Subterms
If you forget your password, you are indistinguishable from a hostile intruder and you will be treated as such, which means you will be locked out from your encrypted data. Getty Images Disk encryption is absolute magic to most non-mathematicians. And like any complex technology, it leads to uncomfortable questions. Does encrypting a disk make […] More
Image: Getty/Nitat Termmee Victims of ransomware attacks in the manufacturing and production industry are making the biggest ransom payments, with the average ransom demand paid coming in at just over $2 million. Ransomware is a significant cybersecurity issue that affects every sector. But according to analysis of attacks by cybersecurity company Sophos, ransomware is costing […] More
Asia-Pacific has clocked the largest growth in cybersecurity workforce, but still faces a shortage exceeding 2.16 million. More than half of respondents in the region feel this gap puts their organisation at a “moderate” or “extreme” risk of cyber attacks. Worldwide, the number of cybersecurity professionals hit a record of almost 4.66 million this year, of whom 859,027 were based in Asia-Pacific, according to the 2022 ISC2 Cybersecurity Workforce Study. The online survey was conducted in collaboration with Forrester Research between May and June this year, polling 11,779 individuals responsible for cybersecurity in their workplace. Respondents were from 14 markets across four regions, including Singapore, Australia, South Korea, Japan, China, India, the US, and the UK. The report estimated that the global cybersecurity workforce grew 11.1% year-on-year, with 464,000 roles added in 2022. Asia-Pacific clocked the greatest growth at 15.6%, while EMEA’s workforce expanded by 12.5%, Latin America by 12.2%, and North America by 6.2%. North America also was home to the largest group of cybersecurity staff at 1.34 million. ISC2 (International Information Systems Security Certification Consortium) is a global non-profit association comprising certified cybersecurity professionals.While Asia-Pacific saw the largest growth in workforce, the region registered a 52.4% wider gap this year of 2.16 million, the study found. Singapore, in particular, saw a 16.5% drop in the number cybersecurity staff to 77,425 and was one only two markets to see its workforce shrink. Germany reported a marginal 0.01% dip in its workforce. The global cybersecurity workforce shortage widened by 26.2% to 3.42 million, with the Asia-Pacific region seeing the largest gap followed by Latin America, which faced a 515,879 workforce void, and North America at 436,080.Across Asia-Pacific, 60% of respondents said their organisation had a significant shortage of cybersecurity staff, with 56% noting that the skills gap placed their company at a moderate or extreme risk of a cyber attack. Some 71% in the region anticipated an increase in cybersecurity staff within the next year, compared to 53% and 41% who indicated likewise in 2021 and 2020, respectively. Half of Asia-Pacific respondents expressed concerns about the skills shortage in the sector, though, 25% said their organisation would increase their security budget in the event of a breach, compared to 18% who said they would hire additional IT staff.in Singapore, 67% said they were investing in training to prevent or mitigate their company’s shortage in cybersecurity staff, which 67% revealed was due to difficulty in finding sufficient qualified talent. ISC2 CEO Clar Rosso said: “Geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, have resulted in a greater focus on cybersecurity and the need for more professionals within the field. The study shows us that retaining and attracting strong talent is more important than ever.”RELATED COVERAGE More
Image: Getty Images Cybersecurity professionals are “reaching their breaking point” as ransomware attacks increase and create new risks for people and businesses. A global study of 1,100 cybersecurity professionals by Mimecast found that one-third are considering leaving their role in the next two years due to stress and burnout. The report found that rising rates […] More
Image: Getty Your Facebook account is a rich target for cyber criminals. You certainly don’t want a random hacker posting in your name if they manage to take over your account, which also contains personal information – your date of birth, your phone number and more – that you wouldn’t want exposed, and could help […] More
Australia wants organisations to dig deeper for serious or repeated data privacy breaches, forking out maximum fines of up to AU$50 million ($31.57 million). The move to increase penalties for violations comes amidst a spate of cybersecurity incidents that compromised customer data, with the latest involving insurance group Medibank. Attorney-General Mark Dreyfus unveiled plans to introduce legislation in parliament this week would push financial punishment for privacy violators up from the current AU$2.22 million ($1.4 million). The new rules will be outlined in Australia’s Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which can be applied under the Privacy Act 1988 for “serious or repeated” privacy breaches. Following the update, companies found to have committed the breaches will be fined AU$50 million, or three times the value of any benefit it obtained through the misuse of information, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. The Bill also will afford the Australian Information Commissioner “greater power” to resolve privacy breaches as well as strengthen the Notifiable Data Breaches scheme, which will provide the Commissioner with full knowledge of information that compromised in a breach so it can assess the risks of harm to affected individuals. In addition, the Commissioner as and Australian Communications and Media Authority will be better empowered to share information in the event of a data breach. Dreyfus said: “When Australians are asked to hand over their personal data they have a right to expect it will be protected. Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”We need better laws to regulate how companies manage the huge amount of data they collect and bigger penalties to incentivise better behaviour,” he said. Australian policy makers earlier had pushed for more severe fines to be meted out following a major breach involving local telco Optus, which compromised the data of 9.8 million customers including email addresses, phone numbers, and other personal identification information. Medibank breach compromises health recordsIn another breach that followed Optus’, Medibank on October 13 revealed it detected “unusual activity” on its network that was later found to have compromised the personal data of customers under its subsidiary, ahm, as well as international student customers. In a statement yesterday, it had received files from the alleged hacker that contained 1,100 ahm policy records comprising personal and health claims data, and some Medibank and further ahm and international student customer information. One of Australia’s largest health insurance companies, Medibank last week said the hacker claimed to have stolen 200GB worth of data that included customer names, addresses, dates of birth, and policy numbers. Compromised data concerning customer claims included the location at which the customer received medical services and codes related to their diagnosis and procedures. The hacker also said it had data related to credit card security, though, Medibank said it had yet to verify this. “Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” it said. “We will continue to analyse what we have received to understand the total number of customers impacted and, specifically, which information has been stolen.”The insurance company added that the breach currently was under criminal investigation by the Australian Federal Police. It also was working with cybersecurity vendors, the Australian Cyber Security Centre, and other relevant government agencies, it said.Medibank said: “As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.”Financial services regulator Australian Prudential Regulation Authority (APRA) on Monday released a statement reminding industry players to put in place data security controls and ensure they complied with sectoral regulations. Pointing to requirements outlined in Prudential Standard CPS234 Information Security, the government agency said APRA-regulated entities should have clearly defined cybersecurity roles and responsibilities held by their boards, senior management, governing bodies as well as individuals. They also had to maintain an information security capability in line with the size and extent of threats to its data assets as well as deploy controls to safeguard their data assets and run systematic tests to ensure the effectiveness of such controls. APRA added that the recent security breaches served as a reminder that such threats continued to escalate. It underscored the need for regulated entities to review and regularly test incident response plans. RELATED COVERAGE More
Image: Oscar Wong/Getty Images Secure Shell (SSH) is the de facto standard for gaining access to remote Linux machines. SSH took the place of telnet long ago, to add a much-needed layer of security for remote logins. That doesn’t mean, however, that the default SSH configuration is the best option for those who are a […] More
Image: Getty/Cristina_Annibali_Krinaphoto The International Criminal Police Organization, aka Interpol, has launched its ‘global police Metaverse’ as part of an effort to train members how to police in a virtual world. Last week, Interpol unveiled what it says is the “the first ever Metaverse specifically designed for law enforcement worldwide.” It says the “Interpol Metaverse” gives […] More
