Ransomware catches people’s attention in part because it feeds on emotion. People click on links without looking at them first, and this remains one of the most common vectors for attack. While it may seem like the internet is filled with the same advice over and over again, even the most attentive person can slip up on a busy work day.

In our news roundup this week we have the rising costs of ransomware, how to avoid supply chain attacks (including covering the human element), and today’s social engineering. Check out our top advice and news from August.

Quick briefs: Top insights from August

2-Minute Read 🕒

5 ways to defend against supply chain cyberattacks

Supply chain attacks can sneak in to the best of code. Giving developers the power to prevent them (or act on them once a suspected attack might find a foothold in vulnerable code) requires having the right company culture. See how keeping this kind of attack top of mind can improve security by fostering a culture of open communication at the same time. Discover more ways to secure your software supply chain.

2-Minute Read 🕒

Spend wisely (not just more) to become cyber resilient

Sometimes, putting a little more money in ahead of time can save you dollars in the long run. Is there something in your life for which you’re willing to pay more to get a quality product, or because you know it will last a long time? The same can be true of future-proof cybersecurity tools. Whether it’s the decision to work inside- or out-of-house or what kind of tools to use, make sure you’re working smarter.

3-Minute Read 🕒

Ransomware costs expected to reach $265 billion by 2031

Every year, research company Cybersecurity Ventures produces a ransomware costs report. The 2021 edition places the cost of recovery from a successful ransomware attack at $20 billion. That’s based both on attackers aiming for higher takes and on an increasing number of attacks. What can employers do about it? Invest in awareness, know your tools and see more tips in this article.

Worth your while: In-depth coverage to sharpen your skills & tighten security

4-Minute Read 🕒

How number recycling threatens your privacy online

You may or may not have had cause to change your personal phone number at some time in your life. Or, you’ve worked in a job where you needed a work phone, then changed jobs and placed that phone in the hands of your former bosses. Phone companies recycle numbers and associate each one with its current SIM card, which attackers can use to their advantage. Maybe you’ve heard of SIM scams, where attackers lie about having lost a phone. See how this applies on an organizational scale and what employers can do about it.

3-Minute Read 🕒

A new directive for pipeline operators puts cybersecurity in the spotlight

In response to recent attacks, the United States Department of Homeland Security has provided a new security directive for pipeline operators. These cover a variety of requirements, including the hiring of a cybersecurity coordinator who is available 24/7 to the Transportation Security Administration and Cybersecurity and Infrastructure Security Agency 24/7. See what the government recommends for pipeline operators and what other infrastructure operators need to know in 2021.

3-Minute Read 🕒

Most digital attacks today involve social engineering

Everything always comes back to people. As the weak link in a cybersecurity fence, employees both make everything work and are a hot target for attackers. That’s why social engineering works. With social engineering being the most common type of attack found by Verizon Enterprise in 2021, employers would do well to watch out for them. Learn how to prevent social engineering attacks and what they look like today.

August’s expert insight: X-Force researchers uncover operational security errors plaguing Iranian threat group

IBM Security X-Force threat intelligence researchers have been keeping an eye on ITG18, a suspected Iranian threat group. That includes the discovery of led to the discovery of LittleLooter, a malicious custom Android backdoor that has not been previously linked to this threat actor. See what this means about the infrastructure and activity of the group today, as well as its scope and possible political motives related to attacking the Iranian reformist movement.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

More from Security Services

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today