Matt Kelly, CEO of RadicalCompliance.com notes that knowing statistics about the average cost of a data breach isn’t really much help to organizations. Organizations need to know know how to calculate the potential costs at their own organization, he writes, adding, “Only then — when you have a solid sense of how a breach might…
Category: Commentaries and Analyses
China Cybersecurity and Data Protection Regulations – 2023 Recap and 2024 Outlook
Arendse Huld writes: China has been expanding its legal framework for cybersecurity and data protection in recent years, with further advancements seen in 2023. This year witnessed the refinement of legal requirements governing the procedures to export personal information (PI), bringing further clarity to the responsibilities and accountabilities of companies. At the same time, 2023…
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Release Date: November 21, 2023 Alert Code: AA23-325A SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to…
Decade-long data leak raises serious concerns with NTT group
An editorial in The Asahi Shimbun begins: A prolonged, systemic failure in data security management resulted in a 10-year leak of personal information in about 9 million cases stored at a subsidiary of Nippon Telegraph and Telephone West Corp. (NTT West). The leak reflects a significant lapse in the company’s protective measures and a stark…
Logs missing in 42% cyberattacks; small business most vulnerable: Report
Vasudha Mukherjee reports: Telemetry logs, which hold collection, transmission, and measurement of data, were found missing in 42 per cent of analysed cyberattacks, according to Sophos’ Active Adversary Report. Titled ‘The Active Adversary Report for Security Practitioners’, the report delves into incident response (IR) cases scrutinised by global cybersecurity firm Sophos. The report provides insights…
K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs
Alanna Durkin Richer repeorts: Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free…