Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Creeping cyber risk grabbing global headlines

The World Economic Forum’s latest Global Cybersecurity Outlook 2024 gives senior leaders a high-level overview of cybersecurity trends. Cyber attacks featured in the top five risks for the year ahead, along with factors like extreme weather and the cost of living crisis. Infosecurity Magazine picked up on the WEF warnings that synthetic content generated by AI will lead to more fraud. It also predicts that organised gangs will use cybercrime more, because it offers easy money for lower risk. VentureBeat also has a good writeup of the key findings.

The report identified a “widening” inequality between organisations that can withstand security incidents and those that are struggling. Scale is a factor: larger organisations seem better equipped than SMEs to react to risks. And to complicate things, emerging technology is challenging organisations’ ability to stay resilient. The overall numbers aren’t good: there was a 30 per cent fall in the number of organisations with minimum viable cyber resilience, compared to last year. A recurring theme throughout this year’s edition is collaboration. The survey included with the report calls for urgent action to address the gap in readiness.

Meanwhile, it was a similar story from a separate source, with AON’s Global Risk Management Survey also tracking global volatility and risk. Its findings included data from Irish businesses, which ranked cyber attacks and data breaches as their top risk they face.

Passwords: can’t live with ’em, can’t access vital online services without ’em

Passwords were in the news again lately, for all the wrong reasons. LastPass, the password management service, is enforcing a 12-character minimum for master passwords to access its service. In a blog to explain the changes, the company said that password best practice had evolved since 2018 when it last updated the requirements. It doesn’t seem to be a popular move: security educator Michelle Levesley criticised LastPass’ lack of advice on how to create a secure password. Johannes Ullrich of SANS said “the problem isn’t so much password length but the fact that the password is user selected”. Infosecurity Magazine noted that “the measures come after LastPass suffered multiple breaches in 2022”.

And while we’re on the subject of users, passwords, and breaches, 23andMe took an … interesting approach following its recent incident. A breach, which the company didn’t detect for months, exposed personal and genetic details of 6.9 million users. Some victims sued the company, and 23andMe’s lawyers went on the offensive, blaming them for reusing passwords.

By a quirk of timing, last month An Garda Siochana’s National Cyber Crime Bureau published an infographic underlining the importance of protecting passwords. It included recommendations never to share passwords and to use multi-factor authentication.

Data protection and privacy developments 

The European Data Protection Board has launched a free tool to audit websites for GDPR compliance. It’s aimed at data controllers and processors who want to test their own websites, and at regulators’ legal and audit teams. It’s downloadable here. Separately, the EDPB also published a digest that analyses recent decisions on data security and data breaches. It uses ‘one-stop-shop’ examples from various EU supervisory authorities.

Some positive news for EU-based users of Microsoft’s cloud services. The company is changing its structures to allow customers based in the bloc to store all personal data within the EU. In its writeup, Security Week noted that cloud competitor Amazon rolled out independent cloud infrastructure for the EU last year. Meanwhile on the consumer side of privacy, Meta will start allowing EU users to unlink their Facebook and Instagram accounts. The move was prompted by the pending Digital Markets Act

There’s a strong overview of the surveillance technology landscape from privacy campaigner Johnny Ryan. He was a recent guest on Adrian Weckler’s Big Tech Show podcast. The interview accompanies a report the Irish Council for Civil Liberties’ published in January, documenting the scope of this surveillance.

Links we liked

A cybersecurity incident tracker that works by following SEC filings. MORE

Using economics to understand and solve cybersecurity challenges. MORE

The evolving CISO role and how to align security with business priorities. MORE

Three things security leaders can do to increase accountability. MORE

Facts and misconceptions about cybersecurity budgets. MORE

15 open source security tools you can use to protect against threats. MORE

Big Tech has made enough money this year already to pay all 2023 fines. MORE

AI will help cyber threat actors get better at how they work, UK NCSC warns. MORE

Will the opening of Apple’s EU App Store to third parties bring security risks? MORE

What does the DNS4EU project mean for security? MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.