Alert: Cybersecurity Risks Continue as New Threats Emerge
Cybersecurity and data privacy events small and large continue to demand active vigilance and communication.
As cybersecurity threats continue to evolve, active vigilance and comprehensive risk management remain essential for organizations worldwide. The rapid expansion of remote work, coupled with the increasing reliance on cloud-based systems, has created new vulnerabilities that demand immediate attention. In 2023, organizations were grappling with the fallout from major cyberattacks, such as the SolarWinds breach, while new threats emerge daily. Apple’s recent security update, addressing critical flaws in iOS devices, highlights the need for ongoing awareness and action, as even minor software vulnerabilities can lead to significant breaches. In addition, cyberattacks on critical infrastructure and financial institutions, such as Australia’s Securities and Investments Commission (ASIC) and New Zealand’s Reserve Bank, further illustrate the global nature of cybersecurity challenges.
Now, ransomware and phishing attacks are increasingly sophisticated, with AI-powered threats becoming more prominent. Cybersecurity teams must now integrate AI-driven defenses, as well as focus on securing cloud environments. Emerging regulations, such as the EU’s Digital Operational Resilience Act (DORA), are pushing organizations to enhance their business continuity plans by integrating cybersecurity measures across their supply chains. Continuous updates to cybersecurity protocols, employee training on phishing and ransomware defense, and aligning cybersecurity strategies with business continuity plans are crucial for staying ahead of these evolving threats.
What to Know
None of this is new information. For example, looking back to just a few years ago, it seems the news headlines haven’t changed. What has happening in 2021, for instance?
Apple urged iPhone and iPad users to update devices to fix security flaws that can be “actively exploited” by remote hackers – noting that it was a serious threat. In 2024? The same thing is happening. And will likely keep on happening.
Looking behind us as more examples, there was a massive internet outage on Jan. 26, 2021, that impacted remote workers (and their distance-learning children) along the U.S. East Coast, slowing collaboration to a crawl for organizations that use Zoom, Google Gmail, and Slack. Verizon acknowledged an unspecified network issue as the cause. Again, the same thing is happening now in 2024. Not much has changed.
Australia’s financial sector was also dealing with delayed news about a cyberattack. The country’s corporate regulator, the Australian Securities and Investments Commission (ASIC), revealed that it had waited 10 days before informing financial institutions that its servers had been hacked in a breach that targeted file-transfer software. The attack also impacted the Reserve Bank of New Zealand and a law firm, Allens, that represents many blue-chip clients.
Walmart reacted to a data breach of its subsidiary Bonobos, a men’s clothing retailer it acquired in 2017. A cloud backup of its database was downloaded by a threat actor, an action that Retail Info Systems (RIS) said highlights the need for cybersecurity protocols for cloud-based retail systems. RIS noted that Gartner predicts that by next year at least 95% of cloud security failures will be the customer’s fault in neglecting to properly observe the shared responsibility model.
Keys to integrating cybersecurity with business continuity in risk management
Something as simple as a phone software update can quickly turn from a cybersecurity event into a business continuity event, or both. This is especially true now when organizations still have a large portion of their workforce working remotely and accessing company information via bring-your-own-device (BYOD) policies.
Cyber threats are clearly not diminishing, as we wrote about in a recent blog that looked at the top risks we will likely face in 2021. For example, Fortune 500 companies, the Pentagon and other U.S. government agencies are still addressing the vulnerabilities of last year’s SolarWinds hack. Analysis has revealed the scope of that attack reached 18,000 private and government users who downloaded a tainted software update that gave Russian hackers a foothold into victims’ systems.
SAI360 offers a comprehensive suite of IT Risk and Cybersecurity risk management technologies and training solutions on data privacy and information security that can help you stay ahead of malicious cyber actors.
We help organizations map risks to requirements, automate assessments against common risk and control frameworks, improve compliance with regulatory requirements, and improve overall business performance with compliance training focused on cybersecurity, data privacy, data protection, and information security regulations and best practices.