Ransomware catches people’s attention in part because it feeds on emotion. People click on links without looking at them first, and this remains one of the most common vectors for attack. While it may seem like the internet is filled with the same advice over and over again, even the most attentive person can slip up on a busy work day.

In our news roundup this week we have the rising costs of ransomware, how to avoid supply chain attacks (including covering the human element), and today’s social engineering. Check out our top advice and news from August.

Quick Briefs: Top Insights From August

2-Minute Read 🕒

5 Ways to Defend Against Supply Chain Cyberattacks

Supply chain attacks can sneak in to the best of code. Giving developers the power to prevent them (or act on them once a suspected attack might find a foothold in vulnerable code) requires having the right company culture. See how keeping this kind of attack top of mind can improve security by fostering a culture of open communication at the same time. Discover more ways to secure your software supply chain.

2-Minute Read 🕒

Spend Wisely (Not Just More) to Become Cyber Resilient

Sometimes, putting a little more money in ahead of time can save you dollars in the long run. Is there something in your life for which you’re willing to pay more to get a quality product, or because you know it will last a long time? The same can be true of future-proof cybersecurity tools. Whether it’s the decision to work inside- or out-of-house or what kind of tools to use, make sure you’re working smarter.

3-Minute Read 🕒

Ransomware Costs Expected to Reach $265 Billion by 2031

Every year, research company Cybersecurity Ventures produces a ransomware costs report. The 2021 edition places the cost of recovery from a successful ransomware attack at $20 billion. That’s based both on attackers aiming for higher takes and on an increasing number of attacks. What can employers do about it? Invest in awareness, know your tools and see more tips in this article.

Worth Your While: In-Depth Coverage To Sharpen Your Skills & Tighten Security

4-Minute Read 🕒

How Number Recycling Threatens Your Privacy Online

You may or may not have had cause to change your personal phone number at some time in your life. Or, you’ve worked in a job where you needed a work phone, then changed jobs and placed that phone in the hands of your former bosses. Phone companies recycle numbers and associate each one with its current SIM card, which attackers can use to their advantage. Maybe you’ve heard of SIM scams, where attackers lie about having lost a phone. See how this applies on an organizational scale and what employers can do about it.

3-Minute Read 🕒

A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight

In response to recent attacks, the United States Department of Homeland Security has provided a new security directive for pipeline operators. These cover a variety of requirements, including the hiring of a cybersecurity coordinator who is available 24/7 to the Transportation Security Administration and Cybersecurity and Infrastructure Security Agency 24/7. See what the government recommends for pipeline operators and what other infrastructure operators need to know in 2021.

3-Minute Read 🕒

Most Digital Attacks Today Involve Social Engineering

Everything always comes back to people. As the weak link in a cybersecurity fence, employees both make everything work and are a hot target for attackers. That’s why social engineering works. With social engineering being the most common type of attack found by Verizon Enterprise in 2021, employers would do well to watch out for them. Learn how to prevent social engineering attacks and what they look like today.

August’s Expert Insight: X-Force Researchers Uncover Operational Security Errors Plaguing Iranian Threat Group

IBM Security X-Force threat intelligence researchers have been keeping an eye on ITG18, a suspected Iranian threat group. That includes the discovery of led to the discovery of LittleLooter, a malicious custom Android backdoor that has not been previously linked to this threat actor. See what this means about the infrastructure and activity of the group today, as well as its scope and possible political motives related to attacking the Iranian reformist movement.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…