Tag Archive for: threat

2024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

/in


(MENAFN– AETOSWire) (BUSINESS WIRE ) — Thales today announced the release of the 2024 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.

Threats continue to increase in volume and severity

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.

Compliance is the key to data security

The research found that over two fifths (43%) of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Operational complexity continues to cause data headaches

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (33%) of organisations are…

Source…

Ransomware-as-a-Service: The Threat That’s Making Cyber Resilience More Important Than Ever

/in


In late 2023, we covered the topic of cyber-attacks through a very detailed interview with Ram Elboim, CEO of Sygnia. As seen from that interview, the subject is dynamic, susceptible, and requires quite a lot of technical knowledge. The recent cyber-attack suffered by the British Library in London is a concrete example.

Due to ransomware – a program that, once installed, renders a system inaccessible – library services are unavailable, and sensitive user and employee data, including names, e-mails, and phone numbers, have been stolen. Usually, groups that carry such attacks demand a financial ransom to make the data accessible again.

Together with Sygnia and two of its leading figures, such as CEO Ram Elboim and UK and Northern Europe Manager Director Azeem Aleem, we will try to build on this example to understand other aspects of this complex and dangerous world.

The attack suffered by the British Library in London shocked everyone for several reasons. What happened? Who carried out the attack? Why does this attack represent such a big problem? 

Azeem: “The cyber-attack on the British Library highlights how ransomware gangs, are leaving no stone unturned, attacking not only businesses of all sectors that have high-value data, but now academia too. It also shows the brutal nature of triple extortion attack methods – crippling business operations and stealing data, before putting it up for ransom and publishing the data. Academic environments typically have fewer security protocols, with under-invested security teams, and are riddled with unpatched software and apps, that when combined, create the perfect playing field for hackers.

The British Library is a national treasure with a collection that holds some of the World’s most prized manuscripts, music scores, sound recordings, and first-edition books, including William Shakespeare’s plays. In this case, the Rhysida gang, a relatively new but substantial ransomware group, shut down the British Library’s website, phone systems, and other onsite services, causing an outage before stealing user data and employee details – almost 500,000 files amounting to 573GB. Within a matter of weeks, the gang had threatened to…

Source…

Ransomware remains biggest threat to SMBs, says Sophos Threat Report

/in


Sophos has found that ransomware remains the principal threat to small and medium-sized businesses (SMBs), despite a stabilisation in the number of attacks.

The 2024 Threat Report identified that data and credential theft malware, including keyloggers, spyware, and stealers, also constituted nearly 50% of all malware detections targeting SMBs.

Attackers use this stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and more.

Data and Credential Theft: A Rising Concern for SMBs

Christopher Budd, Director of Sophos X-Ops Research, stressed the growing allure of data as a currency among cybercriminals, especially towards SMBs that often rely on singular service or software applications for entire operations.

“There’s a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft,” Budd explained, highlighting the criticality of securing access to essential business applications to prevent financial theft and unauthorised access.

“Let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software.

“Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” said Budd.

Ransomware Dominates Cyberthreat Landscape

Despite a stabilisation in the number of attacks, ransomware remains the principal threat to SMBs.

Sophos Incident Response (IR) identified LockBit, Akira, and BlackCat as the top ransomware gangs targeting SMBs, alongside attacks by older and lesser-known ransomware variants.

The report notes a 62% increase in ransomware attacks involving remote encryption between 2022 and 2023, and highlights instances of small businesses attacked through vulnerabilities in their managed service providers’ (MSPs) software.

Evolving Tactics in Social Engineering

The Sophos report also sheds light on the sophistication of business email compromise (BEC) and social engineering attacks, now the second highest type of attacks after ransomware.

Attackers are engaging in more elaborate tactics, including extended email conversations and phone…

Source…

Human Error is Biggest Cybersecurity Threat, CTOs Say

/in


Almost two-thirds (59%) of CTOs believe that human error is the biggest cybersecurity threat facing their organisation today, according to research from IT consulting company STX Next.

Human error, which can range from downloading a malware-infected attachment to failing to use a strong password, was found to be the more threatening than the potential of both ransomware (48%) and phishing (40%) attacks. With the workforce representing organisations’ biggest attack surface, human error has previously been reported to account for as many as 95% of all cybersecurity breaches.

In response to these threats, CTOs are deploying a range of tactics in order to protect their teams and wider organisation, and are taking advantage of the many solutions on the market. Multi-factor authentication, which has taken off in recent years, has been adopted by 94% of companies, 91% are using identity access management technology (IAM), 58% are using security information and event management (SIEM) technology and 86% are using single sign-on (SSO) solutions.

Security is among main challenges for CTOs

The findings were taken from STX Next’s 2023 Global CTO Survey, which surveyed 500 global CTOs about the biggest challenges facing their organisation. 

Other key findings from the research included:

  • A quarter (24%) of CTOs said that security was their biggest challenge across the organisation, the fourth most popular response.
  • Despite the growing threat of attack, just less than half (49%) of companies surveyed said that they currently have a cyber insurance policy in place, while 59% of businesses have implemented a ransomware protection solution.
  • In-house security teams are still in the minority: just 36% of companies have a dedicated team or department providing security services, whereas 53% of companies are using the services of external specialised companies for security.

“The data from this year’s survey indicates that employees are still the weakest point of company security,” comments Krzysztof Olejniczak, CISO at STX Next. “Despite deployment of comprehensive technology, poor implementation, substandard support processes or lack of governance can render these efforts useless. In…

Source…