Today’s organisations are all too aware of the potential financial, operational, and reputational costs posed by cybersecurity threats and the importance of fortifying defences and boosting their cyber resilience capabilities. And with good reason
You must be a Free member to access this content.
“Your security is important to us,” is a common phrase on corporate websites and emails, usually after some data breach that affects customers. To prove that statement, corporations invest billions of dollars in the cybersecurity industry. Most market projections say the industry is worth about $180 billion. About 15 percent of that market goes to data security. But all the indications are that we are losing the war in personal identity security That leaves is with the question: Do corporations really care about customer security?
Probably not
US Department of Health and Human Services reported recently that. in the US, there have been 2,213 breaches since 2020, with 152.1M affected individuals. That is almost half of the American population. But that is just breaches involving medical data.
The FBI reports, in the same period, more than 350 million stolen personal information records, exceeding the known population of the country. Worldwide, the number of personal identity information (PII) records exceeds one billion people.
So how bad is it? “I always tell people assume your social security number has been breached. Just assume that,” said John Meyer, senior director for Cornerstone Advisors, an organization providing security consultation to financial organizations.
So we are spending tens of billions of dollars to protect data from exfiltratation on almost a weekly basis from attacks bypassing current defenses. Is it worth the investment? Does protecting that data even matter?
Well, yes… sort of
Data security professionals say it is and it does. Communications, industry intellectual property, state secrets, and control of crucial systems must still be protected. Most professionals we talked to cite ransomware attacks as the primary reason for investing in security precuts and services.
Becoming an expert cybersecurity solution using AI requires processing and analyzing massive amounts of data over time to understand the nuances of how it’s being used for malicious purposes. Data, how it is collected, stored, and analyzed, and the insights gained are essential to successfully protecting, detecting, and responding to cybersecurity threats.
Read more...
Cyber insurance is big business. However, taking out a cyber insurance policy is not simply a matter of signing on the dotted line and ceasing to worry – there are some important issues to keep front of mind.
Today businesses face increasingly sophisticated cyber threats that necessitate robust security measures. One such innovative approach gaining traction is the Security Operations Center as a Service (SOCaaS). This model offers organizations the opportunity to enhance their security operations efficiently and effectively by leveraging external expertise and advanced technologies.
Read more...
When it comes to election security, the technology we use to vote and count those votes is not the problem. The problem is how naive we are.
Election security has been at the forefront of daily news cycles for more a decade. The concerns about illicit use of technology to input and count the votes turned out to be largely overblown. Every U.S. state other than the Commonwealth of Louisiana, uses paper ballots, matching the practice of every other western democracy. Lawsuits have bankrupted people and organizations claiming the technology was changing votes. Those that have complained the loudest about election interference are now facing prosecution for the crimes.
Now the tech focus is on the use of artificial Intelligence to create deepfake video and audio. A recent pitch from Surfshark,
As legislatures around the world try to get a handle on the growth of ransomware, another category of cybercrime is festering out of control: Elder fraud.
The FBI’s Internet Crime Complaint Center (IC3) reported more than 100,000 people in the US, 60 years and older, lost $3.4 billion total to digital scams. The IC3 pointed out that the elderly are half as likely to report a loss. So the actual crimes and losses are probably much higher.
In contrast, the total ransomware payouts last year from reporting companies was $1.1 billion according to Chainanalysis. While the total number of fraud reports to the IC3 appears to have leveled off after years of growth, elder fraud increased by 14 percent year on year.
“Combatting the financial exploitation of those over 60 years of age continues to be a priority of the FBI,” wrote FBI Assistant Director Michael D. Nordwall, who leads the Bureau’s Criminal Investigative Division, in the report. “Along with our partners, we continually work to aid victims and to identify and investigate the individuals and criminal organizations that perpetrate these schemes and target the elderly.”
Who is vulnerable?
As the password slowly abdicates to a new heir, which specific alternatives are shaping up to take its place? Multi-factor authentication (MFA) has been rapidly adopted by organizations to help reduce the opportunities for breaches. But MFA brings its own considerations that must be addressed.
Read more...
The IT skills shortage has become one of the biggest challenges for companies in recent years.…… Membership Required You mustmore...
The cybersecurity industry is just absolute chaos, and rightly so. This is the industry charged with plugging dikes during the Class-5 hurricane that the internet seems to be today. Nowhere is that chaos more evident than at RSAC just from a marketing perspective. Everyone has “ground-breaking”, “industry-leading”, and “first ever” product offerings and this year was no different. But if you can look past the Macho-man impersonations, Formula One cars, and the mesmerizing miasma of the website and show floor, you can see an order forming in the chaos. Change is coming.
Back to step one
RSA CEO Rohit Ghai, said we have missed a step in AI development. “We’ve seen it first as a co-pilot alongside of a human pilot and then see it taking over flying the plane.” He said the first step is making it an advanced cockpit making it easier for less trained and experienced people to do the work. He pointed out that cybersecurity is an industry with negative employment making it difficult to find experienced technicians to do the work.
Last year, any discussion of ethical development was met with confused stares. This year, the need for ethical AI development is taken seriously but few can see a profit in it. Cybersecurity VC Rob Ackerman (DataTribe) and Carmen Marsh, CEO of the United Cybersecurity Alliance, were open to suggestions,
“From the perspective of (companies like OpenAI), I understand the reasons to go as fast as they can to develop a true artificial intelligence, the question is, who are the people in the room guiding the process?” said Ackerman. “Once you get a diverse set of advisors working on the problem, then you do the best you can to create something ethical. But right now, we aren’t even doing the best we can.”