Contact us
  • News

Security Roundup November 2022

Security Watch

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

The state of cybersecurity in 2022: ransomware and threats to data abound

Nearly 10 terabytes of data are stolen every month due to ransomware, according to the ENISA threat landscape (ETL) report. Other highlights were: more than 60 per cent of affected organisations may have paid ransom demands; while the largest Denial of Service (DDoS) attack ever was launched in Europe last July. There were 66 zero-day vulnerabilities disclosed during the reporting period between July 2021 and July 2022. In all, the agency grouped the main risks into eight categories: ransomware, malware, social engineering, threats against data, threats against availability, disinformation/misinformation, and supply chain targeting. The latter category made up 17 per cent of all reported intrusions in 2021, up from just 1 per cent in 2020.

Almost one in four cybersecurity attacks (24 per cent) targeted public administration and governments, ENISA said. In 13 per cent of cases, digital services providers were the targets. The report noted that Russiaโ€™s invasion of Ukraine had led to more damaging and widespread cyber attacks. It also found that companiesโ€™ increasing cloud adoption are creating more opportunities for attackers. ENISAโ€™s landing page has the full report available toย download, together with resources like a handyย infographicย and related content.

Separately, the UK National Cyber Security Centreโ€™s 2022ย reviewย is out. Some of the headline conclusions, like the effect of Russiaโ€™s invasion of Ukraine, are broadly similar to ENISAโ€™s findings. The NCSC said there were 2.7 million cyber-related frauds in the UK in the year to March 2022. Meanwhile, 36ย nationsย signed up to take steps against ransomware actors. At the second annual Counter Ransomware Initiative summit hosted by the United States, the signatoriesย agreedย to taking tougher steps against cryptocurrencies funding attackers.

GDPR compliance certification here at last

For the first four years of the EU GDPRโ€™s existence, there was no way for organisations to prove they complied with the privacy rules. Now thatโ€™s changed. In October, the European Data Protection Boardย signed offย on the first GDPR compliance scheme. Now, individuals or entities can obtain a pan-Europeanย certificationย to show customers and stakeholders that they comply with the General Data Protection Regulation. Euronewsย saidย the certification would make it easier for citizens and businesses to understand and comply with the EUโ€™s privacy rules.

Europrivacy is the approved accreditation body for the scheme. Itย emergedย from a H2020 European research project co-funded by the European Commission and Switzerland. It is managed by the European Centre for Certification and Privacy (ECCP) in Luxembourg and maintained by the Europrivacy International Board of Experts in data protection, with the support of various partners. Privacy expert and BH Consulting COO Dr Valerie Lyonsย bloggedย about why she believes this development is a game changer.

In other data protection news, US President Joe Biden signed an executive order to implement the new EU-US data transfer framework. The deal aims to end uncertainty over data flows between the two blocs. Thereโ€™s more detail at the EUโ€™s dedicated Q&Aย page.

Raising awareness about security awareness

Weโ€™ve always believed that people are the strongest line of defence and not the weakest link. So if youโ€™re looking for a solution to help you manage your cybersecurity awareness programme, BH Consulting has partnered with RegSol, an e-learning platform builder. The new interactive e-learning course blends content developed at BH Consulting with RegSolโ€™s expertise in e-learning development and compliance.

Built to be engaging for users, the training focuses on key themes such as protecting logins, managing passwords, reporting a breach, secure web browsing, as well as how to spot and avoid common social engineering scams. Visit ourย websiteย to find out more.

Links we liked

Find and remove malware if you suspect your Microsoft servers might be compromised.ย MORE

Microsoft now delivers new security update notifications via RSS feed.ย MORE

Emotions trump logic: the triggers that attackers use to exploit victims.ย MORE

This CNN item explains why you should use a password manager and MFA.ย MORE

This Firstcon video looks at incident response investigations in the cloud.ย MORE

As notorious hacker Daniel Kaye is arraigned on federal charges, hereโ€™s a deep profile.ย MORE

The NCSCโ€™s departing technical director wrote an excellent summary of security today.ย MORE

Spice up your security presentation without the tired โ€˜hacker in a hoodieโ€™ tropes.ย MORE

Hereโ€™s why signing up to online accounts using Google or Facebook isnโ€™t a good idea.ย MOREThis survey sheds light on what makes girls build (or leave) a cybersecurity career. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign upย here

< Back to all articles

Why get in touch with BH Consulting

BH Consulting is a trusted, independent cybersecurity and data protection consultancy with over 20 years of experience. Whether you need expert guidance on compliance, risk management, or security strategy, our team delivers practical, vendor-neutral advice tailored to your needs.

  • Trusted by global brands and public sector bodies
  • ISO 27001-certified team with deep domain expertise
  • Proven track record in delivering real-world solutions
  • Flexible services: CISO/DPO as-a-Service, audits, training & more

Letโ€™s start a conversation about securing your business.

ISO27001 certification europe logo
cyber ireland 2021 logo
Respect in Security Pledge logo

Areas of interest*