#1 Trending Cybersecurity News & Magazine
Monday, September 18, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Araújo e Policastro Advogados Breach

    Araújo e Policastro Advogados Breach Claimed by 8BASE Ransomware Group

    TransUnion cyber attack

    USDoD Quits RansomedVC a Week After Joining, Leaks TransUnion Data

    Dymocks Cyber Attack

    Dymocks Cyber Attack: Over 1 Million Customer Records Exposed on Dark Web

    Retool Data Breach

    Retool Data Breach Linked to Google Authenticator Vulnerability

    Cybercrime competitions

    Inside Cybercrime Tournaments: Players, Incentives, and Impact on Security

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Anime About Hacking

    Get Your Hack On: Top 10 Anime About Hacking for Cybersecurity Buffs

    Ransomed Interview: Operator Speaks About No Mercy and All Gain

    Ransomed Interview: Operator Speaks About No Mercy and All Gain

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Tesla Data Leak

    Massive Tesla Data Leak Exposing Over 75000 Staff Attributed to Former Employees

    Cybersecurity Primer

    Bridging the Gap: Cybersecurity Primer to Address Woes Surrounding US Government Officials

    Executive order for cybersecurity

    White House Directs Federal Agencies to Enhance Cybersecurity Amid Exposure Concerns

    AI Cyber Challenge

    Biden-Harris Administration Introduces AI Cyber Challenge, Offering $20 Million Reward

    aws agent hijack

    New Research Exposes Advanced Cyber Threat – Attackers Hijack AWS Agent to Control Endpoints

    HUB cyber security

    Investors Sue HUB Cyber Security for Misleading Statements on Mount Rainier Merger

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    Cyble Partner Network

    Cyble Revolutionizes Cybersecurity Collaboration With Launch of Global Partner Program ‘Cyble Partner Network’

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Araújo e Policastro Advogados Breach

    Araújo e Policastro Advogados Breach Claimed by 8BASE Ransomware Group

    TransUnion cyber attack

    USDoD Quits RansomedVC a Week After Joining, Leaks TransUnion Data

    Dymocks Cyber Attack

    Dymocks Cyber Attack: Over 1 Million Customer Records Exposed on Dark Web

    Retool Data Breach

    Retool Data Breach Linked to Google Authenticator Vulnerability

    Cybercrime competitions

    Inside Cybercrime Tournaments: Players, Incentives, and Impact on Security

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Anime About Hacking

    Get Your Hack On: Top 10 Anime About Hacking for Cybersecurity Buffs

    Ransomed Interview: Operator Speaks About No Mercy and All Gain

    Ransomed Interview: Operator Speaks About No Mercy and All Gain

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Tesla Data Leak

    Massive Tesla Data Leak Exposing Over 75000 Staff Attributed to Former Employees

    Cybersecurity Primer

    Bridging the Gap: Cybersecurity Primer to Address Woes Surrounding US Government Officials

    Executive order for cybersecurity

    White House Directs Federal Agencies to Enhance Cybersecurity Amid Exposure Concerns

    AI Cyber Challenge

    Biden-Harris Administration Introduces AI Cyber Challenge, Offering $20 Million Reward

    aws agent hijack

    New Research Exposes Advanced Cyber Threat – Attackers Hijack AWS Agent to Control Endpoints

    HUB cyber security

    Investors Sue HUB Cyber Security for Misleading Statements on Mount Rainier Merger

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    Cyble Partner Network

    Cyble Revolutionizes Cybersecurity Collaboration With Launch of Global Partner Program ‘Cyble Partner Network’

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

Andy Norton, European Cyber Risk Officer at Armis, shares his personal insights on the State of Cyberwarfare and Trends Report: 2022-23

Chandu Gopalakrishnan by Chandu Gopalakrishnan
January 28, 2023 - Updated on February 2, 2023
in Firewall Daily, Interviews
0
cybersecurity
879
SHARES
4.9k
VIEWS
Share on LinkedInShare on Twitter

The Russian invasion of Ukraine is not only causing harm to the people of a sovereign nation, but it is also causing cyberwarfare repercussions that will be felt for the foreseeable future.

Targets now extend beyond opposition governments; any organization is a potential victim, with critical infrastructure and high-value entities at the top of the list, according to the Armis State of Cyberwarfare and Trends Report: 2022-2023.

You might also like

OpIndonesia: Ministry of Public Works and Housing Faces DDoS Attack by Garnesia Team

Araújo e Policastro Advogados Breach Claimed by 8BASE Ransomware Group

USDoD Quits RansomedVC a Week After Joining, Leaks TransUnion Data

The study, which included responses from more than 6,000 participants globally and across various industries, such as healthcare, critical infrastructure, retail, and logistics, found that cyberwarfare was one of the lowest-ranking priorities for several organizations.

One-third (33%) of global organizations are not taking the threat of cyberwarfare seriously, identifying as indifferent or unconcerned about the impact of cyberwarfare on their organization as a whole, leaving room for security gaps, said the report.

Andy Norton, European Cyber Risk Officer at Armis, shared his personal insights on the study with The Cyber Express in a detailed interview. Excerpts:

The year 2022 was when the post-pandemic effects on cybersecurity came to fore. How do you see 2023?

The pandemic caused so much exposure to organizations. There was an awful lot of hastily created access across the board, without strategy, policy or risk assessment into those sorts of controls. And so, we saw many notable breaches over the last two years impact, not just the typical PII type data breaches, but also more disruptive threats. I think we’ve come out of that now. Organizations are looking for things that they can take control of, what’s in their power, what can’t be predicted, and what are bad guys going to do next.

There’s a lot of emphasis on people going back to basics and building a culture that empowers building blocks of cybersecurity. I’m very positive about what we’re seeing in the industry. People are taking a step back and saying, “No, let’s plan appropriately and proportionately for our risk profile”.

'You are Essentially Funding Cybercriminals When You Pay Ransom'

Your review of the year emphasizes on the effects of the Russia-Ukraine incident on cybersecurity. However, we know that a sizable number of companies are either unaware or taking things lightly when it comes to cyber warfare. What could be the cause of that? Is the lack of awareness or is it the general inertia when it comes to businesses and cyber?

I think there is a bit of blurred lines in terms of what cyber warfare means to different people. We saw a lot of people who were concerned by cyber warfare, but were unprepared for it. It was not a concern for some other organizations. Overall, there was a lack of strategy and direction in sorting out the priorities for those organizations.

Could you explain the specific types of cyber-attacks that were identified as the most popular ones in the report?

PII data breaches were very common, because they’re so easily monetizable. Intellectual property attacks were also prevalent in that space. On the OT side, we saw a lot more disruptive attacks and production outages.

Cybercriminals are always looking for weaknesses, vulnerabilities, and attack possibilities on credentials. So, phishing attacks are not going away anytime soon. Once cybercriminals got a foothold, we saw attacks on legacy protocols. The sort of legacy tech exist now worsens the situation.

Is the problem of legacy devices still an issue? The pandemic, along with all the ill effects, made a huge change in the IT infrastructure, devices, and technology adoption

You hit the nail on the head! Legacy tech might be less in IT but very much so in OT. It is worse in medical and IoT. It is easy to weed out tech debt in IT space. But in other environments, it really is not.

Coming back to cyber warfare, because insurers are washing their hands off from cyber intrusions resulting out of cyber warfare. What are the specific measurements organizations are currently taking to secure their assets against cyber warfare attacks?

Cyber warfare is generally excluded from all insurance policies. But this bit of a contentious area, a grey area. Cyber-attacks have extremely similar effects that that you would expect from, say, cyber warfare attacks. The prompt is political, resulting in economic or social damages. Insurance companies need better metrics for to understand the premiums that they need to apply to their prospective customers.

Insurance companies need to know the extent of the capability and the extent of the maturity for each of the defence measures. I think the cyber insurance industry is maturing. It’s learning from the failings of the past 10 years. It’s learning from their exposures and their liabilities in the space. And of course, they are amending their policies accordingly.

The best of the best systems can fall for one common threat: ransomware. All it takes is just one click on the wrong link, right?

Yeah! The saying goes that the good guys need to be right 100% of the time, but the bad guys need to be right only once right? Tactically, the good guys are not so disadvantaged. Their disadvantage is that their prioritization is somewhat drained out in the noise of all the security tools that they have in their environment.

If you look at any of the recent notable breaches, you’ll see that there were many opportunities for the good guys to intercept and change the path of a cyber incident. We are seeing a whole cultural change, which focuses on the concept of criticality that views things in terms of the severity of attacks and the sensitivity of the asset. What we need now is the evolution of adopting frameworks and risk assessment. I think good governance will help organizations to achieve that.

Has there been a major change in organizations’ policies on ransomware ransom payment?

We saw some companies that were quite happy to pay ransom. Some companies decided to pay depending on the type of data that was stolen. I think you’re essentially getting involved in a cover up if you pay a ransom and do not disclose that consumer data was stolen.

Such a move would just magnify the liability of the of the breach. We also saw that organizations in some countries, generally, were more eager to make a ransom payment. In the US, that probability was high. Ultimately, it boils down to the culture, policies, and the recovery procedures you have in place.

'You are Essentially Funding Cybercriminals When You Pay Ransom'

Is there any point in paying ransom?

It is downright illegal in a lot of regions. You are essentially funding criminals when you pay ransom. Trusting the criminal for not making that public is a bit naive. But I have seen people justify making ransom payments, because it’s the quickest way to restore life-saving or critical services

Were there any industry that you found particularly vulnerable for attacks compared to others?

I think manufacturing and healthcare tend to tend to stick out more than others.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Ransom funds cybercriminalsRansomwareransomware attacks
Previous Post

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

Next Post

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

Ministry of Public Works and Housing Cyber Attack
Firewall Daily

OpIndonesia: Ministry of Public Works and Housing Faces DDoS Attack by Garnesia Team

by Vishwa Pandagle
September 18, 2023
Araújo e Policastro Advogados Breach
Firewall Daily

Araújo e Policastro Advogados Breach Claimed by 8BASE Ransomware Group

by Ashish Khaitan
September 18, 2023
TransUnion cyber attack
Data Breach News

USDoD Quits RansomedVC a Week After Joining, Leaks TransUnion Data

by Vishwa Pandagle
September 18, 2023
Dymocks Cyber Attack
Firewall Daily

Dymocks Cyber Attack: Over 1 Million Customer Records Exposed on Dark Web

by Editorial
September 18, 2023
Retool Data Breach
Data Breach News

Retool Data Breach Linked to Google Authenticator Vulnerability

by Ashish Khaitan
September 18, 2023
Next Post
SOCs

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

Latest Issue is Out. Subscribe Now



Follow Us On Google News

Latest Cyber News

Araújo e Policastro Advogados Breach
Firewall Daily

Araújo e Policastro Advogados Breach Claimed by 8BASE Ransomware Group

September 18, 2023
TransUnion cyber attack
Data Breach News

USDoD Quits RansomedVC a Week After Joining, Leaks TransUnion Data

September 18, 2023
Dymocks Cyber Attack
Firewall Daily

Dymocks Cyber Attack: Over 1 Million Customer Records Exposed on Dark Web

September 18, 2023
Retool Data Breach
Data Breach News

Retool Data Breach Linked to Google Authenticator Vulnerability

September 18, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance