If there was one lesson from the CSO Perspectives roadshow – which wraps up in Wellington this week – it came around the growing scourge of ransomware. If you’re like the attendees, you’ve probably already been hit at least once. However, a positive outcome of such breaches is that they make it easier to talk security with the CEO – whether about ransomware or the rest of the 9 most serious information-security threats you’ll face through 2019.
Those threats are already taking their toll but many small businesses are keeping mum about their impact, with suggestions that it costs over $275,000 for the average business to recover from a successful attack. Time-to-detect metrics are improving but security specialists were warning against complacency, with IBM warning that the leaking of 4 billion online records in 2016 made it the worst year ever for security breaches.
With many businesses trusting cloud services despite not being able to see what they’re doing, 2017 may not be much better. All technology giants were found to be lacking when it comes to explaining how user data is secured, while users were also fingered for being so slack with their own digital protections that they’re unlikely to guard company data very well either.
Austrade’s support of Australian cybersecurity startups was helping them create opportunities in new markets, a senior official said. Bringing Australian security innovation to the world can’t happen too soon: hackers were said to be looking past malware as the primary conduit for their attacks, particularly with criminals seeing profit rates of up to 95 percent through simple DDoS attacks. This can’t have been helped by a Wikileaks dump showing how the CIA was masking its malware attacks.
Scammers were all over an alleged iCloud account leak, while research suggested that 40 percent of devices bought from secondhand markets had personal information on them. Many likely also have malware on them, if figures around soaring infection rates on Android phones are any indication. Yet Google’s Android hacking contest failed to attract any exploits – suggesting either that the platform is indeed quite secure, or that hackers are more interested in using exploits for their own purposes.
iPhones were suffering from a browser ransom attack that was fixed in the iOS 10.3 update. LastPass was scrambling to fix another serious vulnerability in its password-management software, while VMware was fixing newly discovered virtual-machine escape flaws and millions of Web sites were affected by an unpatched flaw in Microsoft IIS 6. Open-source developers were being targeted in an attack campaign against GitHub, while the leak of source code for a new banking Trojan offered a way for even novices to launch nasty attacks against users.
The FBI was warning about attacks on anonymous FTP servers used by small medical and dental offices, while Russia was said to have used ‘thousands’ of Internet trolls to influence the US election. New York State was also warning that it had recorded a record number of breaches last year, while US privacy advocates were fighting new rules that would allow ISPs to sell customers’ personal information without their permission.
- Despite limited visibility, businesses trust cloud services over email and mobiles
- Attack, detection metrics improve but security specialists warn against complacency
- Industry support is helping Australian cybersecurity startups shake off risk aversion: Austrade
- Are you following the basics of security?
- Security industry “has failed the customer”, exec concedes as reborn McAfee spruiks consulting, integration growth
- The week in security: Angry privacy watchers turn tables on pollies; did Apple pay an iCloud ransom?