The past few years have emphasized just how important cybersecurity is. As cybercrime reached record heights and more companies went digital, industries realized their current security efforts fell short. Healthcare is a prime example. The medical sector has had the second highest number of data breaches of any industry for more than five years. This became increasingly noticeable in 2019 alone, when the industry experienced 525 data breaches, up from 369 the year before.

Ragnar Locker is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from its victims.

There has been a lot of talk about cyber weapons and the cyber dimension of global politics after the NotPetya and WannaCry attacks of 2017 and the Stuxnet worm, first discovered in 2010, when it was used to attack the control mechanisms of Iran’s uranium enriching centrifuges.

The benefits of a capable and properly deployed File Integrity Monitoring (FIM) solution are plentiful: And the importance of FIM cannot be understated. Let’s not forgot what the Center for Internet Security (CIS) says in its Distribution Independent Linux Benchmark version 2.0.0.

Asset inventory is a significant part of a comprehensive security plan for all organizations. After all, if you do not know what assets you have, then you cannot manage them. Even a small company can amass a surprisingly large amount of assets. It is no surprise that accounting for all of these assets can be like chasing a moving target, as new and old assets must be accounted for, and conversely, decommissioned assets must also be removed.

2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy.

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an offshoot to the Notifiable Data Breach Scheme, which came into effect in early 2018.

In a previous article, I examined Australia’s proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020. This information security overhaul imposes strict reporting requirements for enterprises as well as affords the Australian government unprecedented and far-reaching powers that enables them to intervene in the operation of an organisztion’s network in the event of a threat to critical infrastructure.

The US Senate has passed legislation designed to improve the cybersecurity of the Federal Government. The legislation, which consists of three bills, was unanimously passed by the Senate on Tuesday evening, and would – amongst other things – require organisations working in critical industry sectors to alert the US Government about hacks and ransomware attacks.

We all know how important security awareness training is for an organization. Moreover, we try to enhance our efforts by weaving security into the “culture” of the organization. Yet, from the employee’s perspective, it all gets very stale. It seems like it is always the same message, but if that is the case, why hasn’t this knowledge been adopted into the corporate consciousness? Perhaps it is our approach.