FCI

Bad practices in software development create vulnerabilities that malicious actors routinely exploit. This #CybersecurityAwarenessMonth, the #FBI and the Cybersecurity and Infrastructure Security Agency (CISA) urge software manufacturers to take ownership of customer security outcomes by avoiding the risky practices outlined in our new guide: https://lnkd.in/eibEV9Pu Our list does not include every inadvisable cybersecurity practice. The items present in the list were chosen based on the threat landscape and represent the most dangerous and pressing bad practices that software manufacturers should avoid.

?? (Dark Reading) A survey of CISOs reveals that while global information security spending is projected to reach $215 billion by the end of 2024, 44% of CISOs missed data breaches in the past year despite their tools. ?? A key concern is the lack of visibility into hybrid cloud infrastructure and data-in-transit, where 93% of malware hides. ?? Gaining visibility is a priority for 84% of CISOs. ?? ?? Is this a concern for you and your organization? Learn more about FCI's Endpoint Compliance Visibility solution: https://lnkd.in/eWrESFWP #fci #cybersecurity #visibility #ciso #cyberrisks #cyberdefense https://lnkd.in/e9QxfU7y

?? (Infosecurity Magazine) In Q3 2024, Microsoft was the most impersonated brand in phishing attacks, accounting for 61% of attempts, according to Check Point Research's Brand Phishing Ranking. ?? Apple remained the second most impersonated at 12%, while Google moved up to third place with 7%. ?? Alibaba made its debut in the top 10 at seventh, and Adobe re-entered the list at eighth. ?? Notable phishing attempts included fake websites impersonating Alibaba and WhatsApp, with the tech industry continuing to be the most targeted, followed by social networks and banking. ?? It's essential to regularly educate employees and users on recognizing phishing attempts, such as suspicious URLs, unsolicited emails, and impersonated brands. #fci #cybersecurity #phishing #threatintelligence #cybethreats https://lnkd.in/giVfwAUN

?? (Cyber News) Phishing attacks using QR codes, known as "quishing," are increasing in both volume and sophistication. ?? Sophos reported that attackers are using these tactics to steal corporate credentials from mobile devices, often bypassing traditional security defenses. ?? In a recent incident, Sophos employees were targeted with emails containing QR codes, directing them to phishing sites disguised as Microsoft365 login pages. ?? These attacks exploit a technique called adversary-in-the-middle (AiTM) to capture login credentials and bypass multi-factor authentication (MFA). ?? The increasing refinement of quishing campaigns is concerning, as QR codes are harder for users to decipher than traditional phishing URLs. #fci #cybersecurity #sophos #quishing #aitm #mfa #microsoft https://lnkd.in/gtgts48A

?? (Infosecurity Magazine) The Inside the Mind of a Hacker 2024 report from Bugcrowd reveals a sharp rise in hackers' confidence in AI technologies, with 71% now believing AI increases the value of hacking, up from 21% in 2023. ?? Generative AI tools are also being adopted by 77% of hackers. However, despite this rise, only 22% think AI outperforms human hackers, and 30% believe it can replicate human creativity. ?? Key findings show that AI adoption has introduced new attack vectors, and the threat landscape is evolving rapidly. #fci #cybersecurity #generativeai #hacker #threatintelligence #cybercrime https://lnkd.in/eJt_J88u

?? (Dark Reading) Mark Eggleston, now CISO at CSC, emphasizes the growing role of CISOs in privacy management, a shift he witnessed firsthand while building a privacy program for a national healthcare provider. ?? Traditionally handled by legal or compliance teams, privacy is increasingly being overseen by CISOs as privacy and cybersecurity become more intertwined due to regulatory pressures and technological advances like AI. ?? This trend, backed by data showing a rise in CISO responsibility for privacy, highlights the importance of cross-functional collaboration with legal, HR, and privacy leads. ?? To adapt, CISOs must expand their expertise in privacy laws, ethical frameworks, and data governance. #fci #cybersecurity #dataprotection #infosec #ciso #privacymanagement https://lnkd.in/e5PnieKP

?? (Cybersecurity Dive) The cost of a data breach has risen by 10%, with organizations facing an average of $4.88 million in expenses, according to IBM’s research. ?? Many companies pass these costs to consumers, which can harm competitiveness in a market already impacted by inflation. ?? One reason for the high costs is the lengthy recovery period, often taking over 100 days due to complex attacks and regulatory hurdles. ?? While proactive security investments, such as AI and employee training, can reduce breach costs, most organizations only invest heavily after an incident. ?? A shift from reactive to proactive cybersecurity strategies is needed to prevent future breaches and minimize costs. #fci #cybersecurity #databreach #costofbreach #investincyber https://lnkd.in/gVcHV3SY

?? (Cybersecurity Dive) Discover Financial Services is taking a cautious approach to adopting generative AI by implementing guardrails based on risk, ensuring that AI use is carefully evaluated for value across business functions. ?? With a "human in the loop" approach, Discover aims to mitigate risks while adhering to the National Institute of Standards and Technology's (NIST) AI risk management framework. ?? This strategy helps Discover balance AI innovation with risk reduction by identifying, quantifying, and monitoring risks. #fci #cybersecurity #discover #ai #threatintelligence #nist https://lnkd.in/erja7srk

?? (Bleeping Computer) OpenAI has disrupted more than 20 malicious cyber operations where attackers exploited its AI-powered chatbot, ChatGPT, for activities such as debugging malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. ?? The report confirms that mainstream AI tools have been used to enhance offensive cyber operations. ?? The Chinese group "SweetSpecter" targeted OpenAI employees, using ChatGPT to script attacks, while the Iranian groups "CyberAv3ngers" and "Storm-0817" leveraged ChatGPT for vulnerability research, developing custom malware, and scripting. ?? These cases demonstrate that AI can significantly aid cybercriminals in enhancing their operations at various stages, from reconnaissance to post-compromise activities. #fci #cybersecurity #threatintelligence #chatgpt #openai #cyberrisks https://lnkd.in/gRnVkVci

?? (The Record) A report by cyber insurance provider Coalition revealed that while the number of claims decreased in the first half of 2024, the average claim size rose by 14% to $122,000, largely due to the growing severity of ransomware attacks. ?? Ransomware claims saw a 68% increase in losses, with an average of $353,000 per claim, as larger businesses became primary targets. ?? Despite a decline in ransomware claims among medium-sized businesses, Coalition expects an uptick later in the year. ?? The average ransom demand was $1.3 million, with groups like Play and BlackSuit demanding even more. ?? Business email compromise (BEC) remained the most common type of claim, representing a third of all reported incidents. ?? Ransomware, BEC, and funds transfer fraud together accounted for 75% of claims. #fci #cybersecurity #ransomware #cyberclaims #bec #cyberinsurance https://lnkd.in/g8GBVx_f