Tag Archive for: Organisations

APAC organisations forking out millions due to ransomware

/in


Ransomware has had a widespread impact on organisations in the Asia Pacific region in numerous ways, including both financially and legally.

This is according to Claroty’s report titled ‘Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption’, which revealed the impact of ransomware on organisations during 2021.

An independent survey of 1,100 full-time IT and OT security professionals was carried out in the United States, Europe and Asia Pacific, to determine how organisations dealt with ransomware challenges in 2021 and their levels of resiliency and priorities moving forward.

The report found that 80% of organisations in APAC were affected by ransomware attacks and just over half (51%) paid the ransom.

Overall, 71% of organisations in APAC paid ransom fees of US$100K-1M, and 13% paid US$1-5M. Moreover, 52% of APAC organisations reported a downtime event would cost them up to US$0.5M per hour in lost revenue, with 36% reporting costs would be even higher per hour at US$0.5-5M.

Globally, 9% of organisations said costs would exceed US$5M per hour. Only 5% of APAC companies would face such high costs.

The survey also explored the legal requirement to report ransomware payments, with only 45% in APAC supporting a legal requirement to report ransomware payments, so long as this came with a requirement to also report payments to regulators or other authorities.

On the contrary, 23% in APAC supported ransomware payments being legally required, but with no obligation to report payment.

However, the report notes: “As long as the financial model continues to favour paying the ransom, these threats will continue. The only way to mitigate the risk is to understand how to make hyperconnectivity more secure. Gaps in processes and technology, some that have existed for years, must be addressed.”

On this front, the survey revealed an almost universally increased investment in cybersecurity, and a strengthening of cybersecurity measures over the past two years driven by the pandemic and by high-profile, and highly damaging, ransomware attacks in 2021: on Colonial Pipeline and global meat processor JBS, as well as the SolarWinds supply chain attack.

A…

Source…

Insider threats cost organisations $15.4 million annually — Proofpoint

/in


Insider threats cost organisations $15.4 million annually — Proofpoint image

Frequency increased by almost half over the past two years, according to the study.

Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an average of $15.4 million annually, up 34% from 2020

According to the 2022 Cost of Insider Threats Global Report from enterprise security provider Proofpoint, alongside Ponemon Institute, it took organisations an average of 85 days to contain each incident.

Over the last two years, frequency of insider threats has increased by 44%, according to Proofpoint, with three identified categories consisting of:

  • careless or negligent employees/contractors (56% of incidents);
  • criminal or malicious insiders (26%);
  • cyber criminal credential theft (18%).

67% of surveyed companies experienced between 21 and more than 40 incidents per year, up from 60% in 2020.

Incidents caused by malicious or criminal insiders cost organisations an average of $648,062, while negligent insiders cost companies $484,931 per incident.

Negligence, according to the study, could include not ensuring devices are secured, not following the company’s security policy, or forgetting to patch and upgrade, among other factors.

Meanwhile, criminal insiders use data access, which has increased for the purpose of enhanced productivity, for harmful, unethical, or illegal activities.

Credential theft incidents have almost doubled since the last study, and prove the costliest to remediate with an average of $804,997 per incident.

Addressing insider threats: how board members can maintain cyber security

Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security. Read here

“Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organisations and take data with them,” said Ryan Kalember, executive vice-president of cyber security strategy at Proofpoint.

“In addition, organisational insiders, including employees, contractors, and third-party vendors, are an…

Source…

Microsoft Detects ‘Destructive Malware’ Targeting Ukrainian Organisations & Other Stories

/in


Super Sunday in UP as Ex-IPS Officer Asim Arun Joins BJP, Former MLA Dara Singh Chauhan Jumps to SP

Asim Arun, the former IPS officer who was posted as Commissioner of Kanpur Police before taking Voluntary Retirement recently, has joined the Bharatiya Janata Party (BJP) on Sunday. Sources say that Asim Arun may be fielded from Kannauj in upcoming assembly elections. READ MORE

Mumbai Has Crossed 3rd Wave Peak, Says Task Force Doc as Daily Covid Cases Dip for 4 Consecutive Days

Mumbai’s Covid-19 cases continued to dip for the third consecutive day with 10, 661 fresh infections on Satuday even as the city recorded the highest single-day toll since July 29 last year. Mumbai had reported 16,420 new COVID-19 cases on Wednesday, 13,702 cases on Thursday and 11,317 on Friday, thus showing a steady decline. READ MORE

Actor Vikrant Massey Upsets Indian Cricket Fans with his Apology to South African Team

The third test match against South Africa made Indian skipper Virat Kohli upset and he ended up making comments against the host broadcasters through stump mic. Noticing this, actor Vikrant Massey came up with an apology on Twitter to the South African cricket team for the on-field behaviour of Indian players. This did not go down well with Indian cricket fans. READ MORE

Amrita Singh Accompanies Daughter Sara Ali Khan in Her Spiritual Retreat

Sara Ali Khan is known for her travel diaries and her visits to spiritual places. On Saturday morning, Sara sought the blessings of Lord Shiva at Ujjain’s famous Mahakaleshwar Jyotirlinga temple. In the company of her mother, actress Amrita Singh, Sara visited the Mahakal temple. READ MORE

Microsoft Detects ‘Destructive Malware’ Targeting Ukrainian Organisations

Microsoft Corp said in a blog post on Saturday it observed destructive malware in systems belonging to several Ukrainian government agencies and organisations that work closely with the Ukrainian government. The victims of the malware include Ukrainian government agencies that provide critical executive branch or emergency response functions, Microsoft said. Also affected was an information technology firm that manages websites for public and private sector clients, including government agencies…

Source…

Government asks organisations to check server security

/in


A cybersecurity flaw in Java-based utility Log4j, used by many major tech companies, can give hackers access to computer systems.

The National Cyber Security Centre (NCSC) has issued a warning to all organisations that use web servers to respond to a new cybersecurity threat posed by what is being dubbed as Log4Shell.

The flaw stems from Apache Log4j, a Java-based logging utility used by most of the world’s major tech companies for their web infrastructure, including Microsoft, Apple, Amazon, Cisco, Tesla, Twitter and Baidu. It can potentially give a hacker unrestricted access to a company’s computer systems.

Log4Shell first received wide public attention after Minecraft, owned by Microsoft, published a statement to its 140m-strong active monthly users alerting them to the flaw. The company said any player of the game’s Java edition that doesn’t host their own server needs to take mitigating steps.

However, Minecraft is likely one of thousands of technology companies across the world that are susceptible to the Log4Shell flaw, and governments, including the US, are rushing to advise organisations with web servers to take immediate steps before hackers get them first.

“It is likely that malicious actors will shortly begin using this vulnerability to attack web servers. The NCSC advises that organisations assess their web servers for exposure to this risk. This should include services administrated and provided by third party service providers,” the NCSC wrote in a statement.

It clarified that Apache, the company that makes and runs Log4j, has published an update to the Log4Shell flaw which companies should make use of immediately. It also noted that any attempts to exploit the flaw can be detected by the NCSC.

“There is no evidence of any successful exploitation of this vulnerability in the State, or any effect on services or data, but the risk of eventual compromise will persist for any entity until the vulnerability is addressed,” it added.

Threat hunting a ‘high priority’

Andrii Bezverkhyi, founder and CEO of cybersecurity start-up SOC Prime, said that the problem with the Log4Shell flaw is that Log4J is used by “every…

Source…