The end of the year is a good time to reflect on the past 12 months and create a plan to improve in 2022. Like years past, 2021 revealed more of the same for the cybersecurity industry—more breaches, bigger ransomware attacks, higher stakes. Some of the most disruptive cyberattacks occurred this year, such as JBS Foods, Kaseya and Colonial Pipeline. These attacks received global attention and spotlighted the need for even more attention on cybersecurity best practices. To help CEOs around the globe better understand cyber risks and how to make their businesses more secure, (ISC)² conducted an online poll... Read more →
64 posts categorized "Ransomware"
06 December 2021
Poll Data: What CEOs Need to Know About Cybersecurity Going into 2022
Posted by (ISC)² Management on 06 December 2021 at 07:00 AM in Operations Security, Ransomware | Permalink
|
Comments (0)
19 October 2021
#ISC2CONGRESS - Lessons Learned from the Baltimore Ransomware Attack
Martin R. Okumu lived through the ransomware attack on the City of Baltimore in 2018, which affected 90% of the municipality’s applications. As the then-director of IT infrastructure for the city, he learned a lot of valuable lessons about defending against and recovering from a ransomware attack. On Tuesday afternoon, he shared those lessons with (ISC)² Security Congress 2021 attendees during a virtual session. He is now the Chief Information Officer for the City and County of San Francisco. In many ways, Okumu said, Baltimore was not prepared for the attack. The city did not have a cyber incident response... Read more →
Posted by (ISC)² Management on 19 October 2021 at 04:51 PM in (ISC)² Events, Ransomware | Permalink
|
Comments (0)
17 September 2021
Ransomware Groups Reinvest Capital to Improve Attack Methods
Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods. Instead of relaunching the same tried-and-true attacks that have generated their handsome profits, ransomware groups are using the money to invest in R&D, an approach resembling series A financing rounds. As reported by SC Magazine, larger ransomware groups are becoming more professionalized, even holding conferences, hiring web design teams and placing want ads to build their businesses. “Ransomware, like any business, is a complex economy,” SC Magazine reported.... Read more →
Posted by (ISC)² Management on 17 September 2021 at 08:00 AM in Ransomware | Permalink
|
Comments (0)
14 September 2021
National Small Business Week: 10 Best Practices for Small Business Cybersecurity
A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. This does not bode well for their longevity, as other industry data shows that 60% of small businesses that suffer a data breach will be out of business within six months. The high cost of remediation and the potential for reputational damage can be more than most small businesses can withstand. Many times, the... Read more →
Posted by (ISC)² Management on 14 September 2021 at 03:00 PM in Cloud Security, Cybersecurity Training, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (0)
02 September 2021
The Upcoming U.S. Labor Day Weekend is a Reminder to Avoid Repeating History
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced this week that they have observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.” The REvil ransomware gang knocked JBS Foods’ operations offline over the U.S. Memorial Day weekend. REvil struck again over the U.S. Fourth of July holiday weekend, launching a ransomware attack targeting Kaseya, which had a cascading effect on Kaseya’s managed service provider customers and their clients. It’s not coincidental that these attacks transpired over holiday weekends. Attackers know that it’s difficult for security teams to quickly respond... Read more →
Posted by (ISC)² Management on 02 September 2021 at 11:30 AM in Ransomware | Permalink
|
Comments (0)
31 August 2021
Code Red: Hospitals Are Facing a Major Ransomware Threat
As the U.S. healthcare system struggles to cope with the COVID-19 pandemic, it has been fighting another major battle – ransomware. Nearly half (48%) of hospitals, according to a new study, have had to disconnect their networks in the past six months because of ransomware. Midsize hospitals are especially at risk, according to the study, Perspectives in Healthcare Security, conducted by Ipsos for CyberMDX and Philips. It found that while large hospitals reported an average shutdown of 6.2 hours at a cost of $21,500 per hour, midsize hospitals averaged nearly 10 hours at a cost of $45,700 per hour. The... Read more →
Posted by (ISC)² Management on 31 August 2021 at 10:39 AM in Cybersecurity Certifications, Ransomware | Permalink
|
Comments (0)
19 July 2021
Trending: 4,500+ Cyber Pros Enroll in Free (ISC)2 Ransomware Course in Less Than a Month in Order to Fortify Their Preparedness and Response Skills
Nearly three weeks after (ISC)² made its highly popular Professional Development Institute (PDI) course titled “Ransomware: Identify, Protect, Detect, Recover,” free to the public through July 31, 2021, more than 4,500 professionals have enrolled in the course. The ransomware crisis has reached an all-time high, with numerous headline-grabbing attacks coming to light. Some attacks, such as the ones against Kaseya and SolarWinds, are having far-reaching effects that, by design, extend well beyond the original target. The current ransomware epidemic is leaving victim organizations struggling to remediate and others wondering if they’ll be next. However, with protection strategies and remediation plans... Read more →
Posted by (ISC)² Management on 19 July 2021 at 08:00 AM in Cybersecurity Training, Ransomware | Permalink
|
Comments (1)
25 June 2021
NIST Has Come Out With Its Own Ransomware Guidance | #RansomwareWeek
As we close out #RansomwareWeek here on the (ISC)² blog, a timely piece of news comes from The National Institute of Standards and Technology (NIST) in the form of new draft guidance for organizations concerning ransomware attacks, according to reporting by Infosecurity Magazine. As the body responsible for one of the most revered standards frameworks in the world, NIST’s entry into the discussion is remarkable. According to the Infosecurity Magazine article, “The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to... Read more →
Posted by (ISC)² Management on 25 June 2021 at 10:10 AM in Government , Ransomware | Permalink
|
Comments (0)
24 June 2021
Six Steps to Protect Your Organization from Ransomware | #RansomwareWeek
As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Yesterday, we announced that (ISC)² has granted free access to its "Ransomware: Identify, Protect, Detect, Recover" course through the Professional Development Institute to anyone who is interested in learning more about prevention and remediation. That’s because the consequences can be dire for organizations. The days of ransomware attackers demanding a few hundred dollars for a decryption key are long gone. Attacks have gotten more severe, and perpetrators have become bolder, demanding multimillion-dollar payouts from their victims. In March, CNA... Read more →
Posted by (ISC)² Management on 24 June 2021 at 08:00 AM in Ransomware | Permalink
|
Comments (0)
22 June 2021
Prepare your defense against cybercriminals with ransomware best practice resources | #RansomwareWeek
Welcome back to #RansomwareWeek here on the (ISC)² Blog! Today we’re linking you up with eight episodes from the award-winning (ISC)² webinar program that touch on ransomware and cover the key components surrounding the state of cybersecurity threats. These sessions can help teams to better understand cybersecurity attacks, prepare for defense and plan a response in the event of a security breach. Anatomy of a Targeted Industrial Ransomware Attack Ransomware-New variants and Better Tactics to Defend and Defeat These Threats Darktrace #1: Ransomware in Focus: How AI Stays One Step Ahead of Attackers Ransomware Deep Dive: Examining Disturbing Ransomware Trends... Read more →
Posted by (ISC)² Management on 22 June 2021 at 08:00 AM in Cybersecurity Training, Ransomware | Permalink
|
Comments (0)
21 June 2021
U.S. Government Equates Threat of Ransomware with Terrorism | #RansomwareWeek
Welcome to #RansomwareWeek on the (ISC)² Blog. Ransomware attacks are receiving increased exposure in global news coverage with recent high-profile incidents at SolarWinds and Colonial Pipeline. These events have prompted many companies who previously may have felt secure in their practices to take a deeper look at their security measures and engage in deeper conversations surrounding threat management, cybercriminals, and cybersecurity training. This week we’ll be providing content resources that may be helpful to you, the reader, as your organization wrestles with ransomware prevention and remediation policies and best practices. As the first item in this week’s coverage, the massive... Read more →
Posted by (ISC)² Management on 21 June 2021 at 10:00 AM in Government , Ransomware | Permalink
|
Comments (0)
Business Continuity – The Light in a Time of Darkness
As a security practitioner, perhaps you have found yourself in meetings about Risk Management. Or, perhaps, you are part of the incident response team, where you are responsible for everything from preparation, through post-incident reporting. The common thread that runs through risk management and incident response are the “what if this happens” scenarios. Whatever your involvement in these preparatory exercises, the overarching concern of all involved is: When will the business be up and running normally again? When confronted with such dire circumstances, the realization of the need for Business Continuity and Disaster Recovery becomes as important as the business... Read more →
Posted by (ISC)² Management on 21 June 2021 at 08:00 AM in Cybersecurity Certifications, Ransomware | Permalink
|
Comments (0)
22 April 2021
Cyber Threats: The Financial System’s Top Risk
With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. “But the world changes, the world evolves, and the risks change as well. The risk we keep our eyes on the most is cyber risk.” If... Read more →
Posted by (ISC)² Management on 22 April 2021 at 07:30 AM in Cybersecurity Training, Cybersecurity Workforce, Malware, Ransomware, Risk | Permalink
|
Comments (0)
15 April 2021
IBM X-Force: Ransomware Was the Preferred Attack Method in 2020
In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access. Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up... Read more →
Posted by (ISC)² Management on 15 April 2021 at 03:50 PM in Ransomware | Permalink
|
Comments (0)
30 March 2021
FBI: Cybercrime Shot Up in 2020 Amidst Pandemic
In 2020, as the world grappled with a fast-spreading global pandemic, the FBI received more than 2,000 complaints each day, totaling 791,790 for the year. This represents a 69% increase from the previous year and a total of U.S. $4.2 billion in losses, according to data collected by the FBI’s The Internet Complaint Center (IC3). Cybercriminals employed all manner of schemes to target businesses and individuals, including phishing, spoofing and tech support fraud, the FBI reported. The costliest cybercrimes were against businesses, involving Business E-mail Compromise (BEC) schemes that added up to U.S. $1.8 billion in losses from 19,369 reported... Read more →
Posted by (ISC)² Management on 30 March 2021 at 09:44 AM in Digital Forensics, Government , Ransomware | Permalink
|
Comments (1)
12 February 2021
Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 2)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware. Edge Computing Edge Computing is a distributed computing... Read more →
Posted by (ISC)² Management on 12 February 2021 at 07:45 AM in Cloud Security, Cybersecurity Workforce, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
28 December 2020
Security Predictions for 2021 from the (ISC)² Community of Security Professionals (PART 1)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, and Richard Nealon, CISSP-ISSMP, CISSP, SSCP, SCF, CISM, CISA 2020 was a year of change. It changed the way that folks work and how they interact with each other. Wondering what 2021 might look like for information security professionals? This is the first in a series of posts where we will discuss what we believe 2021 may have in store for information security professionals. Some of the issues faced by security professionals in 2021/2022 will include (but are not limited to) the evolving landscape of privacy, and the ongoing necessity... Read more →
Posted by (ISC)² Management on 28 December 2020 at 08:00 AM in Cybersecurity Workforce, Insider Risk, Privacy, Ransomware | Permalink
|
Comments (0)
23 July 2020
RETHINKING SECURITY PREDICTIONS FOR 2020 FROM THE (ISC)² COMMUNITY OF SECURITY PROFESSIONALS
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe... Read more →
Posted by (ISC)² Management on 23 July 2020 at 12:02 PM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (0)
02 March 2020
Healthcare is the Preferred Target of Cyber Attackers
U.S. healthcare institutions are under constant attack from cybercriminals, and unless hospitals take concrete steps to protect themselves, the situation won’t get any better. In 2019, the healthcare industry was the number one target for cyber attackers, with the cost of breaches totaling $4 billion, according to a new report. 2020 Vision: A Review of Major IT & Cybersecurity Issues Affecting Healthcare, published by security intelligence firm CyberMDX, provides an in-depth look at the causes and types of cybersecurity threats affecting the industry, as well as recommendations for healthcare institutions to fortify their cyber defenses. Attacks on healthcare are prevalent,... Read more →
Posted by (ISC)² Management on 02 March 2020 at 08:30 AM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (1)
20 February 2020
UNDER ATT&CK: How MITRE’s methodology to find threats and embed counter-measures might work in your organization
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA... Read more →
Posted by (ISC)² Management on 20 February 2020 at 08:45 AM in Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (150)
- Center for Cyber Safety and Education (50)
- Cloud Security (126)
- Cybersecurity Certifications (368)
- Cybersecurity Training (305)
- Cybersecurity Workforce (224)
- Digital Forensics (27)
- Ethics (49)
- Government (106)
- Insider Risk (55)
- IT Security (360)
- Legal (43)
- Malware (102)
- Network Security (165)
- Operations Security (133)
- Privacy (103)
- Ransomware (64)
- Risk (177)
- Software Development (43)
- Spotlight (68)