Press "Enter" to skip to content

In security, there’s a framing of the data that changes the game

Ready for another way cybercrime steals from users?    Proxyware is another way to make money.   It’s a passive income stream for criminals who deploy cryptomining software or take advantage of referral programs for user actions.  

CISA has now added Single-factor authentication to its short list of bad security practices it advises against, adding it to a list of “exceptionally risky” behaviors.     Also on the list – flat network topologies, lack of least privilege (you know, everyone is an administrator), poor physical controls, and transmission of sensitive data without encryption.

Lacework’s 2021 Cloud Threat Report Volume 2 guides companies to treat cybercriminals… as business competitors.   Why?    From the report: Cybercriminals are working hard to profit directly through ransom and extortion, and they are aiming to profit indirectly by stealing resources. 

The Ponemon Insititute suggests that over half of companies find it impossible of very difficult to prevent insider attacks.    One of the key reasons – who is responsible for controlling and mitigating risks.   While 15% of those surveyed suggested that the CIO, CISO or head of the business is responsible, 15% suggested that nobody has ultimate responsibility in this space

The impact continues to be measured – looking at schools, there were 77 ransomware attacks involving schools and colleges in 2020, representing a 20% decrease compared to 2019, yet, more than 1,740 of these institutions were “potentially affected;” a 39% increase from the year prior. More than 1.3 million students “could have been impacted” by these attacks in 2020, representing a 67% increase compared to 2019.   This from Comparitech’s research.  

With an eye to the weekend, the FBI and CISA have advised about the potential for cyberattacks over the US Labor Day weekend, and advise taking steps to pre-emptively threat hunt.     The advisory notes no specific threads for the weekend, just the general likelihood of holiday weekends being used – like the Kaseya attack on July 4.  

Why do we care?

Well, if 15% say there’s no one responsible for the risk of insider attacks, you sure know they are going to happen.  

The idea of listing cybercriminals as a competitor really intrigues me here.    That changes the framework of the discussion around security (and risk management) from a vague “Other” threat to one that businesses have a very concrete framework of analysis.     Business leaders know how to analyze a competitor.   If a cybercriminal is yet another competitor… size them up that way.     Lost profits from a competitor or a criminal are still lost profits.    What is a business willing to invest to protect that profit from an active competitor?      Savvy framing for sure.