Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails. The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 6,000 professionals responsible for their company’s cybersecurity from the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings specific to the more than 1,000 U.S. professionals surveyed include:

The U.S. Department of Energy (DOE) today announced that Puesh M. Kumar will serve as Acting Principal Deputy Assistant Secretary (PDAS) for DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

Netenrich announced the appointment of Christopher Morales as Chief Information Security Officer (CISO) and Head of Security Strategy to its leadership team. Morales will oversee the strategic development, implementation, and market execution of the company’s security solutions and processes.

A security team can sink an infinite amount of time and resources into strengthening your infrastructure, but it’s all for nothing if a default password is used by an exec, or someone in HR makes the mistake of responding to a clever phishing message. Cybercriminals will always find the path of least resistance and for most organizations the easiest way in is through the people.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.  

U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures. 

Meet Ray Espinoza, Chief Information Security Officer at Cobalt. With over 20 years of technology experience and 14+ years in information security, Espinoza’s collaborative leadership style has enabled him to build information security and risk management programs that support business objectives and build customer trust. Here, we talk to Espinoza about common cybersecurity hurdles leadership teams may encounter when restructuring. 

Since Digital Shadows published its first report last year, Initial Access Brokers: An Excess of Access, the company has continued to closely monitor the IAB criminal category. Where it tracked roughly 500 IAB listings in all of 2020, already in 2021 it has found some 200 new listings published by IABs in cybercriminal forums and other dark web sources in just Q1.

Cybercriminals continue to exploit unpatched Microsoft Exchange servers. Cybersecurity researchers at Sophos report an unknown attacked has been attempting to leverage the ProxyLogon exploit to unload malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server. 

Recently, TalentLMS partnered with Kenna Security to survey 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. Here are some of the staggering results that offer some explanation as to why cybercrime has grown into such a lucrative business: