Cybersecurity Institute News Roundup 13 May 2024

Welcome to this week’s Cybersecurity Institute News Roundup, a weekly overview of the some of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. This week’s roundup covers Antony Blinken’s RSA keynote speech, Microsoft’s security-based compensation plan, deniable encryption, and human error and other statistics.

?

Last week was RSA, one of the industry’s flagship global cybersecurity events, and this year saw US Secretary of State Antony Blinken giving the keynote. During his presentation, he highlighted the increasing importance of technology to global security, stability, and prosperity, as well as the State Department’s new international cyber strategy to defend against nation state attackers and other bad actors:

https://www.bankinfosecurity.com/boosting-us-tech-leadership-antony-blinkens-agenda-at-rsac-a-25134

?

After several high-profile security and privacy failures, Microsoft is tying its senior leadership team pay directly to the progress the company makes towards its stated security plans and milestones. Now, that’s putting your money where your mouth is!

https://arstechnica.com/information-technology/2024/05/microsoft-ties-executive-pay-to-security-following-multiple-failures-and-breaches

?

Next up we dive into the concept of ‘deniable encryption’, which outlines how to encrypt a message in such a way that we can provide a key that would reveal a different message. Although written by an ‘amateur’, the blog does into a good amount of detail about the requirements, use cases, and challenges:

https://ayende.com/blog/200993-C/deniable-encryption

?

In this week’s report from the Institute of Really Obvious Studies’, the Verizon Data Breach Investigations report (DBIR), a cyber almanac of sorts, reports a 180% year-over-year increase in successful cyberattacks with the human factor being the single largest root cause. And it’s not just user error, cyber defenders and security engineers are also suffering from fatigue which can compromise their effectiveness in warding off attacks. While we can joke that human error being at the centre of so many breaches, it does highlight the need for ongoing awareness and training, and the need for continued advancements in identity protection and verification:

https://www.databreachtoday.com/verizon-dbir-cyber-defenders-are-facing-exploit-fatigue-a-24989

?

More broadly, a round up of current cybercrime statistics from the year thus far reveals that 71% of phishing attacks still rely on email links, 98% of businesses are linked to breached third parties, and there has been a year-over-year doubling of active ransomware groups:

https://www.helpnetsecurity.com/2024/05/07/cybercrime-stats-2024/

?

Be sure to share your thoughts on these stories in the comments and let us know what articles have caught your eye recently?