In October, BleepingComputer reported that the websites of several airports were experiencing service disruptions after the KillNet threat actor group announced that they would target airports throughout the U.S.
In today’s rapidly evolving cyber risk landscape, a resilient and trusted digital ecosystem is possible with an agile security program. Cyber resiliency is the ability to respond to and recover from a cybersecurity incident effectively. A record high 71% of organizations were victimized by a ransomware attack in 2022. Even more concerning is that Gartner estimates that 80% of organizations have no knowledge or awareness of their attack surface.
You and your board have the same goal: to drive your organization in the right direction. That makes everything easy, right? Well, not always. Whereas the problem used to be an overall lack of security awareness, boards now are very much aware of the business risk less-than-robust cybersecurity poses. Today, it’s all about communicating effectively and fluently, especially when introducing cybersecurity solutions.
Effectively evaluating risk goes a long way toward improving an organization’s cybersecurity posture. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s partnership with SecurityScorecard will enhance their members’ ability to evaluate their own risk and that of their entire business ecosystem.
On October 5, a cyber incident disrupted the availability of three state government websites. The Russian-speaking KillNet group claimed responsibility. As discussed in previous SecurityScorecard research, KillNet began as a financially-motivated operation offering a botnet for hire. It has since remodeled to a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets linked to entities perceived to oppose the Russian invasion of Ukraine.
The U.S. Transportation Security Administration (TSA) recently issued new cybersecurity regulations for passenger and freight railroad carriers to enhance cybersecurity resilience with performance-based measures. This security directive includes a new requirement for railroad carriers to build continuous monitoring policies and procedures. This is the latest of several recent initiatives on the U.S. state and federal levels requiring continuous monitoring of cyber risk.
Seeking to stay ahead of hackers, many researchers have asked themselves what drives cyber risk. And many cyber insurance carriers have wondered how to accurately underwrite and price the risk. According to preliminary results from SecurityScorecard’s joint work with our cyber insurance partners, the answer is clear but multi-faceted.
From nation-state threat actors to cybercriminals, today’s businesses face many cybersecurity threats. At the same time, organizations struggle to maintain a strong security posture because they have not yet shifted to a holistic approach to risk – one that combines a 360º view of the attack surface with the ability to communicate risk meaningfully and respond effectively.
The government of a U.S. county announced on September 11 that a recent cyber incident had disrupted its online services. Subsequent coverage of the event has noted that it strongly resembles a ransomware attack. The disruption comes against a backdrop of frequent ransomware activity targeting state and local governments and the education sector.
Spoiler alert: The answer is yes. But not in the way you might expect. Unless you live in an enchanted land where mermaids feed you healthy beer for breakfast, your security budget has probably shrunk recently. The good news is that this can be good news because determining with ruthless clarity the effectiveness (or ineffectiveness) of your cybersecurity program will help you take deliberate steps to improve it with an efficient spend.
