risk

person holding clear glass decor

Crossing the Compliance Chasm

Tarique Mustafa

There is a wide gap between regulatory compliance mandates and practical implementation and enforcement that I like to call the “Compliance Chasm”. That chasm is defined by the activity to protect consumers and consideration for the economic and operational impact on business enterprises. Finding that balance requires thought, not the more popular whack-a-mole enterprise strategy that reacts to new compliance mandates.

The frequency and size of regulatory fines are rising for non-compliance. In January 2023, Meta was fined $418 million for GDPR violations by Meta properties’ Facebook and Instagram. Ireland’s Data Protection Commission follows up in May that same year with a $1.3 billion fine for additional violations. And those were just the latest fines imposed on web giants, that also included Google and Amazon.

The targets of those fines might be justified in saying compliance is an impossible task. By 2025 the volume of data/information created, captured, copied, and consumed worldwide is forecast to reach 181 zettabytes. Nearly 80% of companies estimate that 50%-90% of their data is unstructured text, video, audio, web server logs, or social media activities.

Read more...
English riots cause unprecedent damage

Security concerns reach beyond CISOs

Lou Covey

The English riots this past week provide a Dickensian “best of times…worst of times.” context to politics in the United Kingdom and possibly the United States later this year. The UK has had a significant political shift in leadership that brought relief to the majority of that countries citizens (the best) but also encouraged the minority opinion to lash out with provocation from domestic actors and foreign states (the worst). This highlight the fact that digital security concerns reaches far beyond the confines of corporate CISO offices.

The rioters are extreme anti-immigration nationalists whipped up by false information regarding the stabbing of several young children and adults at a dance recital in Southport, a town just north of Wales. The disinformation came from several sources but is primarily coming through a Russian-linked website posing as a legitimate American news organization. The claim was meanwhile amplified up by far-right figures Tommy Robinson and Andrew Tate. Robinson was arrested under anti-terrorism laws but is out on bail has been vacationing in Europe. He is still spreading disinformation. Tate is currently under “judicial supervision” for rape and human trafficking charges. X owner Elon Musk has also participated personally in sewing the discord.

Foreign interference grows

Meanwhile, open source intelligence monitored by companies like Zero Fox and Fletch have identified efforts by North Korea and Russia to interfere in elections of Western countries including Germany and the United States. Zero Fox said, “The Telegram-based bot service IntelFetch had been aggregating compromised credentials linked to the Democratic National Committee (DNC) and their websites. This data, primarily sourced from botnet logs and third-party breaches, includes sensitive information such as login credentials for party members and delegates. This breach poses a significant risk of unauthorized access and potential disruptions to the convention.”

Zero Fox said the DNC had been alerted several weeks ago and that the weaknesses fixed. The DNC Convention is set to begin August 19 and Zero Fox was planning on announcing their findings that day to boost their profile.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...
grey concrete building

Addressing Financial Organizations’ Digital Demands while Avoiding Cyber Threats

Jon Taylor

Keeping up with requirements has caused financial organizations to rapidly overhaul their IT infrastructure. Because of this rapid digitalization, organizations are consuming many different security solutions creating a bespoke environment that inadvertently exposes them to cyber threats. 

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...
Cyberint midyear report shows declinen in ransomware attacks per victim

Have we reached peak ransomware?

Lou Covey

Cybercrime reports flowing out of marketing departments still highlight the danger of ransomware. However, a closer look at the numbers reveals a much different story and poses the question: Have we reached peak ransomware?

Last year, ransomware attacks hit all-time highs with paid ransoms exceeding $1.1 billion and attacks exceeding 5000, according to FBI and Interpol reports. However, looking at midyear reports from Cyberint, SonicWall and Check Point and a dozen others, attacks and ransoms paid have crashed. Still, the crime is not to be discounted, and industry recommendations are to double down on efforts to combat the “scourge”.

There are three reasons why the ransomware industry is hitting a wall.

Law enforcement agencies, working In cooperation, have found the means to identify and shutdown ransomware gang operations around the world.
Potential victims have learned hard lessons regarding the gangs’ willingness and ability to decrypt data, and becoming repeat targets. They are deciding in greater numbers to ignore ransom demands, cutting into revenue streams.

The “honor among thieves” philosophy does not relate to these criminals. Ransomware service providers are stiffing their affiliates, causing a fracturing of the criminal industry into multiple, independent gangs.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here
Read more...