Subterms
Image: Getty/LaylaBird There has been a big rise in Business Email Compromise (BEC) attacks – and most victims work at organisations which weren’t using multi-factor authentication (MFA) to secure their accounts. BEC attacks are one of the most lucrative forms of cyber crime: according to the FBI, the combined total lost is over $43 billion and […] More
The cybersecurity threat landscape is evolving so quickly companies in Singapore are finding it tough to keep up. Half feel “inundated” by an endless stream of cyber attacks, describing this as one of their biggest work frustrations. Just 25% of cybersecurity professionals in Singapore felt “very confident” in their organisation’s ability to adapt to new threats, compared to an average of 36% across the globe. Another 62% in the Asian market acknowledged they were struggling to keep up with the evolving threat landscape, revealed a survey conducted by Coleman Parkes, which polled 500 cybersecurity decision-makers in Singapore. They were part of a global study commissioned by security vendor Trellix that canvassed responses from 9,000 cybersecurity decision-makers from 15 markets, including India, Indonesia, Australia, Germany, the US, and the UK. Respondents in Singapore on average had to deal with 54 cybersecurity incidents on a daily basis, with 39% managing 50 to 200 such incidents a day. Globally, 34% said they dealt with 25 to 50 security incidents a day, while 25% had to manage twice as many daily. In Singapore, 80% said security breaches in the past 12 months led to losses of up to 10% of their organisation’s revenue. Respondents from midsize businesses with revenue of between $50 million and $100 million estimated their company lost an average of 9% in revenue, while those from large enterprises of revenue between $10 billion and $25 billion said losses averaged at 5% of revenue. Some 64% said their current security tools did not support their security operations team to function with maximum efficiency, while 35% confessed to having blindspots in their protection. Another 90% said their cybersecurity infrastructure was “siloed”. Some 38% said they were likely to implement network detection and response tools in the next 18 months, while 36% pointed to security orchestration (NDR), automation and responses (SOAR), and 35% said they would implement security information and event management (SIEM). “Siloed security systems are placing an unnecessary burden on overstretched SecOps teams, making organizations easy targets for malicious actors,” said Trellix’s Asia managing director Jonathan Tan. “It’s time we reject siloed security as the status quo and take concrete steps towards building a more flexible, intelligent security model, which will ultimately help to safeguard sensitive data.”According to the survey, 45% globally cited employee error such as users downloading compromised files or clicking on malicious links as the top cybersecurity threat their organisation faced. Another 39% pointed to insider threat, while 34% said phishing and spear-phishing attacks as the top threats. Some 30% said ransomware attacks and 29% highlighted poor cyber hygiene as top cybersecurity threats their organisation faced. Asked about their top cybersecurity concerns, 44% cited high cost of cybersecurity products and services, while 39% pointed to difficulties detecting and responding to advanced threats and 36% were concerned about having limited threat intelligence and insights.RELATED COVERAGE More
Image: Alfa Photo / Shutterstock A newly discovered cross-platform piece of malware called ‘Chaos’ is spreading on Linux and Windows systems to amass resources for distributed denial of service (DDoS) attacks against online gaming firms, crypto exchanges, and rival ‘stressor’ sites renting DDoS-as-a-service. The malware, which was written in Go – Google’s popular cloud and […] More
Image: Getty Russia has engaged in a sustained, malicious cyber campaign against Ukraine and its allies since the February 24 invasion – but its lack of success shows that it’s possible to defend against cyberattacks, even against some of the most sophisticated and persistent attackers, says the UK’s cybersecurity chief. “Try as they might, Russian […] More
Australia’s current administration is calling for stronger privacy laws, following last week’s cybersecurity breach that compromised personal data of 9.8 million Optus customers. Describing the cyber attack as “not technologically challenging”, the government says the breach should never have happened and that Optus should pay to rectify the situation. When customers give their personal data to companies, they expect the information to be kept safe, Australian Prime Minister Anthony Albanese said in parliament Wednesday. Calling the Optus data breach “a great concern”, he said the incident should serve as a wakeup call to businesses in Australia. The mobile operator last week reported a security breach that it said compromised various customer data, including dates of birth, email addresses, and passport numbers. Information belonging to both current and former customers were impacted, Optus said, which its CEO Kelly Bayer Rosmarin later said was the result of a “sophisticated” attack that infiltrated multiple security layers. The telco, though, has yet to provide further details on how the breach occurred or what systems were breached. Local reports have pointed to an online API (application programming interface) that apparently did not require authentication or authorisation for customer data to be accessed. Albanese said the government was working with Optus to obtain the necessary information “to conduct a criminal investigation” led by the Australian Federal Police, in cooperation with the FBI. “We know that this breach should never have happened,” the prime minister said. “Clearly we need better national laws after a decade of inaction to manage the immense amount of data collected by companies about Australians, and clear consequences for when they do not manage it well.”He dismissed calls from the opposition party for the government to pay for the replacement of passports, arguing instead that Optus should be made to cover such costs. Taxpayers should not be made to pay for a problem that was the result of Optus’ own failures on cybersecurity and privacy regulation, he said, adding that the Minister for Foreign Affairs had asked Optus to cover the associated costs. Optus is a wholly-owned subsidiary of Singapore telecommunications group, Singtel. Albanese added that the government was looking to strengthen local laws under its current review of the Privacy Act. According to Australia’s Minister for Home Affairs Clare O’Neil, the country was about five years behind where it needed to be in cyber protection. “It’s simply not good enough,” said O’Neil, who is also Minister for Cyber Security. “What happened at Optus wasn’t a sophisticated attack. We should not have a telecommunications provider in this country that effectively left the window open for data of this nature to be stolen,” she said. Describing the breach as unacceptable, she added that the incident was a major error on Optus’ part. “They are to blame,” the minister said. “The cyber hack undertaken here was not particularly technologically challenging.”She added that a breach of such a scale, involving a company such as Optus, would have resulted in significant financial penalties in other countries. Instead, in Australia, the maximum fine topped at just AU$2.2 million under the Privacy Act, which she said was “totally inappropriate”. O’Neil further noted that while she was able to set minimum cybersecurity standards for companies in several sectors, she was not able to do so for telcos, which had kept themselves out of the country’s existing laws on the basis that their standards were high enough and they were regulated sufficiently under other laws. This clearly was not the case as demonstrated by the recent breach, she said. Stressing the need to strengthen the country’s privacy laws, the minister said devices increasingly were connected to the internet. “It’s a really clear message for me, for Australians, and for Australian companies, that we’ve got to lift the standards here and we’ve got to do better to protect Australians.”She said the government’s current review of the Act would look at a range of issues, including the powers she had to mandate minimum cybersecurity standards that could have prevented the Optus breach from happening. “This is an important wakeup call,” she said. “What this tells us is that companies that have held themselves to be experts in cybersecurity are failing on these types of attacks.” O’Neil also revealed in a statement Tuesday that customers’ Medicare numbers were compromised in the Optus breach, which initially were not revealed to be amongst data affected in the attack. She further expressed concerns over reports that personal information stolen in the breach now was being offered for free and for ransom. RELATED COVERAGE More
Image: Blink Amazon has announced a bunch of new products, including new Echo hardware, new Ring home security cameras, and new Blink devices. Here’s everything Amazon announced at its fall event today. Blink, which is owned by Amazon, is known for relatively affordable home security products with long battery life and free video storage. However, […] More
Amazon Amazon’s WALL-E looking household robot, Astro, was announced a year ago and has been available exclusively by invitation since. The robot has functioned as a household handy helper, both monitoring your home security and also following you from room bringing Alexa’s assistance and items directly to you. Now, Astro is rolling out of your […] More
Trismegist san/Shutterstock Incognito mode is a great way to use the Chrome browser on Android without leaving any breadcrumbs behind for sites and services to track you. I use it regularly, and it rarely fails me. However, one thing that has always bothered me about the incognito mode is that if I leave an incognito […] More
