The Cost of Not Prioritizing Cybersecurity [Weekly Cybersecurity Brief]

Cybersecurity threats are only growing. That means if companies do not act now to implement serious strategies, they are going to struggle to keep up with the pace it takes to prevent a cyber breach from impacting operations. And just as the threat landscape is expanding, so are the consequences of an attack. 

While malicious cyber activity becomes more commonplace, a new evolving threat reflects how quickly this trend is unfolding. Experts are warning of the rapidly growing and menacing presence of the Black Basta ransomware-as-a-service (RaaS) syndicate. According to The Hacker News, it has already targeted nearly 50 victims across the U.S., Canada, U.K., Australia and New Zealand that range in industries from manufacturing and transportation to cosmetics and pharmaceuticals within only about two months of discovery. The entity, which has connections to the Conti group, gains access to sensitive information that it uses, in turn, to extort ransom payments out of organizations. 

As groups deploying ransomware tactics increase, analysts expect that legislation around paying their demands will also strengthen. In a roundup of predictions for the direction of cybersecurity, Gartner just suggested that one in three countries may be in the process of introducing more laws dictating instructions for when and when not to make such payments. Some of the other projections made include cybersecurity becoming a more significant factor in choosing business partners and broader adoption of zero trust practices. As ZDNet reports, Gartner also foresees the extension of consumer privacy rights.

Carnival Corp just learned the hard way what failing to protect consumers from a cybersecurity breach can bring. Last week, a New York state regulator fined the cruise line company $5 million for cybersecurity violations. Stemming from incidents that occurred from 2019 to 2021 in which customer data was left unprotected, the state regulators stated that Carnival did not meet multi-factor authentication requirements. Reuters reports that they also found the company guilty of not training employees and of not properly disclosing one of the breaches. 

Considering these current affairs, it becomes evident that if companies do not take concerted efforts to prioritize cybersecurity, it could cost them in more than one way.

Key Takeaways:

“Cybersecurity Experts Warn of Emerging Threat of “Black Basta” Ransomware” – Ravie Lakshmanan, The Hacker News

https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html

  • Experts are warning of the rapidly growing and menacing presence of the Black Basta ransomware-as-a-service (RaaS) syndicate.
  • it has already targeted fifty victims across the U.S., Canada, U.K., Australia, and New Zealand that range in industries from manufacturing and transportation to cosmetics and pharmaceuticals within only about two months of discovery.
  • The entity, known for its ransomware tactics, has connections to the Conti group.

“Hacking gets dangerously real: 8 cybersecurity predictions to watch out for” – Steve Ranger, ZDNet

https://www.zdnet.com/article/hacking-gets-dangerously-real-8-cybersecurity-predictions-for-the-years-ahead/

  • Analysts expect that legislation around paying ransomware demands will strengthen.
  • Gartner also made other projections including cybersecurity becoming a more significant factor in choosing business partners and broader adoption of zero trust practices.
  • Plus, the firm predicted that consumer privacy rights will be extended.

“Carnival is fined $5 million by New York for cybersecurity violations” – Jonathan Stempel, Reuters

https://www.reuters.com/technology/carnival-is-fined-5-mln-by-new-york-over-cybersecurity-violations-2022-06-24/

  • A New York state regulator fined Carnival Corp $5 million for cybersecurity violations.
  • Stemming from incidents that occurred from 2019 to 2021 in which customer data was left unprotected, the state regulators stated that Carnival did not meet multi-factor authentication requirements.
  • The regulator also stated that the company did not train employees and failed to properly disclose one of the breaches.
Share

You Might Also Like...