Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Digital takeup drives accelerated cybercrime activity: IOCTA

At a time of year when many security professionals are putting the finishing touches to budget proposals, the latest Internet Organised Crime Threat Assessment (IOCTA) has outlined the key risks facing organisations in Europe. Growing use of digital technologies, accelerated by the Covid-19 pandemic, has led to a sharp increase in cybercrime. Europol’s European Cybercrime Centre (EC3) publishes the annual report, drawing on input from EU member states, law enforcement agencies, experts and private sector contributors. 

The report listed ransomware affiliate programmes as a major risk. They enable a larger group of criminals to launch multi-pronged attacks on large corporations and public institutions that includes extortion by threatening to name and shame victims, as well as DDoS attacks. IOCTA also warned of evolving mobile malware that’s allowing criminals to try to get around additional security measures such as two-factor authentication. Online shopping has led to a steep increase in online fraud, Europol said. Bank Info Security’s coverage of the report noted that while ransomware grabs the headlines, other forms of fraud “continue to be a major threat”. The full IOCTA report is free to download from Europol’s website.

STOP PRESS: BH Consulting’s Valerie Lyons to present at RSA Conference 2022

Valerie Lyons, Chief Operations Officer at BH Consulting, has been chosen to present at RSA Conference 2022. The landmark cybersecurity event takes place in San Francisco and has been running for almost 30 years. With an expected attendance of around 45,000, RSA is one of the world’s largest cybersecurity and privacy conferences. The 2022 edition will be a combined in-person and virtual event. Valerie’s session will look at 10 key privacy challenges of the hybrid workforce, drawing on her extensive work and research into information privacy. Her speaker profile is now live on the conference website. 

“You asked for miracles, Theo, I give you the FBI.”

In last month’s newsletter, we looked at why using a VPN doesn’t always protect the user. Now, a recent story shows another long-held piece of security advice that needs an update. ‘Don’t click on links or open attachments in emails’ seems redundant after an attacker was able to take control of the FBI law enforcement portal, no less, and use it to send out thousands of hoax emails warning about a fake cyberattack. 
 
Journalist Brian Krebs, who broke the story, said the attacker took advantage of poor coding on the agency’s website. The FBI confirmed the breach but stressed no data was compromised. Bleeping Computer has a good timeline of the incident. It also proves why the classic advice about email security needs a refresh (since after all, the entire point of email is to share links and attachments). Writing in the SANS newsletter, Brian Honan said: “We should instead be coaching people to be wary of unexpected emails and to review them with care before actioning them.” Not that email is the only communications channel you need to worry about securing. This op-ed from Otavio Freire on Dark Reading highlights the risks on collaboration platforms like Slack.

Links we liked

How to assess and improve the security culture of your business. MORE
 
What are the leading indicators of a great cybersecurity programme? MORE
 
Big salaries alone aren’t enough to attract good security talent. MORE
 
CISA has provided a simple two-page checklist for mobile device security. MORE
 
Ars Technica has some excellent tips on securing your digital life. MORE
 
An excellent deep dive into web security in the .ie domain space. MORE
 
Prof Ciaran Martin weighs in on the encryption debate. MORE
 
Did you hear the one about the car park with the 4,000-word privacy policy? MORE
 
Advice and lessons learned from a young, female CISO. MORE
 
A curated list of Kubernetes security resources on GitHub. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here

About the Author: admin

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*