With just shy of 42 million records breached, March has seen a number of high profile incidents, including a breach at Latitude Financial accounting for 14 million records, and a breach at Australian Telecoms company AT&T accounting for 9 million breached records. What’s more, a new report released in February, highlights that the Australian media and telecoms sector saw the most breaches in 2022, highlighting a weakness in cyber security protocols.
Here’s the other top stories you need to read:
Google Ads spreading malware
A warning has been issued about criminals using Google Ads to distribute malware. Utilising popular search terms such as “Chat GPT” and “Adobe”, the ads target legitimate traffic, using clicks as an opportunity to download executable malware onto your network. It’s a good reminder for zero-trust approaches to cyber security, and the importance of continuous training for your team.
Executive level survey highlights flaws
Executive leadership teams are overlooking vulnerabilities a new report finds, including:
- 47% of breaches are from known vulnerabilities.
- Phishing was the most common attack vector reported by 49% of respondents.
- 54% of victims had their data encrypted by ransomware.
- 30% of organisations take more than a month to detect known vulnerabilities.
- 38% of organizations fail to prioritize security flaws.
- 40% take over a month to remediate known vulnerabilities (of them, 24% take more than 3 months).
- On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.
Cybersecurity Maturity Report
A new report is shedding light on the strength of cybersecurity in different sectors, company sizes, and countries. The study found that 32% of organisations were found to have weak password policies, and 23% of organisations were found to have weak authentication. See the report +
TikTok banned from govt. phones
Concerns over data privacy and corporate espionage are fuelling a ban on TikTok from company networks and devices. Many other nations including France, Australia, and potentially US are following suit. Businesses may want to consider doing the same.
Latest ransomware demands wants your insurance
The latest version of HardBit ransomware is encouraging victims to anonymously disclose their insurance details. Businesses are being warned of the potential risks, as disclosing these details is likely to invalidate insurance. The aim is that the hackers can then request a ransom that will be covered by the premium.
NCSC Threat Reports
Every fortnight, the National Cyber Security Centre releases a threat report update. The report on 10 March looked at ransomware via Microsoft OneNote, as well as Eurovision scams. The report on 24 March shows 1 in 10 businesses have malware in their network, and the return of Emotet. See the reports +
UK sees increasing ransomware
According to a new trend report, the UK has seen an increase in reported ransomware attacks, despite a declining international landscape. Lockbit remains a prevalent threat. Read the report +
WHSmith attack on employee data
Reports of a hack on WHSmith that compromised personal employee data, serves as an important reminder that your employee data should have the same protection as your customer data.
Car thefts software flaw
A popular TikTok challenge shows the importance of software updates, as followers steal Kia and Hyundai cars by exploiting security vulnerability. Following a number of fatalities, it is a pressing reminder of the value of software updates, and why they should be high on your list of priorities.