Increasing adoption of hybrid work practices has pushed the need to enable and secure remote workers as a top challenge for IT managers. Security threats also have evolved amidst this emerging workplace, with supply chain attacks hogging recent headlines, but 53% of IT administrators believe their use of “known, trusted software” will help keep their organisation safe from such threats. Asked about challenges they faced in the past year with increased adoption of remote work, 57.2% of IT managers pointed to enabling or instructing employees about working remotely, while 49.6% cited the need to secure these workers. Another 44.5% highlighted the need to ensure availability of business applications and networks, according to a study conducted by data security vendor Acronis. The survey polled 3,600 IT managers and remote workers in 18 markets, including Singapore, Australia, India, Japan, Germany, the US, and the UK. Respondents from each country comprised 100 IT managers and 100 remote workers. The study was conducted over two months through to October 2021. 

Some 28.6% said their organisation was targeted by cyber attackers at least once a month, while 21.4% saw weekly attacks and 20.6% reported at least one attack a day. About 20.1% believed they were never targeted in a cyber attack, compared to 9.3% who said their organisation was targeted every hour, the study revealed. Phishing attempts were the most common, with 57.9% of iT managers noting their organisation encountered such attacks in the past year, followed by 39.8% and 36.5% who cited DDoS (Distributed Denial of Service) and malware attacks, respectively. In particular, 74% and 50% of Singapore IT managers cited phishing and malware as the most common attacks, respectively–with both figures higher than the global average. The need to deal with cyber threats pushed stronger priority for antivirus and antimalware tools, with 73.3% of IT managers worldwide citing these as important business security tools, compared to just 43% in last year’s report. Another 47.9% highlighted the need for integrated backup and disaster recovery, while 45.3% pointed to vulnerability assessments and patch management. Another 35.7% prioritised remote monitoring and management and 20.4% cited URL filtering tools.

With news of third-party supply chain attacks including Kaseya and SolarWinds consuming headlines in the past year, 53% of IT managers believed their use of “only known, trusted software” would safeguard their organisation against such attacks. Some 23.8% said they turned to antivirus and endpoint detection and response tools, while 17.8% engaged an external provider to protect the organisation against supply chain attacks. Asked about two-factor authentication (2FA), just 21.6% said they used it for all accounts, while 37.7% said they did likewise for some accounts. Another 30.6% said they tapped 2FA for most accounts, while 10.1% did not use it at all. Amongst employees, 36.5% cited the use of VPN and other security measures as the most technically challenging aspect of working remotely, according to the Acronis study. Wi-Fi connectivity, though, was the most cited technical challenge at 43.9% of respondents, while 27% pointed to the lack of IT support. Some 25.3% of remote employees admitted not using any 2FA, while 38.3% did so for some accounts. Another 21% tapped 2FA for most accounts and 15.4% did likewise for all accounts. Acronis’ vice president of cyber protection research Candid Wuest said: “The cybercrime industry proved to be a well-oiled machine this year, relying on proven attack techniques, like phishing, malware, DDoS, and others. Threat actors are increasingly expanding their targets, while organisations are held back by the growing complexity of IT infrastructure.”Only a small number of companies have taken the time to modernise their IT stack with integrated data protection and cybersecurity. The threat landscape will continue to grow and automation is the only path to greater security, lower costs, improved efficiency, and reduced risks,” Wuest said.RELATED COVERAGE More

Getty State-back hackers behind the infamous crypto-stealing group Lazarus are now using the Log4shell flaw to breach energy firms in North America and Japan for espionage.  Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open source application logging component — in unpatched internet-facing VMware’s Horizon servers to gain initial […] More

Get Windows 11 Pro at a big discount right now. StackSocial Need an operating system upgrade? Windows 11 Pro puts productivity in your hands with features that make everything from hybrid work to streaming entertainment easy, and you can grab the software for a discounted price right now through StackSocial. A lifetime subscription for the […] More

Three state-backed financial groups in China have issued a joint statement warning against the use of cryptocurrencies as payment, citing their volatility as a high risk. They further remind industry players that digital currencies cannot be used in any financial activities in the country. National Internet Finance Association of China, China Banking Association, and Payment and Clearing Association of China said Tuesday that its members should not be involved in transactions dealing with cryptocurrencies. These included activities encompassing intermediary services that facilitate trading as well as the exchange of fiat money.The three groups collectively represent local online companies that provide financial services, local banks, and payment companies. 

Read this

Why Singapore doesn’t need Bitcoin

The island will get its first Bitcoin ATM in March, but does it really need another currency which main appeal is the anonymity it offers, especially since Singapore is reportedly susceptible to money laundering?

Read More

Their joint warning came in a week that had seen Bitcoin’s value dip significantly following Tesla’s Elon Musk announcement his company had halted use of the cryptocurrency over concerns about its impact on the environment. Without singling out Bitcoin, the three industry groups said cryptocurrencies were not recognised by China’s central bank and had been flagged for their financial risks as well as potential ties to money laundering. They noted that virtual currencies had no real value and prices were easily manipulated. They should not be circulated as money and contracts involving their use were not protected by law, they said, adding that any party that participated in such investments or transactions would have to bear the consequences and losses. They reminded consumers to be aware of the risks and refrain from taking part in activities involving cryptocurrencies. China over the years had warned repeatedly about initial coin offerings or digital currencies, describing these as illegal and driven by market speculation that could disrupt “economic and financial order”. Crypto exchanges also were outlawed, though, individuals still were permitted to own cryptocurrencies. 

The government also had not clamp down on crypto mining, which was not referenced in the financial groups’ joint statement. Researchers last month cautioned that, unless more stringent regulations were implemented, China’s crypto mining could undermine the world’s sustainability efforts. The report estimated that the country accounted for more than 75% of Bitcoin’s hashing power or calculations, fuelled by China’s proximity to manufacturers of the required hardware and access to cheap power. And while it had outlawed financial activities involving cryptocurrencies, the Chinese government had created its own alternative that is commonly described as the digital version of the yuan or renminbi (RMB). Called Digital Currency Electronic Payments (DCEP), the digital yuan was developed on blockchain and cryptographic technologies and might later support near-field communication (NFC) capabilities, to allow offline money transfers between two digital wallets that were within proximity. DCEP could be downloaded on mobile devices using approved apps, which included AliPay, WeChat, and Apple Pay, and its use in trials kicked off last year amidst the global pandemic. Some residents in Shenzhen and Suzhou were given DCEP packets worth of yuan for use. The Chinese government was studying such trials and assessing the addition of new test cities.RELATED COVERAGE More

The FBI and Justice Department upped the ante on the rhetoric around ransomware attacks on Thursday and Friday, telling a number of news outlets that cyberattacks will be treated with almost the same level of concern as terrorist attacks.Christopher Wray, the director of the FBI, compared the government’s fight against ransomware to the situation the country faced after 9/11 in an interview with The Wall Street Journal. He added that the FBI has identified nearly 100 different types of ransomware, each of which has already been implicated in attacks. He also took direct aim at the Russian government, singling them out for harboring many of those behind the different brands of ransomware. But he also revealed that the FBI has had limited success working with some private sector cybersecurity officials in obtaining encryption keys without paying any ransoms. The comments came after three significant developments in the government’s response to the recent wave of ransomware attacks on companies in critical industries like Colonial Pipeline and global meat processor JBS. Anne Neuberger, deputy assistant to the President and deputy National Security Advisor for Cyber and Emerging Technology, sent a letter to private sector leaders on Thursday urging them to prepare for potential attacks and implement a number of security measures to prevent an incident. Senior Justice Department officials then told Reuters that memos had been sent out to all US Attorney’s Offices explaining that ransomware attacks would be investigated in a manner similar to incidents of terrorism. Technology journalist Kim Zetter shared a snippet of a memo sent by Deputy Attorney General Lisa Monaco that said urgent reports should be filed whenever a US Attorney’s Office learns about a new ransomware attack. The memo adds that officials should notify a newly created ransomware task force about any new developments in cases, potential emergencies or incidents that will “generate national media or Congressional attention.”

“Urgent Reports should be submitted, for instance, when a United States Attorney’s Office learns of a ransomware attack on critical infrastructure or upon a municipal government in their District,” Monaco wrote. Reuters reported that the new guidance also said senior Justice Department officials need to be notified of any cybercrime cases involving cryptocurrency exchanges, botnets, digital money laundering, illicit online forums, “bulletproof hosting services” and counter anti-virus services. Rep. Jim Langevin told ZDNet that the memo from Neuberger was a sign that President Joe Biden was taking the ransomware incidents seriously, but he urged the White House to give CISA more power to issue similar guidelines.”The advice in the White House memo is sound, and I hope corporate leaders will adopt a more risk-informed cybersecurity posture as soon as possible,” Langevin said. “However, I also hope the President will follow Congress’s direction and empower CISA to make similar recommendations moving forward.”Cybersecurity experts said that while the guidance from the White House was helpful, it did little to address the underlying problems thousands of organizations face when trying to protect themselves. Robert Haynes, open source evangelist with Checkmarx, said it was critical for organizations to identify the impact of the loss of different systems on their ability to operate. For most businesses, Haynes noted, the threat of a ransomware attack, the cost of the ransom itself and the huge impact on operations should be motivation enough to take these threats extremely seriously. “The primary focus needs to be on prevention, and then mitigation assuming total loss of systems. Leaders should be aware that the recovery time will involve rebuilding systems and restoring data, even with a successful recovery of encrypted files,” Haynes said. “The risks are real and the disruption, no matter how good your data protection solutions are, can be costly.”Dirk Schrader, global vice president at New Net Technologies, suggested the government find a way to make it a requirement for organizations to report any case of ransomware to authorities and strongly discourage ransom payments. But he noted that companies may not be willing to report a ransomware incident if that will delay the return to normal operations. Kevin Breen, director of cyber threat research at Immersive Labs, explained that valuable advice from the White House, like having offline backups, was nice to say but can cause friction within enterprises because they are typically hard to implement and costly. The same goes for other guidance shared by Neuberger like network segmentation. “If you’re not already doing it, implementation may be complex,” he said, adding that incident response tests will be key for preparing any organization for an attack.”These need to be done with a higher cadence than traditionally, and across the entire workforce to take into account the impact on technical, legal, communications and other cross functional teams.”The Justice Department’s efforts to create a centrally coordinated response will give authorities a deeper pool of evidence and data while also helping with the identification and targeting of the entire chain, Breen added, noting that it may also help add legislative teeth to mitigation efforts.Breen went on to say that the other measures being taken by the FBI and Justice Department were happening because ransomware gangs had “poked the sleeping giant one time too many.” More