Tag Archive for: quickly

how financial institutions can prepare to react quickly through regulatory compliance

/in


All over the world, the number of attacks by cybercriminals targeting the financial sector is increasing, and the UK & Ireland is no exception
to this trend. According to Veritas research half of UK organisations said that, over the past two years, they had been the victim
of at least one successful ransomware attack in which hackers were able to infiltrate their systems.   

The increasing profitability of these attacks for the criminals, means a whole new industry – Ransomware-as-a-Service (RaaS) – is growing rapidly.  Professional hackers, exploiting AI-driven target identification, breach execution, victim extortion, and
ransom collection, all offering their malware as a service to the highest bidder.  

The increasing threat this poses to national economies led the EU to pass the Digital Operational Resilience Act (DORA) setting out specific requirements
for financial service providers concerning risk management. DORA legislated specifically on key areas including reporting accuracy of any ICT-related incidents, and management of third party risk.   

This means that when an attack on any financial services provider occurs, the decisions and actions taken in the hour following an attack will be decisive for the level of organisational impact, and the ultimate survival of the business.  

For financial institutions, process predictability is paramount  

IT teams must prepare thoroughly to anticipate an attack by implementing effective operational resiliency practices to secure their data.  Ongoing training for IT and business teams, together with tools for data identification and visibility, are critical
when it comes meeting regulatory requirements.   

As part of the ICT risk management process to comply with DORA regulations, successful completion of a specialised audit to identify all types, locations and classifications of data and storage infrastructure must be carried out. These rules have been developed to
help prevent and mitigate cyber threats and ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats.  

Compliance with these processes…

Source…

pCloud launches two free online tools to enhance security among Internet users quickly and effectively

/in


ZUG, SWITZERLAND – Media OutReach – 2 May 2023 – In Taiwan, the need to improve online security is urgent, with organizations experiencing an average of 3,118 attacks per week last year (https://www.taiwannews.com.tw/en/news/4783488). This trend will likely worsen due to the rise in remote work and digital transformation acceleration.

Screenshot 2023-04-25 at 15.48.43.png

It is in this context that World Password Day will take place on May 4th. One of its objectives will be to raise awareness among Internet users of best practices for securing their data.

On this occasion, pCloud, the European service that offers a secure online storage solution and an encrypted password manager, launches two free online tools:

Password Checker, to easily validate the security level of each password ;
Data Breach Checker, to find out if an email is part of a hack… and it often is!

“With data breaches on the rise in 2023, we offer these free and easy-to-use tools to help build good practices that increase online security.”

Screenshot 2023-04-25 at 15.48.16.png

Check your password security quickly and effectively

The Password Strength Checker can identify how quickly a password can be cracked, with hackers usually taking just a few seconds to do so.

This is a significant concern since 78% of Generation Z use the same password for everything.

Concrete tips on creating strong passwords and avoiding the risk of being hacked are also shared by pCloud.

Find out immediately if an email is part of a data breach

pCloud’s Data Breach Checker allows users to find out instantly if their email is part of one or more known data breaches.

This is important since popular sites like Deezer, Twitter, Dropbox, and Canva have already been victims of data breaches.

Sensitive personal information associated with emails, such as credit cards, addresses, and passwords, may also have been hacked.

The problem is that people are not always aware of it, because they were not alerted when it happened or because they do not have a full picture of the scale of the phenomenon.

Accessible at any time, this tool allows the user to know instantly if their email is part of one or more known data breaches.

Here again, the Swiss company takes the opportunity to share 3 practical tips to ensure better…

Source…

How to quickly reduce Russia’s capacity of harm on the internet – EURACTIV.com

/in


Technology companies and regulators in the EU and west have the power to disturb the functioning of Russia’s internet and the malicious use of the Internet outside the country without affecting the country’s essential data and infrastructure nor harming the infrastructure of other countries. These digital sanctions can be implemented quickly and removed easily when appropriate.

Andrey Kolodyuk and Jan Thys are co-founders of the Free Ukraine Foundation, a non-profit just created in Belgium to assist Ukrainian people and businesses affected by the war.

Yobie Benjamin, former chief technology officer of Global Transaction Services, Citibank, also contributed to this opinion.

Today, as Russia is bombing Ukraine and threatening the world, one of its most potent weapons — the internet – should not be overlooked.

The aggressor’s cyber warfare capabilities are world-class. Not only are they being used to attack Ukraine: they are ready to strike the world’s critical infrastructures.

The recent past has shown how tangible this threat is. For example, the Russian government is suspected to be behind the 2020 SolarWinds attack, which affected thousands of organisations globally, including multiple parts of the United States federal government. 

Tomorrow, we may witness a complete crash of capital markets or wake up without heat and electricity – unless we’d learn to live without toilet paper, food, medicine, and fuel due to supply chain disruptions. 

Russia has also wielded the Internet as an effective weapon in destabilising governments and institutions, dividing political and civil discourse in the USA, Western Europe and beyond. From the trucker protests in Canada to ethnic tensions and the January 6 insurrection in the United States, Russia has been aggressive in creating active societal unrest to its advantage.

What could be done

In response to the invasion of Ukraine, the west has moved fast to support Ukraine in military terms and to sanction Russia economically and technologically.

A lot could be done in the digital field, too, supported by regulatory action as a crucial component of the west’s answer.

We need to reduce the cyber threat, i.e….

Source…

S’pore firms warned to quickly fix Log4j software security hole that world experts call worst in years, Tech News News & Top Stories

/in


SINGAPORE – Organisations should take swift action to patch a “critical vulnerability” in a widely used software that could allow hackers to take full control of computer systems, the Cyber Security Agency of Singapore (CSA) said on Tuesday (Dec 14).

This is because “we only have a short window” to put in place measures to limit any abuse of the flaw, warned the agency.

The flaw, which affects a wide range of applications from social media and gaming to online shopping and banking, is likely to affect hundreds of millions of devices, the United States’ national cyber-security agency said on Monday, adding that it could be one of the worst in years.

The affected Apache Log4j is a free, open source software that is popularly used to log and keep track of activities and changes in software applications, including system errors and messages from users.

Public and private sector organisations are expected to be affected.

Cyber-security experts warned that the flaw can be easily exploited by adding just a line of code. This could allow cyber crooks to, among other things, abuse the vulnerability to steal and delete data, hijack a company’s e-mail system to send phishing messages to other firms, and make fraudulent bank transfers.

Among the services and sites known to be vulnerable at some point include Apple’s iCloud online back-up service, Valve’s Steam online game store and Microsoft’s Minecraft online game. Other firms reportedly at risk include Amazon, Baidu, Google, Tencent and Twitter.

While CSA has not received any reports of breaches related to the vulnerability for now, it is closely monitoring the situation.

CSA’s urgent call to action follows from an initial alert it sent out last Friday.

It also comes after US Cybersecurity and Infrastructure Security Agency (Cisa) director Jen Easterly said the flaw, also called Log4Shell or LogJam, “is one of the most serious I’ve seen in my entire career, if not the most serious”, reported cyber-security news site CyberScoop.

Last Saturday, Germany’s cyber-security watchdog the BSI issued the highest red alert warning on the security hole, saying it posed an “extremely critical threat” to Web servers.

Apple and several companies…

Source…