Cyber Defense eMagazine July 2021 Edition

More documents

Recommendations

Info

How To Make The Most of Increased Cybersecurity Spend The average organization devotes 21% of its IT budget to cybersecurity. By Stu Sjouwerman, CEO, KnowBe4 With the threat of malware touching more and more organizations, boards are beginning to devote greater resources to cybersecurity. The unfortunate truth is that a successful cyberattack can sink a business. The average remediation cost of a ransomware attack, for example, is $1.85 million, according to a Sophos report. The cost of non-compliance if sensitive data is exfiltrated can also be considerable, and the lasting reputational damage is hard to quantify. Companies that may have been tempted to gamble in the past are now seeing the financial sense in increasing cybersecurity spend. The average organization devotes 21% of its IT budget to cybersecurity, according to the Hiscox Cyber Readiness Report; an increase that has been driven by a sustained rise in the frequency of cyberattacks recently. Cyber Defense eMagazine – July 2021 Edition 42 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
The growing threat In the last 12 months, the percentage of organizations experiencing a cyber-attack jumped from 38% to 43%, according to Hiscox data, and 73% of those victims experienced more than one attack. A paltry 9% reported they were able to defend the attack with no impact on operations. Stronger defenses and better preparation are required to avoid potential disaster. Beyond the disruptive impact of ransomware or DDoS attacks, there lurks the even worse threat of a fullblown data breach. It takes 280 days on average to identify and contain a data breach and costs $3.86 million, according to the Ponemon Institute. It’s far better to spend a fraction of that amount to bolster your defenses and harden your security posture. The question is where to spend it to ensure the greatest impact. Phishing and BEC attacks We know that malware can usually be traced back to a phishing attack. Threat actors are increasingly picking their targets and getting smarter about how they approach them. Spear phishing is on the rise and sophisticated attacks employ stolen credentials to attack laterally. If a message or email appears legitimate, or worse comes from a colleague’s account that has been hacked, the risk of someone clicking a link or downloading a file and triggering a malware installation is much greater. The unpleasant truth is that anyone can be fooled. Employees of all levels can fall victim to phishing scams. Business Email Compromise (BEC) is also a serious concern, with the FBI reporting $1.8 billion losses through BEC, which is a staggering 42% of the cybercrime loss total. Much more sophisticated and targeted at CEOs, CFOs, and other high-ranking executives, BEC can be the result of months of reconnaissance, with attackers building complex infrastructures and hacking multiple accounts in pursuit of a big payday. Spending effectively to boost security The temptation to sink any budget increase for cybersecurity into a tool or platform that promises to safeguard your data is understandable, but there’s a better way to strengthen your security. If we accept that security systems can always be bypassed by persuading people to unwittingly grant access, then it’s clear that the best way forward is to educate and empower your workforce. Security awareness training is crucial because by teaching people to spot the common signs of a phishing attack will develop the muscle memory you want to see. Establish a baseline before you begin and set targets for improvement with periodic tests, such as mock phishing campaigns, to determine what progress has been made. Test results and any real-life security incidents that occur should be leveraged as learning opportunities and used to inform ongoing training. Make sure that you combine training with stronger security controls and strict procedures. At the shallow end, you have to provide phish alert buttons to make it easy to report suspicious emails. Reports should Cyber Defense eMagazine – July 2021 Edition 43 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Colonial Key Business Pipeline, Les
Page 3 and 4: Ransomware, the Ultimate Cyber Thre
Page 5 and 6: @MILIEFSKY From the Publisher… Ne
Page 7 and 8: Welcome to CDM’s July 2021 Issue
Page 9 and 10: Cyber Defense eMagazine - July 2021
Page 33 and 34: Colonial Pipeline, JBS Cyber Attack
Page 35 and 36: is clear: Cyberattacks will continu
Page 37 and 38: of management complexity for any bu
Page 39 and 40: Flipping the Cyber Script Getting A
Page 41: Trust strategies, they will prevent
Page 45 and 46: Common Sense Cybersecurity Steps fo
Page 47 and 48: The next big thing: addressing remo
Page 49 and 50: Applying PR tactics is a new page i
Page 51 and 52: NATO to Consider Military Response
Page 53 and 54: The number of open positions in var
Page 55 and 56: 3. Delivery - Transmission of the p
Page 57 and 58: Uncovering the Dark Side of the Col
Page 59 and 60: Energy and Utilities - You Have No
Page 61 and 62: a cyberattack that shut down approx
Page 63 and 64: Ransomware and the Cybersecurity In
Page 65 and 66: About the Author Jack Blount is Pre
Page 67 and 68: The airline industry’s poor recor
Page 69 and 70: Ransomware, the Ultimate Cyber Thre
Page 71 and 72: About the Author Yehudah Sunshine,
Page 73 and 74: A second reason for the increase in
Page 75 and 76: A Case of Identity: A New Approach
Page 77 and 78: Implementing a digital trust ecosys
Page 79 and 80: A 3-Part Plan for Getting Started w
Page 81 and 82: As threats continue to evolve, it
Page 83 and 84: 1. Endpoint and user protection Des
Page 85 and 86: The Risks of The Vulnerable Iot Dev
Page 87 and 88: Insecure Data Transfer and Storage
Page 89 and 90: Three Steps to Building Email Cyber
Page 91 and 92: Plan Ahead and Avoid Disaster The H
Page 93 and 94:
NDR technology is built on three pr
Page 95 and 96:
Hardware Trojan Detection By Sylvai
Page 97 and 98:
the properties (user mode, memory a
Page 99 and 100:
About the Author My Name is Sylvain
Page 101 and 102:
outside coaches - to help them impr
Page 103 and 104:
Tips for Avoiding Online Scams Duri
Page 105 and 106:
Phishing Example 1 Phishing refers
Page 107 and 108:
About the Author Cindy Murphy is th
Page 109 and 110:
The recent Feedzai report confirms
Page 111 and 112:
Why Cyber Risk Is the Top Concern o
Page 113 and 114:
(BEC) attacks, also known as “fak
Page 115 and 116:
What Educational Institutions Need
Page 117 and 118:
Firewall Security VPN connectivity,
Page 119 and 120:
Business Continuity: Where InfoSec
Page 121 and 122:
● ● ● ● How educated are em
Page 123 and 124:
Biometrics Challenges By Milica D.
Page 125 and 126:
Epic V. Apple Trial - Impact of Big
Page 127 and 128:
About the Author Brad Ree is the Ch
Page 129 and 130:
eaches because large amounts of hig
Page 131 and 132:
• securing mobile and remote work
Page 133 and 134:
This topic has great relevance beca
Page 135 and 136:
I recommend that leaders of private
Page 137 and 138:
fail that promptly. After, say, sev
Page 139 and 140:
1. Infosecurity Europe Where: Olymp
Page 141 and 142:
leaders, and help each other advanc
Page 143 and 144:
Cyber Defense eMagazine - July 2021
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
You asked, and it’s finally here
Page 155 and 156:
9 Years in The Making… Thank You
Page 157 and 158:
show all

Cyber Defense eMagazine July 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?