FBI: One type of scam is costing business the most | ZDNet
https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/
https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/
ZDNet
FBI: One type of scam is costing business the most
Amid the global pandemic, cybercriminals went on an 'Internet crime spree', says FBI.
John Pescatore (SANS) opinion:
"Just to put that $4B number in perspective: the 2020 National Retail Federation shrinkage survey estimated that 2019 shrinkage (inventory loss from shoplifting, employee theft, supplier error/fraud, cashier errors and other causes) was $62B in the retail sector alone.
Three key points here: (1) the FBI IC3 data comes from complaints filed with the FBI, the numbers don’t reflect overall losses in anyway; (2) in many industries, traditional crime continues to have a much larger business impact that cybercrime; (3) retail has kept shrinkage in the range of 1.5 – 2% over the years, while spending 1-1.5% of revenue on loss prevention/shrinkage control, meaning a 3% loss of revenue to shrinkage and the loss prevention program is an acceptable cost of doing business.
Increasing spending in loss prevention without reducing shrinkage enough would result in a loss of profit, even if the absolute level of shrinkage went down. Can you talk similar language about the effectiveness of your spending on security controls to justify increases or changes?"
"Just to put that $4B number in perspective: the 2020 National Retail Federation shrinkage survey estimated that 2019 shrinkage (inventory loss from shoplifting, employee theft, supplier error/fraud, cashier errors and other causes) was $62B in the retail sector alone.
Three key points here: (1) the FBI IC3 data comes from complaints filed with the FBI, the numbers don’t reflect overall losses in anyway; (2) in many industries, traditional crime continues to have a much larger business impact that cybercrime; (3) retail has kept shrinkage in the range of 1.5 – 2% over the years, while spending 1-1.5% of revenue on loss prevention/shrinkage control, meaning a 3% loss of revenue to shrinkage and the loss prevention program is an acceptable cost of doing business.
Increasing spending in loss prevention without reducing shrinkage enough would result in a loss of profit, even if the absolute level of shrinkage went down. Can you talk similar language about the effectiveness of your spending on security controls to justify increases or changes?"
Probably ransom number record - 50 mil. $.
https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp/
https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp/
BleepingComputer
Computer giant Acer hit by $50 million ransomware attack
Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.
Another splendid example of Security awareness song. This time in Rap genre.
https://twitter.com/ArchieScorp/status/1373276414632415234
https://twitter.com/ArchieScorp/status/1373276414632415234
Twitter
Alexander Redchits
Хоть и не поклонник рэп-культуры, но данная композиция просто ТОП! Гимн кибербезопасности https://t.co/NyDjcOaojM
"When asked which top three threats are explicitly factored into their strategic risk management activities, 'cyber threats' was the most selected by UK CEOs and chosen by 75%, ahead of 'pandemics and other health crises' (62%), and 'uncertain economic growth' (57%).
Just over three three-quarters (77%) of UK CEOs say they plan to increase their investment in digital transformation in 2021. Meanwhile, concerns over the rate of technological change declined from 75% last year to 55% this year.
Two third of UK CEOs say they plan to increase investment in cyber security and data privacy. At a global level, cyber threats are the top concern for CEOs in the asset and wealth management, insurance, private equity, banking and capital markets, and technology sectors, according to PwC. "
https://www.zdnet.com/article/remote-work-makes-cybersecurity-a-top-worry-for-ceos/
Just over three three-quarters (77%) of UK CEOs say they plan to increase their investment in digital transformation in 2021. Meanwhile, concerns over the rate of technological change declined from 75% last year to 55% this year.
Two third of UK CEOs say they plan to increase investment in cyber security and data privacy. At a global level, cyber threats are the top concern for CEOs in the asset and wealth management, insurance, private equity, banking and capital markets, and technology sectors, according to PwC. "
https://www.zdnet.com/article/remote-work-makes-cybersecurity-a-top-worry-for-ceos/
ZDNet
Remote work makes cybersecurity a top worry for CEOs
Pandemics, hacks and economic growth are the top concern for UK CEOs.
API security becomes a ‘top’ priority for enterprise players | ZDNet
https://www.zdnet.com/article/api-security-becomes-a-top-priority-for-enterprise-players/
https://www.zdnet.com/article/api-security-becomes-a-top-priority-for-enterprise-players/
ZDNet
API security becomes a ‘top’ priority for enterprise players
As API attacks rise, the security surrounding their usage is now firmly on the radar.
Forwarded from Пост Лукацкого
NISTIR 8360 (Draft), Machine Learning for Access Control Policy Verification | CSRC
https://csrc.nist.gov/publications/detail/nistir/8360/draft
https://csrc.nist.gov/publications/detail/nistir/8360/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8360 (Draft), Machine Learning for Access Control Policy Verification
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and…