por Rebeca | Ene 18, 2023 | Ciberseguridad
Cyber-Attacks Set To Become «Uninsurable»
This is the stark assessment from Mario Greco, chief executive at insurer Zurich, one of Europe’s biggest insurance companies, speaking to the Financial Times.
Amid growing concern among industry executives about large-scale cyber-attacks, Greco warned that cyber-attacks, rather than natural catastrophes, will become “uninsurable”. For the second year in a row, natural catastrophe-related claims are expected to top $100bn, the FT reported.
Cyber-attacks have continued to plague multiple industries in recent years, some of whom are doing little to prevent future attacks, when they opt to pay hackers and criminal gangs (against all security professional advice) to unlock their ransomware crippled systems or call off DDoS attacks.
Zurich’s Mario Greco praised the US government’s steps to discourage ransom payments. hence “If you curb the payment of ransoms, there will be fewer attacks,” he told the Financial Times.
In September 2022, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks. A senior Lloyd’s executive said the move was «responsible» and preferable to waiting until «after everything has gone wrong».
Identifying those responsible for an attack is challenging, making such exemptions legally fraught, and cyber experts have warned that rising prices and bigger exceptions could put off people buying any protection.
There was a limit to how much the private sector can absorb. Especially In terms of underwriting all the losses coming from cyber attacks, Greco said. He called on governments to «set up private-public schemes to handle systemic cyber risks that can’t be quantified. Following Similar to those that exist in some jurisdictions for earthquakes or terror attacks».
These are the data:
- According to Security Magazine. There are over 2200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds
- With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.
- According to Cybint, nearly 95% of all digital breaches come from human error.
Cyber security experts share their prediction for the most impactful threat vectors and cyber risks of 2023, so when they were asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations on 2023, 75% of cyber security professionals said social engineering and phishing.
Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, also LastPass and Marriott International have suffered from such attacks further highlighting the importance to cyber security practitioners of staying aware of phishing threat.
Privileged account management is the IT security process of using policy-based. Software and strategies to control who can access sensitive systems and information. Basically Privileged accounts rely on credentials (passwords, keys, and secrets) to control access. By creating, storing, and managing these credentials in a secure vault. Also Privileged account management controls authorized access of a user, process, or computer to protected resources across an IT environment.
Sources:
- Silicon.co.uk
- Insuranceinsider.com
Imagen Arthur Bowers in Pixabay
por Rebeca | Oct 26, 2022 | Ciberseguridad
El sector Retail frente a los ciberataques; Cyberattacks against the retail sector are an ongoing concern. There are a number of factors that make retail systems attractive targets for hackers. Fortunately, there are also effective safeguards against these attacks. In an industry that has traditionally only seen crime in the form of shoplifting, online retail has become a favourite target among cyber criminals and has been one of the most attacked sectors this year.
Customer information has been perhaps the biggest target, including both details from card payments and general personal information. Retailers have access to a wealth of sensitive data about their customers, who use often-repeated; login details for their accounts. As businesses increase their use of cloud computing and third-party vendors, supply chains have also become a common attack surface full of vulnerable touchpoints, particularly as retailers can’t always guarantee that their suppliers have robust cyber security in please, or even take security as seriously.
Retail Cybersecurity Statistics
Retailers have always been attractive targets for cyber attackers and data thieves. But now, cybersecurity issues in retail have become an even bigger concern. Consider these recent (2020) retail cybersecurity statistics:
- 24% of cyberattacks targeted retailers, more than any other industry (Trustwave)
- 34% of retailers said cybersecurity worries were their primary hindrance in moving to e-commerce (BDO)
- 34% also said that cyber attacks or privacy breaches were their most serious digital threat (BDO)
- Financial motives drove cyber attackers in 99% of retail cyber attacks (Verizon 2020)
- When data is compromised in an attack, 42% is payment information and 41% is personally identifiable data (Verizon 2020)
Sources: (1) helpnetsecurity.com (2) ITPro (3) Forbes Picture: Foto de mano con dinero creado por rawpixel.com – www.freepik.es -El sector Retail frente a los ciberataques-
por Rebeca | Oct 25, 2022 | Ciberseguridad, Cliente, Noticias
Cyberattacks against the retail industry are an ongoing concern. There are a number of factors that make retail systems attractive targets for hackers. Fortunately, there are also effective safeguards against these attacks.
In an industry that has traditionally only seen crime in the form of shoplifting, online retail has become a favourite target among cyber criminals and has been one of the most attacked sectors this year.
Customer information has been perhaps the biggest target, including both details from card payments and general personal information. Retailers have access to a wealth of sensitive data about their customers, who use often-repeated login details for their accounts.
As businesses increase their use of cloud computing and third-party vendors, supply chains have also become a common attack surface full of vulnerable touchpoints, particularly as retailers can’t always guarantee that their suppliers have robust cyber security in please, or even take security as seriously.
Website attacks
Attacks on retail industry websites were notably higher than all other industries last year, and were characterized by more sporadic peaks in attacks.
Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a blindspot for organizations and a potential fraud risk for consumers.
Scaling up quickly
In order to keep pace with consumer demand for buying online and, in some cases, to save businesses whose physical stores have suffered during the pandemic, many online shops opened or scaled up quickly. In many cases, this means they have not been implementing comprehensive cybersecurity solutions along the way. This fast scale-up or establishing of online presence also means that many retailers are relying on outside vendors for services like payment processing, shopping cart functions and other features. This makes retailers–and in turn their customers–vulnerable to supply chain attacks, when bad actors gain access to a service provider, then use that to target its subscribers and clients either directly or indirectly.
Retail Cybersecurity Statistics
Retailers have always been attractive targets for cyber attackers and data thieves. But now, cybersecurity issues in retail have become an even bigger concern. Consider these recent retail cybersecurity statistics:
- 24% of cyberattacks targeted retailers, more than any other industry (Trustwave)
- 34% of retailers said cybersecurity worries were their primary hindrance in moving to e-commerce (BDO)
- 34% also said that cyber attacks or privacy breaches were their most serious digital threat (BDO)
- Financial motives drove cyber attackers in 99% of retail cyber attacks (Verizon 2020)
- When data is compromised in an attack, 42% is payment information and 41% is personally identifiable data (Verizon 2020)
Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a potential fraud risk for consumers.
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world, shall we talk?
Sources:
(1) helpnetsecurity.com
(2) ITPro
(3) Forbes
(4) finextra
Picture: Foto de mano con dinero creado por rawpixel.com – www.freepik.es
por Rebeca | Abr 13, 2022 | Ciberseguridad, Cliente, Noticias
Cyberattacks against the retail sector are an ongoing concern. There are a number of factors that make retail systems attractive targets for hackers. Fortunately, there are also effective safeguards against these attacks.
In an industry that has traditionally only seen crime in the form of shoplifting, online retail has become a favourite target among cyber criminals and has been one of the most attacked sectors this year.
Customer information has been perhaps the biggest target, including both details from card payments and general personal information. Retailers have access to a wealth of sensitive data about their customers, who use often-repeated login details for their accounts.
As businesses increase their use of cloud computing and third-party vendors, supply chains have also become a common attack surface full of vulnerable touchpoints, particularly as retailers can’t always guarantee that their suppliers have robust cyber security in please, or even take security as seriously.
Website attacks
Attacks on retail industry websites were notably higher than all other industries last year, and were characterized by more sporadic peaks in attacks.
Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a blindspot for organizations and a potential fraud risk for consumers.
Scaling up quickly
In order to keep pace with consumer demand for buying online and, in some cases, to save businesses whose physical stores have suffered during the pandemic, many online shops opened or scaled up quickly. In many cases, this means they have not been implementing comprehensive cybersecurity solutions along the way. This fast scale-up or establishing of online presence also means that many retailers are relying on outside vendors for services like payment processing, shopping cart functions and other features. This makes retailers–and in turn their customers–vulnerable to supply chain attacks, when bad actors gain access to a service provider, then use that to target its subscribers and clients either directly or indirectly.
Retail Cybersecurity Statistics
Retailers have always been attractive targets for cyber attackers and data thieves. But now, cybersecurity issues in retail have become an even bigger concern. Consider these recent retail cybersecurity statistics:
- 24% of cyberattacks targeted retailers, more than any other industry (Trustwave)
- 34% of retailers said cybersecurity worries were their primary hindrance in moving to e-commerce (BDO)
- 34% also said that cyber attacks or privacy breaches were their most serious digital threat (BDO)
- Financial motives drove cyber attackers in 99% of retail cyber attacks (Verizon 2020)
- When data is compromised in an attack, 42% is payment information and 41% is personally identifiable data (Verizon 2020)
Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a blindspot for organizations and a potential fraud risk for consumers.
Sources:
(1) helpnetsecurity.com
(2) ITPro
(3) Forbes
(4) finextra
Picture: <a href=’https://www.freepik.es/fotos/mano-dinero’>Foto de mano con dinero creado por rawpixel.com – www.freepik.es</a>
por Rebeca | Ene 5, 2022 | Ciberseguridad, Soffid
Cybercriminals
Throughout 2021, global news seemed to ricochet between the rapid spread of new iterations of COVID-19 and cyber criminality — both becoming increasingly creative and disruptive as they mutate in a battle for survival; both interlinked as cybercriminals profit from rapid digitalization forced by COVID-19 lockdowns. In a recent interview, a prominent cybersecurity executive pointed out that alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats.
Because security is not built into new technology from the ground up, cyber criminals quickly get a foothold and cause untold damage before we can catch up.
Much has been said about the cybersecurity skills shortage. Millions of cybersecurity positions are unfilled, and this is causing serious problems at many organizations. Cybercriminals the magnitude of the skills shortage is based on a specific model of doing security. This model is reactive rather than proactive and takes a labor-intensive, “brute force” approach to threat response. We need more bodies in cybersecurity because our methodology is to “throw more bodies at the problem.”
For example, rather than doing threat modeling and building strong, proactive controls as they develop an application, organizations scan for vulnerabilities, manually analyze the scans and manually remediate the problems — or else let the vulnerabilities accumulate. Cybercriminals this consumes a lot of resources and ultimately does not leave an organization significantly safer than if it had done nothing.
Moving Beyond Brute Force
While most people may see the logic in moving beyond this scattershot approach, it has an incredibly strong gravitational pull. IT governance policies at many organizations require the use of antiquated security technology and processes when other approaches would provide better protection using fewer resources. At the same time, the rapidly evolving marketplace means that development teams face continual pressure to crank out applications even faster than they do today. This makes it easy to rush into development rather than taking the time to architect an application to be secure before coding even begins.
But what if we were to break from the gravitational pull of reactive security and refocus on what really matters? We could build security into new technologies as they are developed, rather than adding it as an afterthought. We could become consistent, prioritized, focused, structured and strategic in the use of people, processes and tools. help developers learn to write safer code by providing real-time feedback.
At the same time, we need to be making security more visible. If users had an idea which software was safer and which was less safe, they would choose accordingly. The White House issued an executive order in May that can potentially move us in this direction. For example, it requires software vendors to provide a “Software Bill of Materials”. Something of an “ingredients list” for an application. We need dramatically more information about why we should believe something. Secure before we trust it with important things — like elections, finances and healthcare, for example.
Proactive cybersecurity strategies
Aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.
From the growing adoption of distributed cloud to the proven benefits of remote mobile workforces. The attack surface for bad actors is ever-widening. This means the requirements for network security have also evolved with the growing threats of increasingly distributed systems.
Security should not take a backseat to innovation in digital businesses. Of course, innovation and speed will require businesses to build secure systems, which means we can no longer afford to implement security only at the service level. We need to apply adaptable solutions from the architecture level that will change with digital business requirements.
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let us know how we can help you
Sources:
(1) Forbes
(2) Information Week