Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.
The state of cybersecurity in 2022: ransomware and threats to data abound
Nearly 10 terabytes of data are stolen every month due to ransomware, according to the ENISA threat landscape (ETL) report. Other highlights were: more than 60 per cent of affected organisations may have paid ransom demands; while the largest Denial of Service (DDoS) attack ever was launched in Europe last July. There were 66 zero-day vulnerabilities disclosed during the reporting period between July 2021 and July 2022. In all, the agency grouped the main risks into eight categories: ransomware, malware, social engineering, threats against data, threats against availability, disinformation/misinformation, and supply chain targeting. The latter category made up 17 per cent of all reported intrusions in 2021, up from just 1 per cent in 2020.
Almost one in four cybersecurity attacks (24 per cent) targeted public administration and governments, ENISA said. In 13 per cent of cases, digital services providers were the targets. The report noted that Russia’s invasion of Ukraine had led to more damaging and widespread cyber attacks. It also found that companies’ increasing cloud adoption are creating more opportunities for attackers. ENISA’s landing page has the full report available to download, together with resources like a handy infographic and related content.
Separately, the UK National Cyber Security Centre’s 2022 review is out. Some of the headline conclusions, like the effect of Russia’s invasion of Ukraine, are broadly similar to ENISA’s findings. The NCSC said there were 2.7 million cyber-related frauds in the UK in the year to March 2022. Meanwhile, 36 nations signed up to take steps against ransomware actors. At the second annual Counter Ransomware Initiative summit hosted by the United States, the signatories agreed to taking tougher steps against cryptocurrencies funding attackers.
GDPR compliance certification here at last
For the first four years of the EU GDPR’s existence, there was no way for organisations to prove they complied with the privacy rules. Now that’s changed. In October, the European Data Protection Board signed off on the first GDPR compliance scheme. Now, individuals or entities can obtain a pan-European certification to show customers and stakeholders that they comply with the General Data Protection Regulation. Euronews said the certification would make it easier for citizens and businesses to understand and comply with the EU’s privacy rules.
Europrivacy is the approved accreditation body for the scheme. It emerged from a H2020 European research project co-funded by the European Commission and Switzerland. It is managed by the European Centre for Certification and Privacy (ECCP) in Luxembourg and maintained by the Europrivacy International Board of Experts in data protection, with the support of various partners. Privacy expert and BH Consulting COO Dr Valerie Lyons blogged about why she believes this development is a game changer.
In other data protection news, US President Joe Biden signed an executive order to implement the new EU-US data transfer framework. The deal aims to end uncertainty over data flows between the two blocs. There’s more detail at the EU’s dedicated Q&A page.
Raising awareness about security awareness
We’ve always believed that people are the strongest line of defence and not the weakest link. So if you’re looking for a solution to help you manage your cybersecurity awareness programme, BH Consulting has partnered with RegSol, an e-learning platform builder. The new interactive e-learning course blends content developed at BH Consulting with RegSol’s expertise in e-learning development and compliance.
Built to be engaging for users, the training focuses on key themes such as protecting logins, managing passwords, reporting a breach, secure web browsing, as well as how to spot and avoid common social engineering scams. Visit our website to find out more.
Links we liked
Find and remove malware if you suspect your Microsoft servers might be compromised. MORE
Microsoft now delivers new security update notifications via RSS feed. MORE
Emotions trump logic: the triggers that attackers use to exploit victims. MORE
This CNN item explains why you should use a password manager and MFA. MORE
This Firstcon video looks at incident response investigations in the cloud. MORE
As notorious hacker Daniel Kaye is arraigned on federal charges, here’s a deep profile. MORE
The NCSC’s departing technical director wrote an excellent summary of security today. MORE
Spice up your security presentation without the tired ‘hacker in a hoodie’ tropes. MORE
Here’s why signing up to online accounts using Google or Facebook isn’t a good idea. MOREThis survey sheds light on what makes girls build (or leave) a cybersecurity career. MORE
Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here