US DATA BREACH VICTIM NUMBERS SURGE 1170% ANNUALLY BY PHIL MUNCASTER
In Q2 2024, the number of US data breach victims surged by over 1000%, despite a 12% decrease in the number of incidents, according to the Identity Theft Resource Center (ITRC). This rise is attributed to a few large breaches, with some larger organizations significantly increasing their reported victim counts. The first half of 2024 reportedly saw 1,571 data compromises, a 14% increase from H1 2023, with victims totaling over 1 billion. Financial services experienced a 67% rise in breaches, while healthcare breaches fell by 37%. Driver's License data was stolen in 25% of breaches, reflecting its growing use for identity verification.
CROWDSTRIKE UPDATE CRASHES WINDOWS SYSTEMS, CAUSES OUTAGES WORLDWIDE BY IONUT ILASCU
A faulty component in the latest CrowdStrike Falcon update is causing Windows systems to crash, affecting organizations globally. Users report massive outages, with systems stuck in boot loops or showing the Blue Screen of Death (BSOD). CrowdStrike identified the issue, related to a Channel File, and provided a workaround. The glitch has impacted emergency services in the U.S. and Canada, various airports, and hospitals, leading to grounded flights and disrupted services. Despite CrowdStrike's fix, the problem's widespread nature means the recovery process will be lengthy, particularly for large fleets and remote setups.
RANSOMWARE ATTACKS ARE HITTING ENERGY, OIL AND GAS SECTORS ESPECIALLY HARD, REPORT FINDS BY CHRISTIAN VASQUEZ
Ransomware attacks are increasingly impacting the energy, oil, and gas sectors, with longer recovery times and higher costs as victims are more willing to pay ransoms, according to a recent report. The study, based on a survey of over 200 cybersecurity leaders, notes that while attack rates are falling, recovery times are increasing, with more than half of victims taking over a month to recover, up from only 19% in 2022. Older technologies and insufficient IT staffing are cited as vulnerabilities, with nearly half of attacks exploiting unpatched vulnerabilities. The Biden administration has warned about Chinese-backed cyber threats to critical infrastructure, highlighting the severe operational impact of such attacks.
TREASURY GROUP UNVEILS GUIDANCE FOR FINANCIAL SECTOR ON CLOUD ADOPTION BY MATT BRACKEN
The Treasury Department and the Financial Services Sector Coordinating Council released secure cloud adoption guidance for financial institutions, addressing gaps identified in a February 2023 report. This effort, involving the Cloud Executive Steering Group, aims to bolster cybersecurity amid rising threats. Key resources include a cloud adoption roadmap, best practices for managing third-party cloud risks, and enhanced transparency for "security by design" practices. The guidance primarily targets small financial institutions, which often face challenges in cloud adoption and cybersecurity. Concerns were raised about the dominance of a few Big Tech cloud providers and the need for resilient cloud infrastructure to prevent financial crises.
ORGS ARE FINALLY MAKING MOVES TO MITIGATE GENAI RISKS BY JAI VIJAYAN
Enterprise security teams are increasingly implementing protective measures to manage the rise of AI-enabled applications since the launch of ChatGPT 18 months ago, according to a recent analysis of AI app usage. The study revealed that 77% of organizations now use blocking policies for generative AI apps, up from 53% last year, with many blocking multiple applications due to security concerns. Data loss prevention (DLP) tools are employed by 42% of organizations to restrict user submissions, indicating a more mature approach to security. Despite this progress, organizations show less focus on addressing risks associated with data received from these AI tools. The average organization uses nearly three times as many AI apps compared to last year, with ChatGPT being the most popular.
