BBC, Boots, British Airways among victims of mass cyber attack

Tens of thousands of employees of private and public organisations have had their personal data exposed as a result of a wide-ranging breach of the MOVEit Transfer tool.

“It is common for an initial breach to spread up and down the supply-chain of the initial target. Once a criminal is in, they will be looking for doors that can open onto new victims. When it comes to protection against these threats, segmenting and encrypting access is essential. By segmenting access, you minimise the amount of data that can be obtained at once and the malware cannot travel not just inside your systems, but also further up and down your supply chain to avoid infecting more companies.”

How to build your cyber fortress

The ancient Greeks taught us many things. Thousands of years later, we still apply Greek wisdom to things like government, teaching and law. And, according to MyCena Security Solutions CEO Julia O’Toole, there are still lessons to be learned in the cybersecurity world. O'Toole explains how ancient Greek architecture can provide lessons for building a strong defence against modern ransomware attacks. Highlighting the city of Mycenae, known for its robust walls and layered security, as inspiration, O'Toole emphasises the speed and vulnerabilities associated with modern ransomware attacks, criticising the reliance on single access tools and employee-created passwords. Instead, companies should learn from the ancient Greeks – implementing segmented access with unique encrypted passwords at different levels to create an impregnable fortress for their digital assets.

Counting the cost of password resets

Recent research shows that 56% of FTSE 100 employees reset their passwords monthly, costing over $1.7 billion annually. The cost of these password resets is estimated to be around $70 per reset, resulting in a total cost exceeding $156 million per month for the FTSE 100 alone. Julia O'Toole, CEO of MyCena Security Solutions, suggests that businesses should take control of their own access and passwords to eliminate the need for password resets. O’Toole emphasises that when employees know their passwords, companies are vulnerable to phishing attacks – a major cause of data breaches. To address password resets, businesses can regain control through access segmentation and encryption management solutions that generate strong random passwords for all systems, which are encrypted and distributed to employees. By implementing such solutions, businesses can eliminate password resets, reduce security risks, and save millions of dollars per year.

AI a growing threat to cybersecurity

During the recent RSA cybersecurity conference, experts and officials expressed concerns about the use of artificial intelligence (AI) by cyber criminals. Criminals are using AI to automate personalised phishing attacks across email, voice and encrypted channels like WhatsApp. They’re also creating more sophisticated and believable disinformation campaigns. Experts fear that AI-powered software will enable attackers to breach corporate networks, disguise themselves to evade detection and extract data undetected. To fight against the growing threat, companies should ensure their systems don’t make an easy target for bad actors. Key defences include strong, unique passwords, system segmentation and ongoing employee education. Should a phishing attempt succeed, the defences are then designed to limit the damage as much as possible.

Dragos discloses ransom attempt

Cybersecurity company Dragos recently experienced a security incident where a known gang breached defences and attempted to encrypt devices. Although the threat actors failed to breach Dragos' network or cybersecurity platform, they did gain access to the company's SharePoint cloud service and contract management system. The breach occurred after the personal email address of a new sales employee was compromised before their start date, downloading data and intelligence reports typically reserved for customers. Dragos responded by disabling the compromised account, asserting that their layered security controls successfully prevented the threat actors from executing their objective of launching ransomware. The attackers were also unable to move laterally, escalate privileges, establish persistent access, or make any changes to Dragos' infrastructure.

Cybersecurity Insurance Global Market Report released

The Business Research Company has officially published its Cybersecurity Insurance Global Market Report for 2023. The 200-page document takes inspiration from companies including AXIS Capital Holdings Limited, Lloyd’s of London Ltd., Zurich Insurance Group and many more. Standout figures show that the global cybersecurity insurance market grew from $11.95 billion in 2022 to $14.56 billion in 2023. The report is available to download as a PDF now.