“Maturity” might seem an odd word to apply to security. As attacks become more frequent and complex, organizations need the agility to respond to new forms of cybercrime. Old ways of thinking are seldom useful in the ever-changing world of IT.
Cybersecurity
Security analysts are alarmed about a bug in software few people know about — the Log4j logging utility for Java applications. In November, researchers identified a zero-day exploit that affected the Java version of the Minecraft video game. Hackers were able to trick Log4j into storing specific character strings that allowed them to take control of the compromised machine. The hackers could then execute malicious code remotely, spread malware or steal sensitive information.
Cryptojacking has surged in the last two years as the value of the cryptocurrency market has skyrocketed. There were more than 51 million cryptojacking attacks in the first half of 2021 alone, according to the SonicWall Cyber Threat Report. Many attacks go unreported.
Cybercriminals have accumulated a vast amount of personally identifiable information over the years. Almost any information you might want is available on the Dark Web, often for a relatively small fee. But according to the nonprofit Identity Theft Resource Center, fraudsters are shifting their focus from consumers to businesses.
In a previous post, we discussed five important cybersecurity lessons we learned in 2021. Growing numbers of endpoints used outside the security perimeter have created significant new risks. Cloud misconfigurations are also a leading source of security threats, and protecting data across the extended environment is increasingly difficult. Users need more effective training so that they understand their cybersecurity responsibilities, and organizations are struggling to hire enough security experts to meet their needs.
