Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Public Sector. Show all posts
UK Government
Cyber Security Public Sector Ransomware UK Government

Understanding the UK’s New Rule on Ransomware Payments in the Public Sector


The UK government has introduced a new policy that stops public sector organizations from making payments to cybercriminals during ransomware attacks. This decision was made to reduce the number of attacks by taking away the money motivation behind them.

The government believes that if attackers know they won’t get paid, they may stop targeting essential services like public hospitals, schools, or councils. However, this move has sparked a lot of discussion among cybersecurity experts and business leaders.


Why This Rule Could Be Difficult to Enforce

While the aim is to protect public services, some people believe organizations might still find ways to make payments secretly. For instance, if a company operates both in the UK and another country, it might use its foreign office to make the payment. Others might try to hide the payment by calling it a regular business expense.

These loopholes could weaken the purpose of the ban. It might even create an unfair situation where some organizations quietly pay and recover faster, while others follow the rules and face longer disruptions.


The Pressure on Business Leaders

Leaders responsible for cybersecurity face a difficult situation. While no one wants to support criminal activity, refusing to pay can lead to bigger problems. For example, a ransomware attack could shut down critical services or expose personal information.

In some extreme cases, businesses might feel that paying the ransom is the only way to continue operations or protect sensitive data. This rule could put extra pressure on leaders who are already struggling to make the right decision during a crisis.


Less Reporting, More Risks

Another concern is that if payments are banned, organizations might stop reporting ransomware incidents altogether. They may choose to hide the true nature of the attack to avoid breaking the law or getting into trouble.

This lack of transparency can be dangerous. If fewer cases are reported, cybersecurity experts won’t have enough data to understand new threats or how attacks are evolving. That means it will be harder to prepare for future attacks, leaving more organizations at risk.


Is There a Better Way Forward?

Many experts believe that instead of a complete ban, the government could allow exceptions in very serious situations. Organizations could be required to report the attack immediately and get approval from authorities before making any payments.

This would give the government better visibility into ransomware activity while still giving organizations the flexibility to act when needed. At the same time, public sector workers should receive better training so they know how to handle cyber threats early and prevent serious damage.

In short, while the new rule is a step toward fighting cybercrime, it’s important to create a balanced plan that supports both security and practicality. 

Read more »
User Privacy
Digital Payment Federal Agency malware Protocols Public Sector Ransomware Attacks. Sensitive data User Privacy

Cullman County Courthouse Hit by Ransomware

A hostile cyberattack recently affected the Cullman County Courthouse, causing disruptions to regular operations and causing shockwaves throughout the community. The ransomware attack that affected the courthouse's systems had serious repercussions for Cullman County residents as well as the local government.

The malware attack, described as a ransomware assault, targeted the courthouse's systems, crippling operations and causing a delay in the processing of critical tasks. As a result, January payment deadlines for property tag taxes have been pushed back, leaving residents and businesses in a state of uncertainty. This unforeseen circumstance has prompted local authorities to reassess their cybersecurity measures and reinforce defenses to prevent future incidents.

The attack did not go unnoticed by federal representatives. Congressman Robert Aderholt's office has been closely monitoring the situation, emphasizing the need for a comprehensive response to such cyber threats. Aderholt acknowledged the severity of the situation, stating, "It's disheartening to see cyberattacks affecting our local institutions, and we must take steps to safeguard our communities against these evolving threats."

This incident serves as a stark reminder of the pervasive nature of cyber threats and the potential consequences for communities when essential services are compromised. The Cullman County Courthouse joins a growing list of public institutions grappling with the fallout of ransomware attacks, underlining the urgency of bolstering cybersecurity infrastructure at all levels.

In the aftermath of the attack, county officials are working tirelessly to restore normalcy and reinforce their cybersecurity protocols. The incident underscores the need for continuous vigilance and investment in advanced cybersecurity measures to protect sensitive data and maintain the seamless functioning of public services.

As the investigation into the source of the malware attack unfolds, residents are advised to stay informed about the evolving situation. Cybersecurity experts stress the importance of regularly updating antivirus software, practicing safe online habits, and remaining vigilant against phishing attempts to mitigate the risk of falling victim to similar attacks.

The Cullman County Courthouse was the target of a recent cyberattack, which highlights how vulnerable local government organizations are to online attacks. The incident has caused a reevaluation of cybersecurity protocols in addition to causing disruptions to essential services. In an era where interconnection increases the possibility of such malicious attacks, this loss should serve as a sobering warning for other municipalities to strengthen their digital defenses while the community works to recover.

Read more »
Security
Cyber Security Data data security Developers Industry Public Sector Safety Security

24 Percent of Technology Applications Have High-risk Security Vulnerabilities

 

With a higher proportion of applications to compete with than other industries, technology firms would benefit from improving secure coding training and practices for their development teams. As per Veracode, 24 percent of applications in the technology sector contain high-risk security flaws, which would cause a critical issue for the application if exploited. 

“Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.

The technology industry was discovered to have the second-highest proportion of applications with security flaws, at 79 percent, trailing only the public sector (82 percent). When it comes to the proportion of flaws fixed, the technology sector ranks in the middle of the pack.

The industry still takes up to 363 days to fix 50% of flaws, indicating that there is still plenty of room for improvement.

Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus.”

He continued, “To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”

The most common types of flaws discovered by dynamic analysis of technology applications are server configuration, insecure dependencies, and information leakage, which broadly follows a pattern similar to other industries.

In contrast, the sector has the greatest deviation from the industry average for cryptographic issues and information leakage, possibly indicating that developers in the tech industry are more knowledgeable about data security challenges.
Read more »
Security Flaws
Cyber Security data security Public Sector Security Flaws

82% Applications in Public Sector Have Security Flaws

According to a new study from Veracode, more than 82% (4/5th) of public sector apps have security vulnerabilities, the highest found in any industry. The experts also found that the apps in the public sector take twice the time to get patch the flaws once identified, compared to other industry security fixes. Besides this, around 60% of flaws in third-party libraries in the public sector haven't been patched for two years. It is twice the time frame compared to industry data and almost 15 months behind the cross-industry average. 

The report is based on the data collected via 20 million scans across half a million apps in the public sector, financial services, manufacturing, retail, healthcare, technology, and hospitality. Veracode simplifies AppSec programs by combining five application security analysis types in one solution, integrated into the development pipeline. With comprehensive analysis, you’re covered today and as your program evolves Joint lowest fix rate for vulnerability in the public sector is 22% which is the lowest. 

The study suggests that public sector organizations are more prone to software supply chain attacks because they are more vulnerable, for instance, solar winds, which led to huge disruptions and breaches of critical data. Fortunately, the findings suggest that public sector entities have improved in battling high severity flaws. As per analysis, high-level flaws were found in 16% of public sector apps and the total numbers fell by 30% in the last year. 

The experts believe that the data hints toward new government cybersecurity measures. Public sector lawmakers and politicians know that dated technology and a large amount of sensitive data are the reason for public organizations to become a primary target for hackers. 

This is why Congress and the White House are working together to update regulations that govern cybersecurity compliance.  "In January, President Biden signed a National Security Memorandum (NSM) requiring national security systems to implement network cybersecurity measures that are at least as good as those required of federal civilian networks. Earlier this month, the US passed new legislation that will force critical infrastructure companies to report cyber incidents within 72 hours" reports Infosecurity. 

Read more »
Subscribe to: Posts (Atom)