PCR rounds up the biggest IT security news stories from the last week.
UK most targeted nation for spear phishing attacks
The UK is now the most targeted nation for spear phishing attacks. Also, cybercriminals revisited fake technical support scams in 2015, which saw a 200 per cent increase year-on-year.
In fact, the UK the second most targeted nation for cybercriminals globally, suffering 7,672,112 attacks in 2015.
Plus, in 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 per cent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks.
This data comes from Symantec’s Internet Security Threat Report Volume 21, which reveals an organisational shift by cybercriminals: they are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers.
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director, Symantec Security Response.
New EU data regulations branded ‘a mistake’
The Information Technology and Innovation Foundation (ITIF), a technology policy think tank, has expressed regret over the EU Parliament’s approval of Europe’s new general data protection regulation.
ITIF president Robert D. Atkinson said: “History will likely show that Europe’s new data protection regulation was a mistake. While the world is in the process of taking a giant step forward by marshaling the power of big data and the Internet of Things to grow the economy, improve governance, and solve pressing social problems, European policymakers have chosen to take two giant steps backward.
“The new regulation’s intent may have been to give citizens control of their personal data, but its provisions will be onerous in practice—like trying to sail with an anchor overboard. Large, medium-sized, and small businesses, entrepreneurs, civil society groups, and government all will have an unduly hard time using data to start new ventures, expand well-established ones, or enrich European citizens’ lives by discovering solutions to challenges in health care, education, or the environment.”
Following the news of a proposed Privacy Shield agreement in order to safeguard EU citizens’ personal information, Patrick Salyer, CEO of customer identity management experts Gigya, said: “The ongoing debate to ratify the EU Privacy Shield agreement proves, once again, that global consumer-data privacy regulations are constantly evolving, making it very challenging for companies to maintain compliance.
"The smartest companies will adopt a compliance strategy that offers agility for storing and protecting customer data regionally, while still sharing the data securely within the global enterprise."
The ransomware that knows where you live
Described as having a ‘threat level 10’, a new phishing email – linked to a malware called Maktub – is conning internet users.
Recipients are told they owe hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link. The link leads to malware, taking seconds to encrypt everything of value on the hard drive.
Maktub then demands a ransom in virtual currency Bitcoins, which increases in fee as time elapses.
Employees ‘the biggest IT security threat to businesses’
WinMagic has released a new study analysing the disconnect between end-user employees and IT managers.
Two simultaneous studies polled 1000 employees and 250 IT managers respectively from businesses across UK to discover the importance of IT and data security in the workplace.
The majority of employees (31 per cent) describe themselves as the biggest IT security threat to their businesses, followed by hackers (30 per cent).
Conversely, IT managers believe hackers represent the greatest threat (37 per cent) followed by employees (24 per cent) and a lack of rigid security policies (22 per cent).
Cyber Training Lab opens
IT Training company QA has launched a Cyber Lab designed to enable organisations to learn and practice how to defend themselves against a simulated cyber attack.
The 20-seat facility, based in the heart of London, allows cross business teams and IT security staff to simulate and react to a real life threat in a secure physical environment.
Board members can’t interpret cybersecurity reports
A report by Goldsmiths University and Tanium cybersecurity looks at why security chiefs are struggling to demonstrate the importance of cyber protection measures to their board members.
40 er cent of non-exec directors and C-suite don’t feel responsible for the repercussions of cyberattacks, while 91 per cent of the most vulnerable board members cannot interpret a cybersecurity report in the same way they’d read a financial report.
1 in 3 businesses unaware of benefits of specialised security for virtual environments
Almost three quarters (73 per cent) of companies are relying on standard Endpoint Security-class solutions to protect their virtual environments, potentially leading to reduced performance and creating an excessive load on their systems.
According to the findings of a recent survey, only 27 per cent of companies use security solutions that are specifically adapted for virtual environments.
Kaspersky Lab has also launched Kaspersky Security for Virtualization to provide virtual environment protection.
31% never pay contactless due to lack of trust
Future Thinking, the business intelligence research consultancy and Toluna carried out an online survey and analysed the results of over 2300 respondents across the UK.
31% of respondents say they never pay by contactless as they don’t trust it. 22 per cent of under 35 year olds don’t trust it, while 43 per cent of over 55s don’t use contactless because of trust issues.
Image source: Shutterstock