You knew security would be a topic, didn’t you? Let’s do the big picture first.
The SEC has implemented new cybersecurity rules for SaaS systems, requiring public companies to disclose cyber incidents and ensure cybersecurity readiness. The rules apply to data stored in SaaS systems and connected third-party apps. The SEC’s approach is motivated by the rise in cybersecurity incidents and the lack of distinction between on-premise, cloud, and SaaS data breaches. SaaS security shortcomings and SaaS-to-SaaS connections also contribute to the SEC’s focus on improving cybersecurity. Organizations must assess and manage the risks associated with SaaS systems and connections to protect sensitive data and comply with regulations.
Ransomware groups saw a surge in victims in 2023, with a 49% increase in reported victims, according to Palo Alto Networks’ Unit 42. The rise was attributed to attacks exploiting zero-day vulnerabilities, such as the MOVEit Transfer software hack. Unit 42 also identified 25 new ransomware leak sites but noted that some had shut down. Law enforcement successfully disrupted prominent ransomware groups like Hive and Ragnar Locker. While illegal crypto activity decreased, ransomware revenue increased, suggesting attackers have adapted to improved cybersecurity measures.
According to Searchlight Cyber’s annual ransomware report, the Big Three ransomware groups are losing ground to new collectives. Although their attack output increased in 2023, their share of overall ransomware victims declined as the total number of operators grew. New groups such as 8Basem, Akira, and Rhysida emerged as active ransomware operators. The report also highlighted the fluid nature of ransomware operations, with groups dissolving and reforming under new names and borrowing tactics from rivals. Security teams are advised to track ransomware groups on the dark web to stay updated on the latest threats.
According to a report by Cohesity, despite having “do not pay” ransomware policies, 97% of UK organizations that fell victim to ransomware attacks in the past two years have paid the ransom. The research also found that many organizations are willing to pay millions to recover data and restore business processes. Respondents expressed concerns about their ability to deal with cyber-attacks and the need to improve executive awareness and data security responsibility.
A study by Commvault reveals an increasing synergy between IT and security teams in businesses as organizations recognize the need for collaboration to combat sophisticated cyber breaches. The study shows that the relationship between ITOps and security departments has become more interconnected, with shared objectives and united procedures. However, there is still progress to be made in setting up collective systems for security incident recovery.
Why do we care?
Despite progress, ransomware groups are finding lots of opportunities. I’m fascinated by their ability to adapt and reshape. This sets the groundwork for our next story.