Category: Uncategorized

We use some essential cookies to make this website work.
We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services.
We also use cookies set by other sites to help us deliver content from their services.
You can change your cookie settings at any time.
Departments, agencies and public bodies
News stories, speeches, letters and notices
Detailed guidance, regulations and rules
Reports, analysis and official statistics
Consultations and strategy
Data, Freedom of Information releases and corporate reports
Published 23 February 2023

© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/research-on-cyber-security-disclosures-in-company-annual-reports/research-on-cyber-security-disclosures-in-company-annual-reports
The Department for Science, Innovation and Technology (DSIT) has commissioned Azets to carry out research into the prevalence and quality of cyber disclosures. The fieldwork will take place over telephone and online from February 2023 to March 2023. During this period some organisations will be contacted by Azets from their Edinburgh office (an 0131 number) or Glasgow office (an 0141 number) inviting them to take part. You may also receive an email to let you know Azets called and inviting you to reply. You may be offered the option of completing the interview online, and if so, you will receive the survey link via email from Azets: cyberdisclosures.research@azets.co.uk
Taking part is completely confidential and voluntary for all individuals and organisations. The interview is not technical and participants do not need any specific IT knowledge.
For more information, please see the document above.
One of the barriers to companies enhancing their cyber resilience is the lack of accountability and transparency to key stakeholders. One way in which we plan to address this issue is through the introduction of the Resilience Statement. This policy was proposed as part of the Department for Business and Trade’s wider reform of audit and corporate reporting and formed part of their public consultation on audit and corporate governance (p.48). The Resilience Statement will be a statement that forms part of a company’s annual report and will set out how a company is managing risk and building or maintaining business resilience over the short, medium and long-term. It will apply to all UK listed and private companies with 750 employees or more and £750m turnover or more. This includes companies traded on the Alternative Investment Market but not Limited Liability Partnerships, nor Public Bodies.
This research will support DSIT’ aim to better understand the effectiveness of current cyber disclosures by large organisations. The results of the research may be used to inform the supporting guidance for the cyber related aspect of the Resilience Statement, as well as informing wider government policy on cyber resilience. This will support the government’s work with industry and charities to make the UK the safest place to live and work online.
A sample of UK listed and private companies with 750 employees or more and £750m turnover or more. This may include companies traded on the Alternative Investment Market but not Limited Liability Partnerships, nor Public Bodies.
If you have any other questions, please feel free to contact evidence@dcms.gov.uk
Don’t include personal or financial information like your National Insurance number or credit card details.
To help us improve GOV.UK, we’d like to know more about your visit today. We’ll send you a link to a feedback form. It will take only 2 minutes to fill in. Don’t worry we won’t send you spam or share your email address with anyone.

source

NEW YORK, Feb 21 (Reuters) – AT&T Inc (T.N), the second-biggest U.S. wireless carrier, is exploring a sale of its cybersecurity division, potentially undoing an acquisition it completed five years ago, according to people familiar with the matter.
The sale of the cybersecurity business would add to a string of divestments AT&T has turned to in order to pay down debt following its $108.7 billion acquisition of Time Warner Inc in 2018, a deal it has since also unwound.
In the last two years, AT&T sold a 30% stake in its pay TV unit DirecTV to private equity firm TPG for $1.8 billion, and received $40.4 billion in cash by spinning off and merging its Warner Media business with Discovery Communications to form Warner Bros Discovery Inc (WBD.O).
AT&T has been working with Barclays Plc (BARC.L) to solicit potential bids for its cybersecurity business, which was called Alienvault when it was acquired in 2018 in a roughly $600 million deal, the sources said. It is not clear how much the business could fetch now.
The sources cautioned that no deal is certain and requested anonymity because the matter is confidential. AT&T and Barclays declined to comment.
AT&T's cybersecurity division helps small-to-medium-sized businesses keep their information technology networks, including laptops, desktops, servers and mobile devices, secure.
The acquisition of Alienvault was aimed at giving AT&T an edge in signing up and retaining corporate clients, but the deal's rationale has eroded as cybersecurity startups that offer cheap alternatives mushroomed.
AT&T reduced its net debt by about $24 billion in 2022 and is seeking to reduce it further to about $100 billion by 2025 from $132.2 billion at the end of December.
Credit ratings agency Moody's Investors Service Inc said in a note on Tuesday that paying down debt was central to AT&T's ability to invest in fiber and 5G wireless technology while continuing to afford paying out a dividend.
Our Standards: The Thomson Reuters Trust Principles.
Carmaker Stellantis will spend more than 200 million euros ($213.32 million) to manufacture four Fiat models in Algeria, it said on Sunday.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Access unmatched financial data, news and content in a highly-customised workflow experience on desktop, web and mobile.
Browse an unrivalled portfolio of real-time and historical market data and insights from worldwide sources and experts.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2023 Reuters. All rights reserved

source

According to research from CUJO AI Labs 67% of home computer networks are affected by at least one cybersecurity threat every month. Image: Pixabay/Giovanni Gargiulo
Listen to the article
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
A weekly update of the most important issues driving the global agenda

You can unsubscribe at any time using the link in our emails. For more details, review our

privacy policy.
Strengthening the cybersecurity of the power grid
March 15, 2023
The US has announced its National Cybersecurity Strategy: Here’s what you need to know
Akshay Joshi and Daniel Dobrygowski
March 9, 2023
How can companies manage the increase in cyberthreats?
Tobias Adrian and Caio Ferreira
March 8, 2023
How does your industry compare when it comes to the financial loss exposure of cyber threats?
Nicola (Nick) Sanna
March 7, 2023
7 trends that could shape the future of cybersecurity in 2030
Joanna Bouckaert, Ann Cleaveland and Matthew Nagamine
March 3, 2023
This one simple technique can help you avoid online scams, new research says
Yaniv Hanoch and Nicholas J. Kelley
March 1, 2023
About Us
Events
Media
More from the Forum
Partners & Members
Language Editions
Privacy Policy & Terms of Service
© 2023 World Economic Forum

source

With the pace of economic growth slowing and inflation at a multi-decade high, that has led many people living in the U.S. to start entertaining the “R” word: recession. In 2022 we’ve experienced what’s being coined a “technical recession,” or two consecutive quarters of negative growth in GDP (gross domestic product). President Joe Biden, however, has—so far—had a more optimistic outlook, saying the U.S. isn’t yet in a recession.
Whenever we do inevitably enter another recession, certain industries and types of businesses typically still grow, including health care, food, and transportation. Recession-proof businesses or industries are those that are more resistant to the economic effects of a downturn than others. And one industry that the average consumer may not think of as thriving during a recession is cybersecurity. 
“I believe cybersecurity is practically a recession-proof industry,” Cybersecurity Ventures founder Steve Morgan tells Fortune. “For organizations of any type or size globally, cybersecurity is mandatory. Without digital protection, a business will go out of business. Given the market demand, for anyone with cybersecurity experience, they are assured of good employment.”
Between 2013 and 2021, the number of open cybersecurity jobs worldwide grew 350% from 1 million to 3.5 million, according to Cybersecurity Ventures’ Boardroom Cybersecurity 2022 Report. In the U.S. alone, there were around 715,000 jobs yet to be filled as of November 2021, according to a report by Emsi Burning Glass (now Lightcast), a market research company. Additionally, Cybersecurity Ventures predicts that global spending on cybersecurity products and services between 2021 and 2025 will accumulate to $1.75 trillion.
“I don’t believe there’s any industry which is recession-proof, but I think that if there’s one industry which might be recession-proof it’s probably cybersecurity,” Adi Dar, CEO and founder of cybersecurity firm Cyberbit, tells Fortune. “Everyone is trying to recruit. Everyone is trying to hire. I think that it’s going to take years and years until maybe part of the gap is closed. I’m not sure it’s ever going to be completely closed.”
Cyberattacks are becoming more prevalent. The average number of attempted cyberattacks per company rose 31% between 2020 and 2021, to 270 attacks, according to Accenture’s State of Cybersecurity Report 2021. The average number of successful attacks per company was 29 in 2021, up from 22 the prior year. 
Because data and digital services are critical to business operations, it’s “imperative” to protect company assets, says Danny Allan, chief technology officer of data protection firm Veeam. 
“I believe that the cybersecurity industry is largely insulated from market downturns,” he tells Fortune. “Additionally, we are seeing increased focus on compliance and regulatory oversight from the public and the board during times of economic challenges.”
In fact, Cybersecurity Ventures’ Boardroom Security report also shows a growing need to focus on cybersecurity in the board of directors. By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, and by 2031 that will climb to more than 50%, according to the report. In 2021, just 17% of these companies had board members with cyber experience.
“Cybersecurity is the only line item that theoretically has no spending limit,” Morgan explains. “There is a budget before a company suffers a cyberattack or a series of them, and then there’s the actual spend that takes place afterward. What business isn’t going to do and spend whatever it takes to recover from being hacked?”
While we’ve seen vast growth in the cybersecurity industry that has seemingly no slowdown in sight, it’s still an industry that’s in its “infancy,” explains Mark Sasson, managing partner of Pinpoint Search Group, a cybersecurity recruitment firm.
“If we’re defining recession-proof as ‘no impact to the industry,’ I would say no, cybersecurity is not recession-proof,” he tells Fortune. “While the industry will surely continue to grow over time, the massive growth we’ve seen in the past couple of years is a symptom of an industry in its infancy needing to catch up to motivated threat actors.”
The huge cybersecurity talent gap worldwide is more a consequence of not having enough people with the skills necessary to fill these jobs as opposed to the result of a thriving industry, Sasson says. 
“This catch-up game will likely last in perpetuity as threats will continue to evolve based on technological advancement,” he adds. “What this translates to is the need for constant innovation—and constant innovation requires investment.”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the best doctorate in education programs, and part-time, executive, full-time, and online MBA programs.

source

Organizations today are scrambling to protect increasingly expansive digital assets from continually evolving cyber threats. 
For security professionals, it’s a constant firefight. 
Analysts in today’s SOCs are coming under mounting pressures: Not only are they expected to navigate the complexity of the modern hybrid enterprise, but they are equally required to protect corporate data wherever it resides. 
Indeed, in a recent Twitter poll, we found that almost 63% of respondents highlighted data security as being most important to their organization when establishing the need for effective cybersecurity services.
Unfortunately, succeeding in this arena has become an incredibly difficult task.
A recent global survey revealed that almost six in 10 organizations are receiving more than 500 cloud security alerts per day. The alert fatigue created by this volume of work has left more than half (55%) of firms in a position where they miss critical alerts weekly or even daily. 
Faced with a range of evolving threats, rising tides of alerts and lack of adequate resources to respond, security experts continue to become ever more worried about critical incidents slipping through the cracks that could lead to a hefty fine, data breaches and/or major reputational damages.
The anxiety facing many security professionals in this regard has come to be known as the fear of missing incidents (FOMI). Unfortunately, it’s a very real problem, leaving many analysts seriously stressed and burned out. 
Indeed, in our Twitter poll, 35% of cybersecurity professionals cited employee burnout as the most concerning issue relating to growing cyber threats.
Current ways of working have become outdated and unsustainable, creating a volatile operational cocktail. Where organizations lack the experience, skills and bandwidth needed to detect and manage security incidents and data, under-resourced analysts left to find impossible resolutions are regularly overwhelmed by alert fatigue and FOMI. 
Today, more than ever, change is needed. To turn this tide and better support security professionals, firms should embrace new technologies and techniques capable of solving these most pressing challenges.
In a previous Integrity360 poll, 52% of respondents pointed to artificial intelligence and machine learning as critical to futureproofing the security of their organization. However, investing in and implementing such technologies effectively can both be costly and require highly advanced skillsets. 
Automated solutions can undoubtedly help reduce the number of manual tasks analysts need to address. However, such systems can equally bring an additional layer of complexity for beleaguered security teams. Indeed, these solutions must be applied in tandem with better identification, diagnosis, and even prognosis of incidents for security professionals to focus their attention where it matters.
Fortunately, Managed Detection and Response (MDR) offers organizations a means of bridging this gap without breaking the bank. 
In simple terms, MDR is a cybersecurity service that combines technology and human expertise to detect threats that may have bypassed traditional defenses. 
It allows organizations to outsource some of the most complex aspects of modern security operations and tap into cutting-edge technology and expertise to rapidly identify and limit the impact of threats without developing highly complex in-house operations.  
For this reason, MDR is an effective resolution for companies that have found themselves completely overwhelmed or under-resourced in the security arena. Threats across the network, endpoint, cloud, SaaS, and identity can all be managed through MDR and tailored to a specific customer’s environment, removing any blind spots to better prevent cyber-attacks from escalating. 
What’s more, it will continuously ensure that organizations are ahead of the curve. Working with an expert third party will facilitate ongoing adaptability and continuous improvement in incident detection, investigation and responsiveness to maximize rapid containment of threats, incidents and vulnerabilities.
In other words, it takes the pressure off entities keeping pace with evolving threats, freeing analysts to focus on generating value rather than fighting fires in an endless arms race to build and manage better cyber security defenses.
By enabling organizations of all shapes and sizes to tap into advanced analytics and threat intelligence underpinned by a sophisticated mix of specialists and technologies, MDR is changing the game in cybersecurity.
For many, the door to easier incident detection and response has been opened, alleviating significant pressures on the SOC and increasing productivity. Organizations leveraging such services are well placed to react faster, more effectively and efficiently, targeting and heading threats off in real time.
MDR is undoubtedly a key ingredient in the future of security for many organizations, and a vital, accessible resource capable of easing the rising burdens on security professionals.

source

Add a bookmark to get started
Data breach notification obligations throughout Asia-Pacific remain in a state of flux, with several jurisdictions either expanding their existing regimes or introducing additional requirements in 2022. Against this backdrop, the cyber threat level continues to rise and organisations cannot afford to be complacent.
Organisations of any size and shape may be subject to cyber incidents, and it pays to be prepared. At a minimum, your organisation should know what its data breach reporting obligations are before the worst-case scenario happens.
To assist you in keeping up-to-date with key trends and upcoming changes, we have created an interactive map of the Asia-Pacific region. Navigate the map, selecting your jurisdiction of interest, for an overview of the current state of data breach notification requirements.
Download the interactive map
DLA Piper Navigating APAC Data Breach Notification Requirements 2023

© 2023 DLA Piper
Unsolicited e-mails and information sent to DLA Piper or the independent DLA Piper Relationship firms will not be considered confidential, may be disclosed to others, may not receive a response, and do not create a lawyer-client relationship with DLA Piper or any of the DLA Piper Relationship firms. Please do not include any confidential information in this message. Also, please note that our lawyers do not seek to practice law in any jurisdiction in which they are not properly permitted to do so.

source

Hackers and cybercriminals have been targeting crypto investors with two new malware threats that scout the internet for unwary investors to steal their funds. 
According to a recent report by anti-malware software Malwarebytes, two new cybersecurity threats, which include recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, have been deployed in campaigns aimed at stealing cryptocurrency from victims.
The new phishing attack’s victims are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines.
The company’s threat intelligence research team, Cisco Talos, said they observed the criminal scanning the internet for potential targets with an exposed remote desktop protocol (RDP) port 3389, a proprietary protocol that provides a user with a graphical interface to connect to another computer over a network connection.
The research said that the campaign begins with a phishing email “and kicks off a multi-stage attack chain in which the actor delivers either malware or ransomware, then deletes evidence of malicious files, covering their tracks and challenging analysis.”
The phishing email comes with a malicious ZIP file that contains a BAT loader script, which downloads another malicious ZIP file when a victim opens it. The malware also inflates the victim’s device and executes the payload, which is either the GO variant of Laplas Clipper malware or MortalKombat ransomware. 
“The loader script will run the dropped payload as a process in the victim’s machine, then delete the downloaded and dropped malicious files to clean up the infection markers,” the report detailed. 
Talos noted that a usual vector of attack for the criminals has been a phishing email in which they impersonate CoinPayments, a legitimate global cryptocurrency payment gateway. 
To make the emails look even more legitimate, they have a spoofed sender, “noreply[at]CoinPayments[.]net”, and the email subject “[CoinPayments[.]net] Payment Timed Out.” 
On this specific occasion, a malicious ZIP file is attached with a filename resembling a transaction ID mentioned in the email body, which allures the victim to unzip the malicious attachment in order to view the contents, which is a malicious BAT loader.
Ransomware and cybersecurity attacks continue to increase. However, victims have been increasingly unwilling to pay attackers their demands, according to a recent report by Chainalysis, which revealed that ransomware revenues for attackers plummeted 40% last year. 
It is worth noting that North Korean hacking groups account for a huge portion of illicit cyber activities. Just recently, South Korean and United States intelligence agencies warned that Pyongyang-based hackers are trying to hit “major international institutions” with ransomware attacks. 
In December 2022, Kaspersky also revealed that BlueNoroff, a subgroup of the North Korean state-sponsored hacking group Lazarus, is impersonating venture capitalists looking to invest in crypto startups in a new phishing method. 
A quick 3min read about today's crypto news!

source

More automation, not just additional tech talent, is what is needed to stay ahead of cybersecurity risks  CNBC
source

Don’t miss out on ET Prime stories! Get your daily dose of business updates on WhatsApp. click here!
The Reserve Bank of India (RBI) is monitoring developments related to Credit Suisse, though the Swiss lender’s limited size and scope in the country means that any major impact is unlikely, said people familiar with the matter. Local bond traders said the risk of contagion is negligible. Bankers said Credit Suisse India will have enough capital.
The Adani Group said Vinod Adani continues to be a part of the promoter group, in a stock exchange filing on Thursday.
Over a dozen online pharmacies are seeking an audience with health ministry officials to explain their stance over show-cause notices issued to them last month over sale of drugs in alleged violation of norms, top executives said.
Download The Economic Times News App to get Daily Market Updates & Live Business News.
ETPrime stories of the day
Stock Radar: Breakout from Triangle pattern may take the Sensex stock towards May 2022 highs; time to buy?
The Adani-Hindenburg fallout: ESG rating agencies can’t be onlookers when controversies break out
Replacement? Recall? Upgrade? Ola Electric’s word jugglery in the S1 Pro front-fork controversy
Trending Now
Popular Categories
Hot on Web
In Case you missed it
Top Calculators
Top Searched Companies
Top Definitions
Most Searched IFSC Codes
Top Prime Articles
Top Story Listing
Top Slideshow
Top Trending Topics
Top Videos
Private Companies
Popular Articles
Most Searched Articles
Trending Articles
Follow us on:
Find this comment offensive?
Choose your reason below and click on the Report button. This will alert our moderators to take action
Reason for reporting:
Your Reason has been Reported to the admin.
Log In/Connect with:
Will be displayed
Will not be displayed
Will be displayed
Stories you might be interested in

source

Unlocking Data as a Strategic Asset – Presented by ICF

Driving Cloud-first Strategies in the Public Sector – Presented by AWS

Accelerating Modern Government – Presented by KPMG

5G-Powered Smart Bases – Presented by Verizon
By Elias Groll
February 23, 2023
A forthcoming White House cybersecurity strategy document aims to force large companies to shoulder greater responsibility for designing secure products and to redesign digital ecosystems to be more secure, Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, said at a CyberScoop event Thursday. 
By “shifting the burden back from the smaller players” and toward larger players “that can build in security by design” the strategy aims to deliver broad security gains, Stewart Gloster said. The strategy documents also looks at how to “rearchitect our digital ecosystem” so “that we are creating future resilience,” she said. 
According to an early draft of the document obtained by Slate — which White House officials have emphasized is not a final document — the strategy includes a wide range of mandatory regulations on American critical infrastructure companies to improve security and authorizes law enforcement and intelligence agencies to take a more aggressive approach to hack into foreign networks to prevent attacks or retaliate after they have occurred. 
The strategy document is expected to broadly abandon the mostly voluntary approach that has defined U.S. policy in recent years in favor of more comprehensive regulation.
The Biden administration has worked to draft the strategy over the past year, an initiative that was spurred by a string of major breaches early in the administration — among them the SolarWinds and Kaseya breaches — that saw attackers exploit vulnerabilities at companies that occupy central positions in the computer security ecosystem.
Breaching these companies allowed attackers access to large numbers of client systems, and by mandating greater security requirements at companies that occupy these systemically important positions, the White House is looking to create security improvements for the large numbers of clients and users that rely on their services. 
The recently retired National Cyber Director Chris Inglis served as the primary author of the document, and following his retirement last week, the highly anticipated strategy is expected to be released imminently. 

source