Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Ransomware an ongoing threat to industry as crime gangs organise

Malware-based cyber-attacks are the most prominent threat to industry, Europol says. The agency’s spotlight report examines ‘crime-as-a-service’, lifting the cover on ransomware groups’ business structures. A companion to Europol’s IOCTA 2023 report, it digs deeper into malware – ransomware in particular – and DDoS attacks. The report looks at recent developments in cyberattacks, and examines new methodologies and threats that Europol operational analysts have observed.

It found the most common intrusion tactics are phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing, and exploiting Virtual Private Network (VPN) vulnerabilities. The report also sheds light on the growing professionalism of cybercrime groups, with many organising through affiliate programmes. Stealing sensitive data could become the central goal of cyber-attacks, feeding the growing criminal market for personal information, Europol said. A recent white paper from the UK National Cyber Security Centre also identifies a “diverse and varied business model” for ransomware operators. However, the NCSC urged businesses not to focus on individual ransomware types but to target their efforts on overall security hygiene.

Ransomware reminders were plentiful lately. Microsoft’s annual Digital Defence Report said the number of human-operated ransomware attacks doubled over the past year. Microsoft said all the leading ransomware gangs, and their affiliates, are using this approach. Both Trend Micro and NCC Group named Lockbit as the most active ransomware operation this year. Meanwhile, the FBI has warned of criminals using two different strains of ransomware on the same victims – often within 48 hours of one another. To finish on some more positive news, the City of Dallas has released a comprehensive report into how it recovered from ransomware, and how much it cost to do so.

Security skills: a growing industry in need of talent 

Anyone looking to upskill or re-skill in cybersecurity will find plenty of job opportunities in Ireland. The industry here will need close to 1,000 workers per year between now and 2030, says Cyber Ireland’s report on the cybersecurity labour market. The document measured the increase in job postings and found demand in the industry more than trebled from 2019 to 2022. It said the average salary in the cyber security industry is €75,000, which is almost twice the median salary in Ireland.

The Irish Times covered the story, noting that 83 per cent of businesses in Ireland expect to grow their cybersecurity team over the next 12 months. More than half of the businesses predicting a growth rate of 25 per cent or higher. Cyber Ireland aims to increase the number of people employed within the sector to 17,000 by the end of the decade. On a related note, Help Net Security has a list of six free resources for anyone starting in the profession.

Data protection and privacy developments

Local and international news takes the stage here. There have been 5,105 data breaches involving Irish Government departments since GDPR came into force in 2018. Quoted in the Irish Examiner, Social Protection Minister Heather Humphreys said the “vast majority” of these breaches were due to information being accidentally provided to third parties. Meanwhile, the Irish Government’s Health Information Bill is considering an integrated approach to patient data across healthcare services in Ireland.

Broadening the lens, the Data Protection Commission has fined TikTok €345 million for violations involving the handling of childrens’ data. The Irish Times led with how the popular video sharing app “incentivised” children to skip the privacy settings. The European Data Protection Board also published a notice about the fine, having made a binding resolution about the decision. The Irish Independent calculated that the DPC’s total for fines levied in the last two years is now nearing €3 billion. And lastly, some useful links to wrap up: Google has launched a new anti-spam feature for companies and individuals who send more than 5,000 emails to Gmail users every day. It’s intended to make the service “less spammy”, Google said. And for anyone tasked with implementing privacy policies, Oracle SaaS Cloud’s head of compliance, Evelyn de Souza, spoke to Help Net Security about the challenges involved in implementing consistent policies across the organisation.

Links we liked

OWASP has released its top 10 API vulnerabilities. MORE

What’s new in NIST’s Cybersecurity Framework 2.0. MORE

Are companies paying hackers to go away? They’re not telling. MORE

What motivates cybercriminals, and are they like they’re portrayed in movies? MORE

Adrian Sanabria’s Usenix talk on lies and myths in the security industry. MORE

A new podcast looks at where security, human behaviour, and business, meet. MORE

Why organisations should think about adding a human security officer. MORE

But are security professionals ‘quiet quitting’ due to their workload? MORE

Cybersecurity and risk spending look set to increase in 2024, Gartner forecasts. MORE

Joe Sullivan, Uber’s CSO during its data breach, shares his perspective. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*