Tag Archive for: Executive’s

Cloud security tops 2023 cyber risks, according to UK senior executives

/in


Cloud related risks top the list of cyber security concerns that UK senior executives say will have a significant impact on their organisations in 2023, according to PwC’s annual Digital Trust Insights.

The research is based on an extensive survey of global and UK business leaders looking at key cyber security trends for the year ahead. Some 39% of UK respondents say they expect cloud-based risks to significantly affect their organisation in 2023, more so than cyber risks from other sources such as laptop/desktop endpoints, web applications and software supply chain. 

A third (33%) of respondents expect attacks against cloud management interfaces to increase significantly in 2023, while 20% say they expect attacks on Industrial Internet of Things (IIoT) and operational technology (OT) to significantly increase in the next 12 months.

However, long-standing and familiar cyber risks remain on the horizon in 2023, highlighting the challenge facing businesses. Just over a quarter (27%) of UK organisations say they expect business email compromise and ‘hack and leak’ attacks to significantly increase in 2023, and 24% say they expect ransomware attacks to significantly increase. Nevertheless, cyber security budgets will rise for many organisations in 2023, with 59% of UK respondents saying they expect their budgets to increase.

Richard Horne, cyber security chair, PwC UK said: “In part the increase in cloud-based threats is a result of some of the potential cyber risks associated with digital transformation. An overwhelming majority (90%) of UK senior executives in our survey ranked the ‘increased exposure to cyber risk due to accelerating digital transformation’ as the biggest cyber security challenge their organisation has experienced since 2020.

“However, these digital transformation efforts – which include initiatives such as migration to cloud, moving to ecommerce and digital service delivery methods, the use of digital currencies and the convergence of IT and operational technology – are critical to future-proofing businesses, unlocking value and creating sustainable growth.”

Around two-thirds of UK senior executives say they have not fully mitigated the cyber risks…

Source…

65% Of Surveyed Executives And Employees Have Been Asked By Hackers To Help In Ransomware Attacks

/in


Ransomware attacks, which were a growing problem last year, are expected to increase this year. But the cyberattacks, which people assumed were coming from outside their organizations, have also become internal threats.

A new poll from identity protection company Hitachi ID Systems found that 65% of surveyed IT and security executives or their employees have been approached to assist in these cyberattacks. This represents a 17% increase from a similar survey last November.

  • Overall, 57% of respondents reported that they or their employees were offered cash or Bitcoins worth less than $500,000. Ransomware attackers primarily contacted executives and employees through email (59%). 
  • Of the 65% who said they had been approached to assist in a ransomware attack, 49% ended up a victim of ransomware attack.
  • Although many (55%) consider themselves moderately or very prepared to defend against ransomware, more than half (51%) rely mostly or exclusively on perimeter defense.

26% Paid Ransom Demands

In the new poll, most people said they consulted an external party before responding to a ransomware attack and were advised not to pay the ransom. But 26% said they did pay—the demands ranged between $300,000 and $600,000.

Hitachi ID warned that, “To combat this rising threat, businesses must take a proactive offensive approach to cybersecurity or face financial and reputational damage.” 

The company surveyed 100 IT and security executives between December 7 2021 and January 4, 2022 about how hackers are approaching employees, how ransomware is impacting an organization’s cybersecurity approach and how prepared businesses are to combat these attacks.

Other Survey Results

Victim Of Attacks

  • 38% of respondents say their company has been a victim of a ransomware attack.
  • Of those who said they had been approached to assist in a ransomware attack, 49% ended up a victim of…

Source…

White House to discuss software development with tech executives, calling it ‘key national security concern’

/in


The January discussion between tech executives and White House officials is needed because open-source software is widely used but is maintained by volunteers, making it “a key national security concern,” Sullivan said in a letter to tech firms, excerpts of which the White House shared with reporters.

Invitees include software development firms and cloud service providers, according to the White House. A National Security Council spokesperson declined to say which companies had been invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.

Ransomware gangs and hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the flaw as tech firms and government agencies have raced to apply software patches.
The US Cybersecurity and Infrastructure Security Agency, which has said that hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on December 17 ordering federal civilian agencies to update their systems.

An agency spokesperson told CNN on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.

While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.

Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.

While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.

The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.

It’s precisely that dearth of investment in critical software that the White House wants to address.

President Joe Biden in May…

Source…

Cyber Chiefs Calculate Data Breach Costs to Explain Risks to Executives – Wall Street Journal

/in

Cyber Chiefs Calculate Data Breach Costs to Explain Risks to Executives  Wall Street Journal
“data breach” – read more