InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities.
The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.
To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.
There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.
Top Resources for Cybersecurity Stats:
If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:
The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal
Consumers seem somehow unable or unwilling to protect themselves. But our research reveals an interesting knock-on effect from this: consumers welcome organizations who take the security initiative – and actively move their business to them.
Good security is good for business
This situation is a huge opportunity for organizations to make security a differentiator. Our research reveals that consumers value companies they perceive as more secure, with 64% saying they would recommend a large organization that they think makes a big effort to keep their data secure. A business with clearly visible cybersecurity will reassure consumers and create confidence in its digital products and services, carving itself a competitive advantage.
Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS.
He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling.
(It’s called a bullseye because that’s the tiny, innermost circle on a dartboard, also known as double-25, that’s worth 2×25 = 50 points if you hit it.)
Turing beat out an impressive list of competitors, including STEM visionaries and pioneers such as Mary Denning (first to unravel the paleontological mysteries of what is now known as Dorset’s Jurassic Coast), Rosalind Franklin (who unlocked the structure of DNA before dying young and largely unrecognised), and the nineteenth-century computer hacking duo of Ada Lovelace and Charles Babbage.
The Universal Computing Machine
Turing was the groundbreaking computer scientist who first codified the concept of a “universal computing machine”, way back in 1936.
At that time, and indeed for many years afterwards, all computing devices then in existence could typically solve only one specific variant of one specific problem.
They would need rebuilding, not merely “reinstructing” or “reprogramming”, to take on other problems.
Turing showed, if you will pardon our sweeping simplification, that if you could build a computing device (what we now call a Turing machine) that could perform a certain specific but simple set of fundamental operations, then you could, in theory, program that device to do any sort of computation you wanted.
The device would remain the same; only the input to the device, which Turing called the “tape”, which started off with what we’d now call a “program” encoded onto it, would need to be changed.
So you could program the same device to be an adding machine, a subtracting machine, or a multiplying machine.
You could compute numerical sequences such as mathematical tables to any desired precision or length.
You could even, given enough time, enough space, enough tape and a suitably agreed system of encoding, produce all possible alphabetic sequences of any length…
…and therefore ultimately, like the proverbially infinite number of monkeys working at an infinite number of typewriters, reproduce the complete works of William Shakespeare.
he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.
The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”
In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services. The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”
ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.
Today’s world uses the information for a variety of purposes. City officials install traffic signals with traffic movement information, and accounting professionals use revenue and expenditure information to calculate annual earnings. So, experts established different domains intending to secures information. Such domains are Information security, Cybersecurity, and Ethical hacking.
Organisations have had to overcome countless challenges during the pandemic, but one that has continued to cause headaches is IT security for home workers.
A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – and without the assurance of a member of your IT team on hand if anything goes wrong.
But unlike many COVID-19 risks, these issues won’t go away when life eventually goes back to normal. Home working will remain prominent even when employees have the choice to return to the office, with a Gartner survey finding that 47% of organizations will give employees the choice of working remotely on a full-time basis.
Meanwhile, 82% said that employees would be able to work from home at least one day a week.
As such, organisations should reconsider if they’re under the assumption that the defences they’ve implemented to protect remote workers are temporary.
Robust, permanent defences are required to tackle the array of threats they face. We explain how you can get starting, including our remote working security tips, in this blog.
Online work increases cyber security risks
Without the security protections that office systems afford us – such as firewalls and blacklisted IP addresses – and increased reliance on technology, we are far more vulnerable to cyber attacks.
The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber criminal compromising it.
They might attempt to do this by cracking your password. This could be easier than ever if you’re reusing login credentials for the various online apps you need to stay in touch with your team.
Meanwhile, according to CISO’s Benchmark Report 2020, organizations are struggling to manage remote workers’ use of phones and other mobile devices. It found that 52% of respondents said that mobile devices are now challenging to protect from cyber threats.
You can find more tips on how to work from home safely and securely by taking a look at our new infographic.
This guide explains five of the most significant risks you and your organisation face during the coronavirus crisis.
Alternatively, attackers could send phishing emails intended to trick you into either handing over your details or downloading a malicious attachment containing a keylogger.
The dangers of phishing should already be a top concern, but things are especially perilous during the coronavirus crisis.
Organisations should also be concerned about remote employees using their own devices.
This might have been unavoidable given how quickly the pandemic spiralled and the suddenness of the government’s decision to implement lockdown measures.
Still, where possible, all work should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, 2FA (two-factor authentication), which will mitigate the risk of a crook gaining access to an employee’s account.
This ensures that the necessary tools are in place to defend against potential risks, such as anti-malware software and up-to-date applications.
It also gives your IT team oversight of the organisation’s IT infrastructure and allows it to monitor any malicious activity, such as malware and unauthorised logins.
Control the risk
Any organisation with employees working from home must create a remote working policy to manage the risks.
It includes guidance on storing devices securely, creating and maintaining strong passwords, and an acceptable use policy for visiting websites that aren’t work-related.
Organisations should also explain the technical solutions they’ve implemented to protect sensitive data and how employees can comply. For example, we recommend applying two-factor authentication to any third-party service that you use.
Although it shouldn’t be a concern during the lockdown, your remote working policy should also address the risks that come with employees handling sensitive information in public places.
For example, when business goes back to normal, staff may well use company devices in places such as trains and cafés, where opportunistic cyber criminals can lurk without drawing attention to themselves.
Security incidents are just as likely to occur even if there isn’t a malicious actor. Consider how often you hear about employees losing their laptop, USB stick or paperwork.
Coronavirus: your biggest challenge yet
Disruption caused by COVID-19 is inevitable, and you have enough to worry about without contending with things like cyber security and compliance issues.
Unfortunately, cyber criminals have sensed an opportunity amid the pandemic, launching a spate of attacks that exploit people’s fear and uncertainty.
Therefore, it’s more important than ever to make sure your organisation is capable of fending off attacks and preventing data breaches.
To help you meet these challenges, we’ve put together a series of packaged solutions. Meanwhile, most of our products and services are available remotely, so we don’t need to be on-site to carry out things like security testing.
One virus is enough to worry about. Take action now to protect your business. Implement cyber security measures that help you respond to cyber attacks.
When Rinki Sethi heard that her 7th grade daughter applied to take a technology innovation class as an elective, she was thrilled. Sethi, who joined Twitter in September as its chief information security officer, said one of her passions is getting more young women interested in technology.
But when her daughter found out that she didn’t get into the class, Sethi discovered a troubling statistic: 18 slots for the class went to boys, while only 9 were filled by girls. “I went and sat down with the principal and asked: ‘Why are we turning down girls if that’s what the ratio looks like?’” Sethi recounted Monday at a virtual panel centered around women in cybersecurity. “We need more women to enter this field, and I think that’s the biggest problem—how do we get more women and girls interested.”
After learning that only 9 out of 27 kids in a #STEM elective @KMSCupertino are girls, I met with principal to discuss how can we can make this ratio more equal. After my meeting, I am happy to announce the principal has agreed to balance this out. @CUSDK8@CityofCupertino
However, Espinosa’s hard-earned experience is not simply limited to the boardroom. In his latest book, ‘The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity’, Espinosa shares his decades of experience in the fast-paced world of IT Security. The decades of combined experience can practically be felt dripping through the pages as the chapters outline the essential steps to overcome the biggest adversary in cybersecurity. No, not the cybercriminals, but the toxic culture that many cybersecurity professionals find themselves in. The book takes a holistic approach to self-betterment, discussing the importance of so called ‘soft skills’ in the world of cybersecurity.
During the recent video conference of the members of the European Council (25-26 February 2021), NATO chief Jens Stoltenberg highlighted the importance to define a strategy to boost defense and security.
“We want to act more strategically, to defend our interests and to promote our values.” said Charles Michel, President of the European Council.“We will step up our cooperation and our coordination to combat hybrid threats and disinformation.”
Member states highlighted the importance of close cooperation with NATO and strengthening partnerships with the UN and key regional partners. The EU leaders emphasized that they looked forward to cooperating with the new US administration on a strong and ambitious transatlantic agenda that included a close dialogue on security and defence.
Participants are committed to providing secure European access to space, cyberspace and the high seas.
“In light of the growing number and complexity of cyber threats, we aim to strengthen European cyber resilience and responsiveness and to improve the cybersecurity crisis management framework. Following the Cybersecurity Strategy presented in December 2020, we invite the Commission and the High Representative to report on implementation by June 2021.” reads a statement from EU leaders. “In addition, we invite the co-legislators to swiftly take work forward, particularly on the revised Directive on security of network and information systems (NIS 2 Directive). We also call for greater cooperation and coordination to prevent and respond to hybrid threats, including disinformation, inter alia by involving the private sector and relevant international actors.”
EU leaders invited the Commission and the High Representative, Josep Borrell, to work on the implementation of the Cybersecurity Strategy by June 2021.
New casinos launch online often and as the choice for these sites grows, so does the variety of payment options. Not long ago, many online casinos were limited to credit/debit cards and very few e-Wallets. Today, there is a broad range of payment options accepted by online casinos.
One payment method, nonetheless, has become quite popular; pay by phone. With more people accessing online casinos from their mobile, it’s easy to see why mobile payments are becoming widespread. Besides, the option has several advantages, as highlighted below.
Play on Credit
When paying using your phone, you can choose to pay through telephone bills. This means that you can add money to your casino even when you don’t have money and pay the bill later. Operating more like a credit card, you get a form of credit when you choose this option.
The money is usually credited into your account immediately, yet you will only pay for it when paying your phone bill. The great thing about this is that it gives you float since you don’t have to immediately pay for your deposit.
Again, if you don’t have money at a particular moment or want to track how much you use in gaming, this option allows you to do this with ease. However, you should note that you will eventually pay the bill, probably at the end of each month.
No Additional Costs
Most phone providers don’t charge extra fees to deposit at the casino using a phone bill. Nonetheless, you will incur the usual rates that your provider charges for mobile payments in most cases.
However, it is worth checking with the provider to confirm if additional charges apply. Further, online casinos don’t impose any fees on your phone bill deposits. Again, it is essential to confirm this from your specific casino.
The goal is to find a provider and a casino that don’t impose extra fees for the service. According to this guide, there are many such casinos that don’t charge you for phone deposits. Thus, you won’t have a hard time finding a perfect site that meets your gaming expectations.
High Level of Security
Depositing using your phone is exceptionally safe and secure. The added security level is because you never enter your credit/debit card details or banking information like is the case with some traditional payment options.
Although rare, some sites get hacked, especially those that don’t have up-to-date security measures such as SSL data encryption and robust firewalls. If this happens, the information you have shared with your casino can be compromised.
Fortunately, if you choose this option, you will never worry about your bank information being stolen. Besides security, the method also enhances the privacy of your banking information since the casino doesn’t have access to your banking details.
Due to technology’s entertaining nature, you are likely to spend more than the recommended amount of time on it. If you find yourself taking more than 5 hours daily on social media websites, that is already a sign that you are leading towards technology addiction. In such a case, you may not focus on college academic work. Consequently, you may record unimpressive grades.
You need to find a way to deal with such an addiction. Create a plan with the specific hours you intend to spend on different daily activities. Stick to your routine and fight the urge to use your phone at inappropriate times. Ensure you have hit your daily targets before you use your tablet.
The trick is to ensure you maintain your focus. Besides, do not forget about face-to-face communication. Find time to spend with your friends. You can leave your technological devices in one location and travel to a different destination. It helps to ensure that you can live without these devices without feeling uncomfortable.
Safeguard Your Identity as You Surf Online
Although the internet has numerous advantages, there are also pitfalls to its use. For example, some tech-savvy people have the expertise to find people’s passwords within minutes. If you are a lazy person who prefers simple passwords, you may become a victim. They can use this information to your detriment.
How do you ensure your details are safe as you work online? For every account you sign up for, use a strong password. It could be a mixture of lower and uppercase letters, numbers, and special characters. Where possible, use the two-step authentication feature.
What are the additional tips that can help you? When entering an account password, ensure there is no one peeking over your shoulders. Do not allow untrustworthy people to use your devices. Additionally, do not click suspicious links.
Knowing which events to go to can be a bit of a minefield and the pandemic hasn’t helped matters. Remember when we could meet face-to-face and network? Seems like a long time ago. Despite this fact, the importance of conferences is vital for any industry and organisers are doing their upmost to ensure we are not deprived of the many opportunities these events can bring. Thankfully, most events have been made virtual and so the discussion and innovation of cybersecurity can continue. While there are hundreds of events to choose from, here is the IT Security Guru’s pick of the top 10 cybersecurity conferences that you shouldn’t miss, regardless if they are virtual or not:
![The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity by [Christian Espinosa]](https://m.media-amazon.com/images/I/41KIWmjt6sL.jpg)
