Tag: ciso
From deepfakes to in-person fraudsters
Boeing Employees' Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers. The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Companies complacent about AI-generated cyber-attacks
Companies are largely ignorant of the looming threat of increased artificial intelligence (AI) identity theft, despite the fact that 93 per cent of companies surveyed suffered two or more identity-related breaches in 2024. According to leading identity management company CyberArk Software, executives and employees alike are overconfident of their ability to spot ongoing ID-theft and subsequent cyber breaches, with over 75 per cent of respondents to a recent survey saying that they are confident their employees can identify deepfake videos or audio of their leaders. “Employees are [also] largely confident in their ability to identify a deepfake video or audio of the leaders in their organization. Whether we chalk it up to the illusion of control, planning fallacy, or just plain human optimism, this level of systemic confidence is misguided,” warns Cyberark following a survey of 4,000 US-based employees.
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
Companies worldwide continue to sideline CISOs
Organizations worldwide are continuing to put cybersecurity on the back burner, with only two percent having implemented cyber-resilience in all areas surveyed, says business consulting giant PwC. According to the latest PwC report, Bridging the gaps to cyber resilience: The C-suite playbook: “Fewer than half of the executives say their CISOs are involved to a large extent in strategic planning, board reporting, and overseeing tech deployments.” C-suite executives and their CEOs are currently paying growing lip-service to cybersecurity in an effort ensure their compliance with the growing body of cyber legislation on both sides of the Atlantic. But, according to PwC, only 15 percent are actually measuring the potential financial impact of cyber risks to a significant extent.
Organizations’ staff are their biggest security risk
Careless employees are the main root cause of data loss in organizations. According to the cybersecurity and compliance company Proofpoint, almost three-quarters (74 percent) of CISOs believe human error is their biggest cyber vulnerability. This is up from 60 percent in 2023 and 56 percent in 2022. Even more (80 percent) believe human risk and employee negligence will be the key cybersecurity concerns for the next two years. “Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests a disconnect between employees’ understanding of cyber threats and their ability to keep them at bay,” says Proofpoint.
Gulf of misunderstanding between CEOs and CISOs widens
There is a widening gulf of miscommunication between security teams and their boards. According to software intelligence platform, Dynatrace, 77 percent of company information security officers (CISOs) say their boards and CEOs focus too heavily on the ability to react to security incidents and not enough on reducing and preventing risk proactively. “Executive engagement has often been limited to conversations around regulatory compliance and high profile or user-centric security risks, such as phishing attacks, ransomware, or the use of mobile devices among an increasingly hybrid workforce. There is often less understanding of the material operational effects created by other, more technology-centric risks, such as gaps in the organization’s application security posture,” says Dynatrace.
LockBit Keeps Role as Biggest Global Ransomware Threat in 2023 – December 7th
According to a report by ZeroFox, LockBit was involved in more than a quarter of global ransomware and digital extortion (R&DE) attacks in 2023. The report found 30% of LockBit's attacks target Europe and 25% in North America. Despite remaining the global leader in ransomware, ZeroFox notes there to be a downward trajectory in the number of LockBit's attacks compared to 2022.
Canadian Government Employees Banned to Use Kaspersky and WeChat Apps – October 31st
SlashNext's "State of Phishing Report for 2023" report stated the 1265% phishing increase in malicious phishing emails since Q4 2022, correlating to ChatGPT's launch. It was also reported that 31,000 phishing emails were sent on a daily basis in the past year, 68% of them being text-based Business Email Compromise (BEC).