Tag: device security
UK defence ministry ‘loses’ 269 phones
The UK Ministry of Defence (MoD) has egg all over its face following its admission that over 269 of its phones went missing between January 1 and February 27. This is a record number, even for the MoD, which lost 262 phones in total in 2023 and 2024. The astonishing total of how many phones were recorded as lost, misplaced or stolen in the first two months of this year only came to light in response to a question asked in the UK parliament by the shadow defence secretary, James Cartlidge. The fact that a security-conscious organization such as the MoD could lose track of so many devices only evidences the increasing overlap between cybersecurity and physical security. Once a device such as a smartphone is in the hands of a threat actor, it can provide a portal to enable all kinds of cyber-attacks.
Shoring up SMEs Cyber-Defenses
In an exclusive interview with Cyber Intelligence, CEO and co-founder of cybersecurity firm EyeR, Sean Tsvik, explains what small-to-medium-sized organizations (SMEs) can do to protect their systems and customers’ critical data from increasingly sophisticated cyber-attacks. They should start by using a managed detection and response (MDR) service. That allows medium-sized organizations to protect themselves against increasingly sophisticated cyber-attacks without paying high salaries to in-house cyber experts. MDR services work out costing only a couple of dollars per endpoint and are by far the best starting point for small-to-medium-sized companies looking to strengthen their cyber defenses. Small organizations can also benefit from moving to the cloud as this leaves even fewer endpoints to secure.
SMEs in urgent need of cybersecurity overhaul
In an exclusive interview with Cyber Intelligence, Brian Buiwe, Technology Specialist at Sage, explains how SMEs and other smaller organizations urgently need to re-address their approach to cybersecurity. There is a huge knowledge gap among C-suite executives of small-to-medium-sized enterprises (SMEs), as well as among other professionals such as senior doctors and lawyers, where cybersecurity is concerned. Many do not yet grasp the urgent need for cybersecurity. The mainstream media has actually done a very poor job of keeping them informed of the growing threat facing all sectors.
Unsecured PCs and laptops put organizations at risk
Tech giant HP has issued a stark warning that most global organizations fail to secure the hardware and firmware of PCs, laptops and printers, “weakening cybersecurity posture for years to come.” According to a new report from HP’s Wolf Security Unity, 68 percent of IT and security decision-makers (ITSDMs) report that investment in hardware and firmware security is often overlooked in the total cost of ownership (TCO) for devices. “This is leading to costly security headaches, management overheads, and inefficiencies further down the line,” says HP.
Nation-state spyware goes mainstream
Commercial surveillance technology targeting smartphones, once the province of spymasters, is now becoming widely available on the open market. It is not only high-profile individuals such as politicians who are now threatened but also business people and ordinary smartphone users. Half of the known zero-day exploits (a previously unknown vulnerability) used against Google and Android devices can be attributed to commercial surveillance vendors (CSVs), according to a new 50-page report from Google, Buying Spying: Insights into Commercial Surveillance Vendors. “The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” says Google.
Cyber-gangs to launch media offensive in 2024
Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments. Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.