Using Cyber Risk Ratings for DORA Compliance The number of cyber attacks across the world is on the rise, and the European Union is taking steps to strengthen the IT security of financial institutions such as banks, insurance companies and investment firms. DORA, the Digital Operational Resilience Act, will help ensure that the financial sector in Europe can maintain operations even in the event of a severe operational disruption. The Council presidency and the European Parliament have reached a provisional agreement on DORA, which is a positive step forward in protecting Europe's finances. Continue reading to learn more about using cyber risk ratings for DORA compliance. Introduction In today's digital world, it is essential for companies and organisations operating in the financial sector to have robust security measures in place for their network and information systems. The EU's DORA sets out uniform requirements for such security, as well as for
Understanding Cyber Risk Exposure for Vendors in Russia & Ukraine It was only 60 years ago when the world feared a global nuclear war. Fortunately, we made it through that period. But with geopolitical tensions at an all-time high, the risk of a devastating global cyber war is becoming more and more likely. This is why each of us needs to do our part to reduce cyber risk. Understanding cyber risk exposure for vendors in Russia and Ukraine should be a priority for all businesses with vendors in those countries. Recently, the United States (US) and other countries imposed sanctions on Russia for its invasion of Ukraine. These sanctions have sparked a considerable amount of concern, especially surrounding the issue of cyber attacks on US organisations and those based in allied countries. These are uncertain times, but many experts predict that the attacks will be wide-ranging. They'll involve ransomware and
Will conflict in Ukraine raise the risk of cyber attacks in other countries? In a nutshell, the general consensus is, yes. Conflict in Ukraine will raise the risk of cyber attacks in other countries. If as is expected, the situation in Ukraine escalates to all out conflict, we can expect significant offensive cyber operations against Ukrainian government, utility and industrial targets and targets beyond Ukraine as well. Not NotPetya again? As we saw in 2017 with the NotPetya Ransomware campaign, which was aimed at Ukrainian companies via a popular local accounting software platform, that was widely attributed to Russian threat actors in the wake of the Crimean peninsula annexation, cyber attacks can spread in an uncontrolled manner, even when the threat actor is not specifically targeting a wider audience. NotPetya ended up seriously affecting the business operations of hundreds of companies around the world, including A.P. Møller-Mærsk (who
Data Privacy and the Future of Business 2021 was a watershed year in terms of business data use. And 2022 is likely to be another. Therefore, it is imperative that businesses put their best foot forward when it comes to data privacy. Let's take a look at data privacy and the future of business. These few steps can help businesses make significant strides in developing better privacy habits. With the global big data market set to be worth nearly $235 billion by 2026, to say that data is now core to business success today would be a massive understatement. From tweaking shipping strategies to delivering more relevant advertising campaigns to customers, businesses are constantly looking for ways to make more data-driven decisions. But with this access to consumer data comes great responsibility. And unfortunately, in many consumers’ eyes companies are not doing all they can to make sure that their
10 Tips for Detecting and Mitigating Phishing Attacks Despite being a well known problem, phishing remains a significant issue for companies. Notwithstanding the increased sophistication of new malware and advanced persistent threats, phishing is still one of the most effective ways to breach networks, steal money and credentials, and exfiltrate data. Phishing can be the first stage in a sophisticated information-stealing attack. It's a tried and true method that cyber criminals have been using for years but are now adapting to their own needs. It remains pervasive because phishers get away with it so often. Read on for ways to detect and mitigate phishing attacks. There are many types of phishing attacks organisations must be wary of. The main outcomes of all phishing attempts are to steal credentials, instigate a ransomware attack, install malware or trick a person into making a payment for a fictitious service. “Phishing emails are one
Ransomware: Facts, Risks, and Countermeasures Ransomware has been a major threat to cyber security in the past few years. The malware encrypts files, locking them and demanding a ransom to unlock them. These ransomware attacks have affected organisations, hospitals, schools, municipalities and enterprises. Ransomware is becoming more sophisticated and difficult to stop, with attackers increasingly encrypting data before demanding money to decrypt it. One thing is certain: ransomware attacks have many different appearances and come in all shapes and sizes. Continue reading to find out about the latest development in the fight against ransomware. Malware with a ransom note Ransomware is a type of malware that is used to encrypt files held on a computer in such a way that they can only be unencrypted by paying a ransom. Victims are told that they must pay the ransom, or risk to lose access to their files forever. Users are shown
My wife is a cat person. We have two fluff-ball Ragdoll cats, who are not allowed outside - mainly because we know that they have the capability to scale our garden wall, but probably not the ability to find their way home again! Recently, we adopted a rescue dog. She is however, allowed into the garden; much to the chagrin of the cats. This is because, to our knowledge, we do not believe that the dog has the capability of scaling our outer perimeter. In the information security world, we at Elasticito, spend a lot of time working with information security teams and senior management helping them to understand and manage cyber risks, threats and threat actor capabilities within the context of their businesses. It seems to me, that the complex world of cyber security is actually not much more complex than the dynamics between cats, dogs and garden fences.
The Ransomware Revolution In recent years, we’ve seen a fundamental shift in how threat actors approach ransomware. Threat actors today are not as interested in taking credit for encrypting files and escaping with stolen funds or valuable data. They’re more focused on destroying backups and exfiltrating data before they can be recovered. According to Forbes, this significant alteration has increased the scope of cyber attacks, raising ransom payments much higher than prior averages. Forbes emphasises that average ransomware payments have steadily risen over the past five years, from less than $300 in 2015 to $6,700 in 2018 to $111,000 in 2020. Continue reading to find out more about the ransomware revolution. The State of Ransomware in 2021 Ransomware was the most common cyber threat to organisations in 2020. It is especially prevalent among finance, e-commerce, and healthcare companies. In addition to the costs of security incidents, ransomware also has a negative impact on victim companies'
Cyber Risk vs Cyber Threat: Are They The Same Thing? After the term “cyber threat” began to enter common usage, its meaning became a bit fuzzy. The same goes for “risk” — we’ve all heard the term thrown around, but do we really know what it means and how it is used in IT? In this post, we will attempt to clarify these terms and their relationships. In today’s world, organisations must have high-level data security. Ensuring that client and vendor data isn't compromised is crucial. When customers, clients and vendors sign up to do business with you they expect that their information is deemed important enough for you to do everything in your power to keep it safe. Many clients with sensitive information will also require you to have a clear and thorough data security policy before doing business with you. That begs the question: “How confident are you
How to reduce your cyber risk with the FAIR cyber risk quantification model Cyber risk is very real for organisations, who must constantly manage the risks and threats of cyber related attacks. According to the World Economic Forum's "The Global Risks Report 2021," cyber security failure ranks high among the top ten risks for business in terms of likelihood, outranked only by extreme weather events, livelihood crises and infectious diseases. But if cyber risk isn’t quantifiable, what’s the point? The key for any organisation is to understand exactly how much it's exposed to cyber risk and how much it's likely to lose. By quantifying that risk, you can set limits for your cyber security expenditures and calculate return on those investments. Read on to learn how you can make cyber risk more measurable for your organisation. Cyber Risk Quantification: Understanding the FAIR methodology A large concern in today’s boardroom is