Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Shedding the light of the law on cybercrime methods  

Today’s cybercrime landscape involves criminals operating across borders as business-like syndicates, says Europol. The agency’s ninth Internet Organised Crime Assessment (IOCTA) 2023 report gives a law enforcement perspective on current cybercrime techniques. Its findings are valuable for security professionals too. The digestible 14-page report shows how cybercrime services are increasingly intertwined, and stolen data is the favoured currency, often sold to several buyers.

As TechRepublic reports, IOCTA documents how cybercriminals often avail of multiple services for certain types of fraud. This could include malware that antivirus and security solutions can’t detect; a secure internet connection to prevent tracing; initial access to victim companies’ networks or mailboxes (which is also key to many ransomware infections); effective social engineering content; fraudulent content hosting, and more. Europol plans to follow up the IOCTA report with three spotlight documents, each focusing on one emerging cybercrime trend. The first will cover cyber attacks as part of crime-as-a-service; the second will examine online fraud; while the third will tackle child exploitation offences. Those reports will be free to download from Europol’s website.

Privacy progress: Dr Valerie Lyons’ book publication and award nomination

Congratulations to BH Consulting chief operations officer Dr Valerie Lyons, who will become a published author later this year. Her book, “The Privacy Leader Compass” is available to pre-order from 1 November. Co-authored with Todd Fitzgerald, the book gathers lessons from more than 60 respected experts in the field of privacy and data protection including privacy leaders, DPOs, regulatory authorities and standards developers. They will present a half-day workshop about the book at IAPP’s European Data Protection Congress in Brussels on 14 November.

November is shaping up to be a busy month for Dr. Lyons. She has been shortlisted for the Piccaso Privacy Awards 2023 in two categories: ESG privacy initiative, and the privacy award for achievement. The winners will be revealed on 8 November at a ceremony in London.

And to cover some other big privacy developments, last month the EU Commission adopted a new legal framework for EU-US data sharing. The EU-US Data Privacy Framework replaces the previous model, Privacy Shield, which a court struck down in 2020. The European Data Protection Board issued an information note to explain individuals’ rights and organisations’ obligations.

A people problem: why tackling cybersecurity isn’t just about technology

Humans, not technology, are the greatest security risk facing organisations. Close to 2,000 security professionals in more than 80 countries overwhelmingly listed people-focused social engineering risks like phishing attacks and stolen logins as their biggest threat. SANS Institute, which gathered the data, says security awareness programmes are essential to mitigating that risk. The group’s eighth annual Security Awareness Report is also its largest ever. Ever helpful, SANS has produced a short high-level summary of the key findings, along with the full 16-page report (free to download). It includes analysis, insights and recommendations to build successful security programmes, while signposting the main challenges in making them work.

In related people-centred news, Proofpoint’s annual Human Factor report analyses a range of techniques that threat actors use. “No matter which tactics or techniques attackers turn to, their victims remain stubbornly human,” Proofpoint said. The 36-page report focuses on the combination of technology and psychology that makes today’s cyber attacks so dangerous. These include new phishing techniques that bypass multi-factor authentication, and social engineering techniques found in attacks like Emotet and SocGolish.

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here