The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you. And that’s certainly true of the GoodWill ransomware, which security firm CloudSEK described this week.
There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist performing a glissando, knowing that at least one of the dozens of apartments being buzzed will let them in simply out of reflex or laziness.
Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities. While much of the focus has remained on manufacturers and how they can bolster their cybersecurity efforts, another group of businesses also needs to improve their cybersecurity.
Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services.
As high-profile data theft incidents continue to rise and become more sophisticated, there is a greater-than-ever need for emerging businesses to take their cybersecurity seriously. So, why do many entrepreneurs and “startup unicorns” consider it the turf of large-scale organizations only, even after some of the world’s largest corporations have fallen prey to cybercrime? Security breaches at so many companies exposed the personal data of millions of Americans.
It should be hard for malicious hackers to break into systems, but all too often it isn’t. That’s a takeaway from a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and FBI, and their counterparts in Canada, New Zealand, the Netherlands, and United Kingdom.
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects. According to police, the phishing ring defrauded some 146 victims, stealing at least 443,600 Euros from online bank accounts. Victims were tricked into handing over their login credentials through the distribution of emails that pretended to come from legitimate banks, posing as security alerts.
The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made no sense to silo it away from other aspects of national security. To be effective, it had to be able to take advantage of high-grade intelligence and other security capabilities. The strategy outlined how the country needed to invest more in getting the public and private partnership really working.
A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on occasion, offering bad advice.
The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation, and Utah became the fourth state to enact comprehensive privacy legislation.
