Your monthly update of ICT continuity news and information

NOTE: If you cannot read this newsletter properly visit www.continuitycentral.com/ictnewsjuly2022.html

FEATURE ARTICLES

When it comes to authentication are we in danger of confusing identity and access?
Apple, Google, and Microsoft have recently announced that they intend to accelerate the availability of passwordless sign-ins using the common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Julia O'Toole questions this approach and asks whether it is the result of confusing identity and access control.
Read the article
• World

Managing compliance risks associated with SAP audits
SAP systems are widely used for enterprise resource planning and are subject to regular auditing as a result. Failing an audit can lead to system shutdowns, expensive remediation, and non-compliance with standards. Here, Tim Wallen explores how organizations can improve the SAP audit process and their compliance efforts.
Read the article
• World

Why resilience needs to extend to the way you manage your buildings
Building and facilities management technologies have come a long way in recent years, with smart analytics available to help prevent equipment breaking down, and the resulting issues of high or low temperatures, reductions in air quality, and costly downtime. Matthew Margetts looks at why resilience management must include looking at how your organization manages its buildings.
Read the article
• World

Taking the guesswork out of cyber security
Saket Modi, CEO at Safe Security, explains why he thinks the current way of doing cyber security in many organizations is broken as far too much of the risk analysis and associated decisions are based on estimates and guesswork, instead of using a knowledge-based approach.
Read the article
• World

Are your legacy systems an open door for cyber attacks?
Often the business systems you rely on most can be the most neglected. They have been running well for years without much attention. However, this situation must now be challenged – the changing cyber threat landscape means the risk of downtime to your legacy systems is increasing. Here Nick Denning proposes six steps to protect your organization and its legacy systems.
Read the article
• UK / World

If you really want to improve cyber resilience stop letting employees create their own passwords
A fundamental change of attitude to access credentials is required to give organizations a chance of regaining control over cyber security says Julia O’Toole, Founder and CEO of MyCena Security Solutions.
Read the article
• World

Why data leaks are the most prevalent security risk in the digital domain
At the heart of strong cyber resilience are certain core elements. One such area is data leakage prevention: data leaks are the most common digital risk faced by enterprises. In this article Pauline Losson looks at where the specific risks are in this area and how organizations should respond to these.
Read the article
• World

NEWS ARTICLES

Canada’s financial regulator releases guidelines for managing technology and cyber risks
Canada’s Office of the Superintendent of Financial Institutions (OSFI) has published its final Guideline B-13, which sets out OSFI's expectations for how federally regulated financial institutions (FRFIs) should manage technology and cyber risks such as data breaches, technology outages and more.
Read the article
• Canada

Benchmark survey highlights current top three challenges for IT operations
Kaseya has released its 2022 IT Operations Report, which highlights the results of a global survey of IT professionals to learn about their top priorities and challenges.
Read the article
• World

New research looks at industrial cyber security and breach impacts
Barracuda Networks Inc. has released key findings from a report titled The State of Industrial Security in 2022. The research surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organization...
Read the article
• World

Cyber trends report finds that nearly one-third of US mid-sized organizations have no formal incident response plan in place
Egnyte has released its Cybersecurity Trends for Mid-Sized Organizations Report, a mid-year update to its Data Governance Trends Report. The study – based on a survey of 400 US C-level executives conducted by Wakefield Research – examines key trends in cyber insurance, cyber security hygiene, ransomware detection, user access management, and more.
Read the article
• US

Ransomware: UK NCSC and ICO tell solicitors not to advise clients to pay ransoms
In a joint letter, the UK National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have asked the Law Society to emphasise to its members that paying a ransom will not keep data safe or be viewed by the ICO as a mitigation in regulatory action.
Read the article
• UK

One in three enterprises do not have a secondary DNS solution in place
According to a recent survey conducted by the Neustar International Security Council (NISC), two-thirds (67 percent) of organizations have secondary DNS solutions in place, largely to ensure resilience in the event of an attack or outage. However, one-third of enterprises continue to operate with only one DNS service in place representing a significant number of organizations that are at greater risk of downtime.
Read the article
• World

Over a third of businesses fear security risks from incompatible applications
Over a third (36 percent) of organizations fear the risk of a security breach or incident due to an incompatible application on the latest version of Windows, according to new research of UK and US CIOs commissioned by Cloudhouse.
Read the article
• World

Prepare now for quantum threats says NIST
The US National Institute of Standards and Technology (NIST) has announced that it developing a new post-quantum cryptographic standard to replace current public-key cryptography, which is vulnerable to quantum-based attack. Despite the 2024 timescale, NIST says that organizations should start preparing for the transition now...
Read the article
• US / World

New report shows that raising awareness of cyber security is a widespread weakness
SANS Security Awareness has published its seventh annual SANS Security Awareness Report, which includes the results from a survey of 1,000 security awareness professionals worldwide.
Read the article
• World

Almost half of UK organizations now encrypt all data
The number of UK organizations implementing data encryption as a core part of their cyber resilience strategy has continued to rise, with 32 percent introducing a policy to encrypt all corporate information as standard in the last year.
Read the article
• UK

Many organizations paid ransoms despite having made investments in prevention, detection, and backup solutions
Titaniam’s new ‘State of Data Exfiltration & Extortion Report’ finds that while over 70 percent of organizations have an existing set of prevention, detection, and backup solutions, nearly 40 percent of organizations have been hit with ransomware attacks in the last year. The report says that this shows that ‘existing solutions are woefully inadequate in managing the risks and impacts from these attacks’.
Read the article
• World

Firmware attacks are becoming an increasingly significant threat
HP Inc. has released research from HP Wolf Security showing changing workforce dynamics are creating new challenges for IT teams around firmware security. As business workforces become increasingly distributed, IT leaders say it’s harder than ever to defend against firmware attacks.
Read the article
• World

Study reveals the current state of microsegmentation within enterprises
AlgoSec has released the findings of a new survey, conducted with market research firm Omdia, that sought to uncover the current state of microsegmentation within enterprises.
Read the article
• World

Digital resilience during the Fourth Industrial Revolution
A new report on how digital resilience can be advanced by developments in artificial intelligence (AI), quantum technology and cloud computing has been produced by Resilience First with Accenture and Cranfield University.
Read the article
• World

Cyber resilience strategic planning assumptions
In the opening keynote at the recent Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing Vice President at Gartner discussed Gartner’s predictions for how the cyber risk and resilience landscape will develop.
Read the article
• World

Although virtually every company has a backup strategy, 26 percent of these fail when needed
Almost all (99 percent) of surveyed IT decision makers state they have backup strategies in place, but just over a quarter (26 percent) have admitted they were unable to fully restore all data/documents when recovering from a backup. This is according to an annual survey conducted in April 2022 by Apricorn.
Read the article
• UK

Application incompatibility is a growing threat to mission critical operations
Over three quarters (77 percent) of organizations have at least one application that is not compatible with the latest version of Windows, with up to a quarter (25 percent) of all applications incompatible for 89 percent of organizations.
Read the article
• UK / US

80 percent of organizations that paid a ransom demand were hit again
Cybereason has published results of its second annual ransomware study which set out to better understand the true impact on businesses. This global study reveals that 73 percent of organizations suffered at least one ransomware attack in 2022, compared with 55 percent in the 2021 study.
Read the article
• World

2022 Outage Analysis report finds that digital infrastructure downtime costs and consequences are worsening
The digital infrastructure sector is struggling to achieve a measurable reduction in outage rates and severity, and the financial consequences and overall disruption from outages are steadily increasing, according to Uptime Institute’s 2022 Outage Analysis report.
Read the article
• World

The way forward for supply chain resilience: emerging supply chain technology themes
With increasing pressure on supply chain leaders to implement technological responses to disruptions, supply shortages and security incidents, Gartner, Inc. has identified the top eight supply chain technology themes in 2022. Gartner analysts have selected the themes for their potential to deliver automation, intelligence, and resilience.
Read the article
• World

Downtime due to DNS attacks is a widespread problem
EfficientIP has published the findings of its eighth annual ‘2022 Global DNS Threat Report’, conducted by market intelligence firm IDC on its behalf. The research reveals the damaging impacts that Domain Name System (DNS) attacks have had on global organizations’ operations over the past 12 months.
Read the article
• World

Research shows that zero trust segmentation ‘stops an average of five cyber disasters per year’
Illumio, Inc., has released ‘The Zero Trust Impact Report’. This presents the results of a survey conducted by The Enterprise Strategy Group (ESG).
Read the article
• World

Majority of CIOs say their software supply chains are vulnerable
Venafi has published the findings of a global study of 1,000 CIOs, in which 82 percent say their organizations are vulnerable to cyber attacks targeting software supply chains.
Read the article
• World

Ransomware, geopolitics, nation state and supply chain attacks rank as the biggest cyber threats
The 2022 Infosecurity Group State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine looks at the views of cyber security leaders about the current threat landscape.
Read the article
• World

The State of Cyber Resilience: no progress in executive confidence
Almost three years of unrelenting workplace disruption, digital transformation, and ransomware attacks means that most organizational leaders are no more confident in their ability to manage cyber risk than they were two years ago. This is according to a new report published by Marsh and Microsoft.
Read the article
• World

NIST issues new guide on using blockchain in access control systems
NIST has published NIST Internal Report (NIST IR) 8403, Blockchain for Access Control Systems, providing guidance for organizations looking to blockchain as a method of improving security.
Read the article
• US / World

Study highlights a ‘dangerous disconnect’ within UK businesses when it comes to cyber resilience
Deep Instinct has released the results from new research highlighting the role that executive leadership teams play in their organizations’ cyber resilience.
Read the article
• UK

Employees leaving without providing password details resulted in business continuity issues for nearly a third of organizations
A survey conducted by Pulse on behalf of Hitachi ID has found that organizations often find it difficult to obtain mission critical passwords from employees when they leave the organization.
Read the article
• World

Attackers turn to vishing: 550 percent increase seen in vishing attacks
Vishing (voice phishing) cases have increased almost 550 percent over the twelve month period Q1 2021 to Q1 2022, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.
Read the article
• World

Annual DDoS Threat Intelligence Report highlights emerging trends
Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021.
Read the article
• World

CALL FOR PAPERS

Written a relevant article or white paper? We'd like to consider it for publication on Continuity Central. Simply e-mail editor@continuitycentral.com

You have subscribed to this newsletter. To unsubscribe visit:
http://www.continuitycentral.com/index.php/unsubscribe or e-mail webmaster@continuitycentral.com

Read our privacy policy at https://www.continuitycentral.com/index.php/privacy-and-cookies

Continuity Central is a registered trademark