Tag Archive for: Integrity

SPHINX Real-time Cyber Risk Assessment



Cyber Predictions 2022 | K2 Integrity


Where We Stand

This year kicks off against the backdrop of the security flaw found in Log4j, a system-logging code library widely used in applications and services across the Internet. In the aftermath of this crisis, a new set of cybersecurity problems for technical and security teams have emerged. While it’s still too soon to tell just how much damage it has done (or will continue to do), it’s clear that the Log4j vulnerability has the potential to become the most significant threat seen on the Internet for years.

This is due to three reasons:

  • Its pervasiveness—Log4j is widely used by developers and bundled in various vendor products.
  • Its ease of exploitation—compromising a vulnerable system is often easy but patching the vulnerability is complex.
  • Its severity—once a system is compromised the attacker has total control to run whatever malicious code they choose.

Patching vulnerable systems has always been challenging for IT teams under pressure to maintain uptime. This struggle persists and is becoming more difficult. With Log4j, the challenge is finding what is at risk. This is particularly difficult for small to medium-sized enterprises (SMEs), who may not have dedicated IT resources to keep on top of the patching cycle or the capabilities to respond to zero-day exploits.

It is estimated that 60% of small companies go out of business within six months of a cyber-attack1.

This is likely to lead to further outsourcing of cyber services to managed security services providers (MSSPs); when selecting such security partners, businesses will need to exercise caution to ensure that the chosen partner fits their needs and has the experience appropriate to their environment.

To plug security gaps, organizations will continue to increase their spend on information security and risk management technologies and services, as they continue to deal with remote working and cloud security risks. A recent Gartner survey2 reports that 61% of organizations view cybersecurity as their top priority for new spending, with a further Gartner study3 reporting that 88% of boards now view cybersecurity as a business risk, rather than a technology risk. Communicating a return on…

Source…

How Have Information Operations Affected the Integrity of Democratic Elections in Latin America?


In October 2020, Nicaragua’s legislature passed a bill that criminalizes the publishing of information not approved by the government in a purported effort to combat “fake news.” The legislation, promoted by Nicaragua’s strongman President Daniel Ortega, raises a host of serious free speech concerns. But the fact that the Nicaraguan government decided to put its marker down on “fake news” speaks in part to a real trend to watch: Across Latin America, information operations have become increasingly prevalent. 

Information operations have posed a particularly serious threat to the integrity of democratic elections in the region, and the matter is only going to worsen if left unaddressed. The issue even caught the attention of some U.S. lawmakers, who worry about the increasing cyberattacks seeking to delegitimize elections in Latin America. Sen. Tim Kaine, for example, asked during a Senate Armed Services Committee hearing on March 25: “What might Cyber Command do, together with SOUTHCOM, to try to help our allies in the region avoid this escalating trend of disinformation that destabilizes democratic elections?”

Background

The rise of misinformation (the spread of unintentionally false information) and disinformation (the spread of intentionally false information) as a force in Latin American elections stems from several factors. The region’s long election cycles, characterized by varying electoral systems and numerous runoff elections, complicate the election process in Latin American countries. And then there’s the issue of growing tensions between governments and private citizens, thanks to the region’s declining state of democracy and growing inequality. Moreover, social media platforms like WhatsApp have become an integral part of the communication ecosystem for the public—but these platforms are also the cornerstone of many disinformation and misinformation efforts. Add to that the growth in popularity of hyperpartisan websites and outlets, and Latin America has fertile ground for information operations.

While many of the operations in the region have not been linked directly to foreign governments, U.S. Southern Command’s Adm. Craig Faller spoke

Source…

Principles of Computer Security – George Danezis