{"id":5113,"date":"2023-08-01T10:32:52","date_gmt":"2023-08-01T15:32:52","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5113"},"modified":"2023-08-01T10:41:33","modified_gmt":"2023-08-01T15:41:33","slug":"ciso-news-tue-1-aug-2023","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2023\/08\/01\/ciso-news-tue-1-aug-2023\/","title":{"rendered":"CISO News: Tue, 1 Aug 2023"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a>Table of Contents<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Addressing the Cybersecurity Staff Shortage: Insights from the ClubCISO and Telstra Purple Report<\/li>\n\n\n\n<li>Cohesity Research Shows Businesses Are Open to Paying Ransoms Due to Cyber Resilience and Data R&#8230;<\/li>\n\n\n\n<li>Cyber Threat Readiness Report Reveals Alarming Misalignment Between Execs and Security Analysts<\/li>\n\n\n\n<li>Ransomware attacks on corporate users in the UAE decreased by 10% in Q2 2023 compared to Q1<\/li>\n\n\n\n<li>The Two Biggest Trends from the Gartner Security &amp; Risk Management Summit<\/li>\n\n\n\n<li>FraudGPT Follows WormGPT as Next Threat to Enterprises &#8211; Security Boulevard<\/li>\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.archyde.com\/wp-content\/uploads\/2022\/11\/archyde-1.png\">&nbsp;<strong>Addressing the Cybersecurity Staff Shortage: Insights from the ClubCISO and Telstra Purple Report<\/strong><br><em>archyde<\/em><br>The culture of the organization comes next (31%), showing that human and cultural challenges are still considered to have more impact on the ability to achieve objectives than macroeconomic challenges such as budgets (29%), the supply chain (25%) and the economic slowdown (22%).The report also shows that CISOs recognize the value of diversity: 78% believe it is beneficial to bring different perspectives to the business, while improving culture (54%) and promoting greater innovation (48%) are the next most common reasons.CISOs mainly recruit candidates from cultural or racial diversity (60%), but the next strategy is the recruitment of candidates from educational diversity (48%).No, according to a study<br>Who Thinks AI Recruitment Software Is Automated Pseudoscience &lt;\/a&gt;<br>95% of companies plan to increase their cybersecurity budgets over the next two years<br>To respond to ever-growing threats, according to a survey by Splunk<br>1689633965<br>#Security #teams #continue #hire #economic #uncertainty #latest #report #ClubCISO #Telstra #Purple<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.archyde.com\/addressing-the-cybersecurity-staff-shortage-insights-from-the-clubciso-and-telstra-purple-report\/\">https:\/\/www.archyde.com\/addressing-the-cybersecurity-staff-shortage-insights-from-the-clubciso-and-telstra-purple-report\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.businesswire.com\/news\/home\/20230725702169\/en\/\/favicon.ico\">&nbsp;<strong>Cohesity Research Shows Businesses Are Open to Paying Ransoms Due to Cyber Resilience and Data R&#8230;<\/strong><br><em>Business Wire<\/em><br>SAN JOSE, Calif.&#8211;(BUSINESS WIRE)&#8211;Jul 25, 2023&#8211;<br>New research commissioned by Cohesity , a leader in data security and management, reveals the majority of businesses do not have the necessary cyber resilience strategies or data security capabilities required to address today\u2019s escalating cyber threats and maintain business continuity.Respondents also revealed that their business\u2019 cyber resilience and data security capabilities have not kept pace, with 80% expressing concerns about their organization\u2019s cyber resilience strategy and whether it can \u2018 address today\u2019s escalating cyber challenges and threats \u2019 1.<br>Business continuity is critical even when adverse cyber events arise, however, businesses are slow to respond because they lack the capability to recover data and restore business processes quickly.Diving deeper into cyber resilience and data recovery expectations versus reality, 90% of respondents said their business would consider paying a ransom, with close to 3 in 4 (74%) saying \u2018Yes\u2019 their organization would pay, if it meant being able to recover data and business processes, or recover faster.\u201cTherefore, it\u2019s no surprise that 9 in 10 respondents said their business would consider paying a ransom to maintain continuity.\u201d<br>When asked about the biggest barriers to their organization being able to get back up and running in the event of a successful cyberattack, respondents said their top three challenges were integration between IT and security systems (34%), a lack of coordination between IT and security (33%) and antiquated backup and recovery systems (32%).<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20230725702169\/en\/\">https:\/\/www.businesswire.com\/news\/home\/20230725702169\/en\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/vmblog.com\/favicon.ico\">&nbsp;<strong>Cyber Threat Readiness Report Reveals Alarming Misalignment Between Execs and Security Analysts<\/strong><br><em>vmBlog.com<\/em><br>Swimlane announced the release of the &#8220;2023 Cyber Threat Readiness Report&#8221; based on research conducted by Dimensional Research.<br>The report reveals a lack of executive understanding and an ever-widening talent gap that is placing an unsustainable burden on security teams to prevent business-ending breaches.<br>Despite increased cybersecurity discussions at the C-suite and boardroom level, a sharp juxtaposition has emerged between executives who believe that every security alert is being addressed and the teams on the ground addressing the alerts.<br>Seventy percent of executives believe that all alerts are being handled by their security team, while only 36% of front-line roles responsible for managing alerts agree.<br>The truth is only 58% of organizations are actually addressing every single alert.<br><br>While the use of automation is increasing in popularity to overcome these challenges, a notable disconnect also exists in understanding the security team&#8217;s skill set and available resources to adopt heavy-scripting automation tools. 87% of executives believe their security team possesses what it takes for successful adoption.<br>In comparison, only 52% of front-line roles state they have enough experience to properly use this type of technology.<br><br>Respondents overwhelmingly indicated increased challenges in finding candidates with the right technical skills, experience and industry-specific knowledge.<br>Seventy percent of companies reported it takes longer to fill a cybersecurity role now than it did two years ago.<br>When asked how long it takes to fill a cybersecurity role, 82% of organizations report it takes three months or longer, with 34% reporting it takes seven months or more.<br>These challenges have led one-third (33%) of organizations to believe they will never have a fully-staffed security team with the proper skills.<br><br>More than nine out of 10 participants (95%) report business issues resulting from security team turnover, including slower threat identification, response and remediation, and the inability to address alerts.<br>Over three-quarters (78%) of organizations that handle every alert said they use low-code security automation in their security stack.<br>Ninety-eight percent of participants said there were advantages to using security automation solutions that embrace low-code principles, such as the ability to scale the solution with the team&#8217;s experience with less reliance on coding skills.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/vmblog.com\/archive\/2023\/07\/25\/cyber-threat-readiness-report-reveals-alarming-misalignment-between-execs-and-security-analysts.aspx\">https:\/\/vmblog.com\/archive\/2023\/07\/25\/cyber-threat-readiness-report-reveals-alarming-misalignment-between-execs-and-security-analysts.aspx<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.zawya.com\/favicon.ico\">&nbsp;<strong>Ransomware attacks on corporate users in the UAE decreased by 10% in Q2 2023 compared to Q1<\/strong><br><em>Press Release<\/em><br>In 2022, the average cost of a ransomware attack was US$4.54 million (according to IBM\u2019s data breach report), and Kaspersky solutions detected over 74.2M attempted ransomware attacks (20% increase to 2021).According to Kaspersky Security Network data, in Q2 2023 the number of ransomware attack attempts in the UAE decreased by 9.5% from Q1 to Q2 2023.\u201d<br>Kaspersky Endpoint Security for Business, Kaspersky Small Office Security and Kaspersky Internet Security have demonstrated 100 percent effectiveness against ransomware attacks in Advanced Threat Protection Test assessments by AV-TEST.-Ends-<br>To protect yourself and your business from ransomware attacks, consider following the rules proposed by Kaspersky:<br>Do not expose remote desktop\/management services (such as RDP, MSSQL, etc.)Egypt, Saudi Arabia, Kenya: Ransomware turbulence: attacks fluctuate and are increasingly dangerous UAE: Ransomware attacks in the UAE decreased by 9.5% from Q1 to Q2 2023 Turkiye: Ransomware attacks on corporate users in Turkiye increased by 8% in Q2 2023 compared to Q1 South Africa: In Q2 2023 ransomware attacks in South Africa increased by 10% compared to Q1 Nigeria: Ransomware attacks in Nigeria increased by 7% in H1 2023 compared to H1 2022.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.zawya.com\/en\/press-release\/research-and-studies\/ransomware-attacks-on-corporate-users-in-the-uae-decreased-by-10-in-q2-2023-compared-to-q1-gbesz7p0\">https:\/\/www.zawya.com\/en\/press-release\/research-and-studies\/ransomware-attacks-on-corporate-users-in-the-uae-decreased-by-10-in-q2-2023-compared-to-q1-gbesz7p0<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<strong>The Two Biggest Trends from the Gartner Security &amp; Risk Management Summit<\/strong><br><em>Sydney Pujadas<\/em><br>The two most significant trends at the conference were vendor consolidation and AI-powered Cybersecurity Mesh Architectures \u2013 ideas that, as a comprehensive MSP &amp; MSSP, Thrive is well equipped to address while managing our customers\u2019 evolving cybersecurity needs.Thrive\u2019s expertise in managing Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), vulnerability management, and penetration testing services while delivering high-level strategy and guidance through our vCISOs makes us the ideal partner for organizations looking to consolidate their security vendors.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/thrivenextgen.com\/the-two-biggest-trends-from-the-gartner-security-risk-management-summit\/\">https:\/\/thrivenextgen.com\/the-two-biggest-trends-from-the-gartner-security-risk-management-summit\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2021\/10\/android-chrome-256x256-1-32x32.png\">&nbsp;<strong>FraudGPT Follows WormGPT as Next Threat to Enterprises &#8211; Security Boulevard<\/strong><br><em>Jeffrey Burt<\/em><br>Meaning the abuse filters aren\u2019t there, so almost anything is fair game since misuse isn\u2019t being checked for.\u201d Pyry Avist, co-founder and CTO at security firm Hoxhunt, said \u201cblack hat GPT models\u201d like FraudGPT are \u201cbad news,\u201d but that they\u2019re essentially ChatGPT without the security and ethical restrictions.But you can pretend to be the CEO and easily draft an urgent email to the finance team demanding them to alter an invoice payment.\u201d Getting a Line on the Attacker Behind FraudGPT According to Netenrich\u2019s Krishnan, the threat actor behind FraudGPT created his Telegram Channel June 23 and claims to be a verified vendor on such dark web marketplaces like Empire, Torrez, AlphaBay and Versus.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/securityboulevard.com\/2023\/07\/fraudgpt-follows-wormgpt-as-next-threat-to-enterprises\/\">https:\/\/securityboulevard.com\/2023\/07\/fraudgpt-follows-wormgpt-as-next-threat-to-enterprises\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents &nbsp;Addressing the Cybersecurity Staff Shortage: Insights from the ClubCISO and Telstra Purple ReportarchydeThe culture of the organization comes next (31%), showing that human and cultural challenges are still considered to have more impact on the ability to achieve objectives than macroeconomic challenges such as budgets (29%), the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-5113","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=5113"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5113\/revisions"}],"predecessor-version":[{"id":5114,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5113\/revisions\/5114"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=5113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=5113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=5113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}