Table of Contents
- Addressing the Cybersecurity Staff Shortage: Insights from the ClubCISO and Telstra Purple Report
- Cohesity Research Shows Businesses Are Open to Paying Ransoms Due to Cyber Resilience and Data R…
- Cyber Threat Readiness Report Reveals Alarming Misalignment Between Execs and Security Analysts
- Ransomware attacks on corporate users in the UAE decreased by 10% in Q2 2023 compared to Q1
- The Two Biggest Trends from the Gartner Security & Risk Management Summit
- FraudGPT Follows WormGPT as Next Threat to Enterprises – Security Boulevard
Addressing the Cybersecurity Staff Shortage: Insights from the ClubCISO and Telstra Purple Report
archyde
The culture of the organization comes next (31%), showing that human and cultural challenges are still considered to have more impact on the ability to achieve objectives than macroeconomic challenges such as budgets (29%), the supply chain (25%) and the economic slowdown (22%).The report also shows that CISOs recognize the value of diversity: 78% believe it is beneficial to bring different perspectives to the business, while improving culture (54%) and promoting greater innovation (48%) are the next most common reasons.CISOs mainly recruit candidates from cultural or racial diversity (60%), but the next strategy is the recruitment of candidates from educational diversity (48%).No, according to a study
Who Thinks AI Recruitment Software Is Automated Pseudoscience </a>
95% of companies plan to increase their cybersecurity budgets over the next two years
To respond to ever-growing threats, according to a survey by Splunk
1689633965
#Security #teams #continue #hire #economic #uncertainty #latest #report #ClubCISO #Telstra #Purple
Link: https://www.archyde.com/addressing-the-cybersecurity-staff-shortage-insights-from-the-clubciso-and-telstra-purple-report/
Cohesity Research Shows Businesses Are Open to Paying Ransoms Due to Cyber Resilience and Data R…
Business Wire
SAN JOSE, Calif.–(BUSINESS WIRE)–Jul 25, 2023–
New research commissioned by Cohesity , a leader in data security and management, reveals the majority of businesses do not have the necessary cyber resilience strategies or data security capabilities required to address today’s escalating cyber threats and maintain business continuity.Respondents also revealed that their business’ cyber resilience and data security capabilities have not kept pace, with 80% expressing concerns about their organization’s cyber resilience strategy and whether it can ‘ address today’s escalating cyber challenges and threats ’ 1.
Business continuity is critical even when adverse cyber events arise, however, businesses are slow to respond because they lack the capability to recover data and restore business processes quickly.Diving deeper into cyber resilience and data recovery expectations versus reality, 90% of respondents said their business would consider paying a ransom, with close to 3 in 4 (74%) saying ‘Yes’ their organization would pay, if it meant being able to recover data and business processes, or recover faster.“Therefore, it’s no surprise that 9 in 10 respondents said their business would consider paying a ransom to maintain continuity.”
When asked about the biggest barriers to their organization being able to get back up and running in the event of a successful cyberattack, respondents said their top three challenges were integration between IT and security systems (34%), a lack of coordination between IT and security (33%) and antiquated backup and recovery systems (32%).
Link: https://www.businesswire.com/news/home/20230725702169/en/
Cyber Threat Readiness Report Reveals Alarming Misalignment Between Execs and Security Analysts
vmBlog.com
Swimlane announced the release of the “2023 Cyber Threat Readiness Report” based on research conducted by Dimensional Research.
The report reveals a lack of executive understanding and an ever-widening talent gap that is placing an unsustainable burden on security teams to prevent business-ending breaches.
Despite increased cybersecurity discussions at the C-suite and boardroom level, a sharp juxtaposition has emerged between executives who believe that every security alert is being addressed and the teams on the ground addressing the alerts.
Seventy percent of executives believe that all alerts are being handled by their security team, while only 36% of front-line roles responsible for managing alerts agree.
The truth is only 58% of organizations are actually addressing every single alert.
While the use of automation is increasing in popularity to overcome these challenges, a notable disconnect also exists in understanding the security team’s skill set and available resources to adopt heavy-scripting automation tools. 87% of executives believe their security team possesses what it takes for successful adoption.
In comparison, only 52% of front-line roles state they have enough experience to properly use this type of technology.
Respondents overwhelmingly indicated increased challenges in finding candidates with the right technical skills, experience and industry-specific knowledge.
Seventy percent of companies reported it takes longer to fill a cybersecurity role now than it did two years ago.
When asked how long it takes to fill a cybersecurity role, 82% of organizations report it takes three months or longer, with 34% reporting it takes seven months or more.
These challenges have led one-third (33%) of organizations to believe they will never have a fully-staffed security team with the proper skills.
More than nine out of 10 participants (95%) report business issues resulting from security team turnover, including slower threat identification, response and remediation, and the inability to address alerts.
Over three-quarters (78%) of organizations that handle every alert said they use low-code security automation in their security stack.
Ninety-eight percent of participants said there were advantages to using security automation solutions that embrace low-code principles, such as the ability to scale the solution with the team’s experience with less reliance on coding skills.
Link: https://vmblog.com/archive/2023/07/25/cyber-threat-readiness-report-reveals-alarming-misalignment-between-execs-and-security-analysts.aspx
Ransomware attacks on corporate users in the UAE decreased by 10% in Q2 2023 compared to Q1
Press Release
In 2022, the average cost of a ransomware attack was US$4.54 million (according to IBM’s data breach report), and Kaspersky solutions detected over 74.2M attempted ransomware attacks (20% increase to 2021).According to Kaspersky Security Network data, in Q2 2023 the number of ransomware attack attempts in the UAE decreased by 9.5% from Q1 to Q2 2023.”
Kaspersky Endpoint Security for Business, Kaspersky Small Office Security and Kaspersky Internet Security have demonstrated 100 percent effectiveness against ransomware attacks in Advanced Threat Protection Test assessments by AV-TEST.-Ends-
To protect yourself and your business from ransomware attacks, consider following the rules proposed by Kaspersky:
Do not expose remote desktop/management services (such as RDP, MSSQL, etc.)Egypt, Saudi Arabia, Kenya: Ransomware turbulence: attacks fluctuate and are increasingly dangerous UAE: Ransomware attacks in the UAE decreased by 9.5% from Q1 to Q2 2023 Turkiye: Ransomware attacks on corporate users in Turkiye increased by 8% in Q2 2023 compared to Q1 South Africa: In Q2 2023 ransomware attacks in South Africa increased by 10% compared to Q1 Nigeria: Ransomware attacks in Nigeria increased by 7% in H1 2023 compared to H1 2022.
Link: https://www.zawya.com/en/press-release/research-and-studies/ransomware-attacks-on-corporate-users-in-the-uae-decreased-by-10-in-q2-2023-compared-to-q1-gbesz7p0
The Two Biggest Trends from the Gartner Security & Risk Management Summit
Sydney Pujadas
The two most significant trends at the conference were vendor consolidation and AI-powered Cybersecurity Mesh Architectures – ideas that, as a comprehensive MSP & MSSP, Thrive is well equipped to address while managing our customers’ evolving cybersecurity needs.Thrive’s expertise in managing Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), vulnerability management, and penetration testing services while delivering high-level strategy and guidance through our vCISOs makes us the ideal partner for organizations looking to consolidate their security vendors.
Link: https://thrivenextgen.com/the-two-biggest-trends-from-the-gartner-security-risk-management-summit/
FraudGPT Follows WormGPT as Next Threat to Enterprises – Security Boulevard
Jeffrey Burt
Meaning the abuse filters aren’t there, so almost anything is fair game since misuse isn’t being checked for.” Pyry Avist, co-founder and CTO at security firm Hoxhunt, said “black hat GPT models” like FraudGPT are “bad news,” but that they’re essentially ChatGPT without the security and ethical restrictions.But you can pretend to be the CEO and easily draft an urgent email to the finance team demanding them to alter an invoice payment.” Getting a Line on the Attacker Behind FraudGPT According to Netenrich’s Krishnan, the threat actor behind FraudGPT created his Telegram Channel June 23 and claims to be a verified vendor on such dark web marketplaces like Empire, Torrez, AlphaBay and Versus.
Link: https://securityboulevard.com/2023/07/fraudgpt-follows-wormgpt-as-next-threat-to-enterprises/