, unique passwords, system segmentation and ongoing employee education. Should a phishing attempt succeed, the defences are then designed to limit the damage as much as possible.
Cybersecurity company Dragos recently experienced a security incident where a known gang breached defences and attempted to encrypt devices. Although the threat actors failed to breach Dragos' network or cybersecurity platform, they did gain access to the company's SharePoint cloud service and contract management system. The breach occurred after the personal email address of a new sales employee was compromised before their start date, downloading data and intelligence reports typically reserved for customers. Dragos responded by disabling the compromised account, asserting that their layered security controls successfully prevented the threat actors from executing their objective of launching ransomware. The attackers were also unable to move laterally, escalate privileges, establish persistent access, or make any changes to Dragos' infrastructure.
The Business Research Company has officially published its Cybersecurity Insurance Global Market Report for 2023. The 200-page document takes inspiration from companies including AXIS Capital Holdings Limited, Lloyd’s of London Ltd., Zurich Insurance Group and many more. Standout figures show that the global cybersecurity insurance market grew from $11.95 billion in 2022 to $14.56 billion in 2023. The report is available to download as a PDF now.
Underwriters continue to struggle with pricing insurance policies around cyber risk as Zurich deems them “uninsurable”. Mario Greco, speaking on behalf of Zurich Insurance, warned of the consequences of dark agents taking control of vital parts of their infrastructure. Cyber is now classed as the most important global business risk for 2023, and premiums have risen by 74% year on year. Underwriters say they don’t have the tools to appropriately address cyber risk. Mycena CEO Julia O’Toole shared her thoughts on the matter of risks.
