Tag Archive for: Readiness

Hack The Box Redefines Cybersecurity Performance, Setting New Standards in the Cyber Readiness of Organizations

/in


The innovative Cyber Performance Center approach helps businesses present a united front against cybercrime by aligning cybersecurity and corporate goals.

NEW YORK, NY, LONDON, UK and SYDNEY, AUSTRALIA / ACCESSWIRE / April 10, 2024 / Companies can level up their cybersecurity defenses – eliminating the skills and knowledge gaps that criminals regularly exploit thanks to Hack The Box’s Cyber Performance Center.

Hack The Box’s Cyber Performance Center unites individual ability, business management practices, and the human factor in the cybersecurity industry and it is designed to help organizations take a coordinated approach to their cyber readiness, reducing the vulnerabilities created when cybersecurity is siloed or treated as a tick-box requirement.

Its innovative model transcends the limits of traditional cyber training, taking a 360º overview that considers a business’s processes and technology investments along with the requirements of its cybersecurity teams. By matching processes and exercises to organizational outcomes it helps to align cybersecurity and business objectives.

Hack The Box’s disruptive approach also directly addresses the key human element within corporate cybersecurity, focusing on the upskilling and development cyber professionals need to perform to their best while providing clear career paths to encourage retention and combat the increased burnout and fatigue within the sector. This is critical as the global cybersecurity industry currently faces a skills shortage of four million people.

It is estimated that, by next year over half of significant cyber incidents will be caused by human error or skill shortages1. The Cyber Performance Center approach helps organizations tackle their security as a company-wide goal, considering the needs of its cybersecurity team, business processes, and respective technology investments to promote a healthy security culture.

Hack The Box combines these three organizational pillars with a continuous learning journey based on the latest technologies, vulnerabilities, and solutions for all cybersecurity domains. The approach enables customers to create and maintain a robust cyber strategy, unlocking the skills of each member of…

Source…

Rising ransomware attacks on education demand defense readiness

/in


Key points:

Ransomware attacks continue to wreak havoc on the education sector, hitting 80 percent of lower education providers and 79 percent of higher education providers this year. That’s a significant increase from 56 percent and 64 percent in 2022, respectively.

As “target rich, cyber poor” institutions, schools store massive amounts of sensitive data, from intellectual property to the personal information of students and faculty. Outdated software, limited IT resources and other security weaknesses further heighten their risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate the victim’s network and encrypt their data, effectively holding it hostage. After encryption, bad actors demand ransom payment in exchange for the decryption key required to retrieve their files.

But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; attacks can also result in downtime that disrupts learning for students. The impact of ransomware has grown so severe that the Biden Administration has even committed to providing ongoing assistance and resources to support schools in strengthening their cyber defenses.

So, while ransomware in the education sector isn’t a new phenomenon, the stakes remain high. And with both higher and lower education institutions reporting the highest rates of attacks among all industries surveyed in a recent study, the need for increased defense readiness in the education sector has never been more evident.

3 ransomware trends disrupting classrooms in 2023

Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, enabling adversaries to specialize in different stages of attack. Amid the current ransomware surge, IT and security leaders in education must remain aware of the evolving threat landscape so they can effectively safeguard their networks and systems.

Here are some trends from The State of Ransomware in Education 2023 report that demand attention now:

1. Adversaries are leveraging compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education…

Source…

Mimecast’s State of Ransomware Readiness Report 2022, CIOSEA News, ETCIO SEA

/in


With ransomware continuing to wreak havoc across the region, Singapore has made a great move by forming an inter-agency task force to help businesses as well as research and educational institutions tackle this growing threat.

Against this backdrop, to dig deeper into the ransomware threat and to assess its impact on cybersecurity teams and businesses, Mimecast spoke with cybersecurity decision-makers across the world including Singapore, and has released its 2022 State of Ransomware Readiness Report which explores the business implications and personal impacts of ransomware, as well as how organisations are defending against attacks today.

Here is a pictorial representation of the report‘s key findings in Singapore for 2022:

Infographic: Mimecast's State of Ransomware Readiness Report 2022

Follow and connect with us on , Facebook, Linkedin

Source…

The 5-Question Test to Assess Your Readiness to Manage Insider Threats

/in


An insider threat is a cyber security risk that originates from within any organization that is being targeted by attackers. Often, insider threats involve a current or former employee, or business associate, who has access to sensitive information or privileged accounts, and who misuses this access. Sometimes it is an outside attacker who gains credentialed access and waits for the right time to strike. In both cases, traditional security measures tend to focus on external threats and are not always capable of identifying an internal threat from inside the organization.

A paper written by Forrester Research in late 2021, Insider Threats Drive Data Protection Improvements, revealed that 58 percent of sensitive data security incidents are caused by insider threats. This report highlighted that nearly a third (31 percent) of firms surveyed do not believe insiders are a substantial threat, and suggests this is a principal reason why insider threats make up such a high proportion of security incidents.

While company leadership teams acknowledge that insider threats pose some risks, they don’t generate the level of urgency required to manage this risk effectively. This failure has a cascading effect; fewer than 30 percent of firms surveyed say they have an insider risk management strategy or policy. It is understandable that many organizations focus on perimeter and endpoint, first. Strong network and endpoint security, combined with vulnerability management lifecycle toolsets and a mature security operations center, are key to reducing overall risk. However, with insider events occurring more often than external, according to the report (58 percent vs. 41 percent), a more effective data security strategy vis-a-vis insider threats is needed.

There are steps organizations can take immediately that will mitigate some of the risk posed by insider threats. Some are straightforward, others will require some planning (not to mention board, team, and/or departmental buy-in). Take this five-question test to find out how well you currently manage insider threats.

1. Do you use multi-factor authentication (MFA)?

Multi-factor authentication cross-verifies privileged users with two different…

Source…