This is the September news and product review from Cyberday. Our next Admin Webinar, to cover things live, will take place in December 2024. You can register for the webinar on our Webinars page closer to the date.
The NIS2 Directive will enter into force in October 2024, with the aim of protecting key and essential actors and maintaining the overall security of the digital infrastructure.
The national NIS2 laws of EU Member States must be in place by 17 October 2024, after which the directive will apply. Many EU countries are in the process of finalising their own laws and the implementation of the Directive is progressing well. There are some differences in national legislation, but because the NIS2 Directive is more detailed than its predecessor, the scope for Member States to influence national legislation is less. The differences are mainly found in the definition of sectors or in the emphasis given to security measures.
Currently there are 4 countries with finalized transitions regarding this: Belgium, Croatia, Hungary, Latvia
To help you, we have published a free NIS2 takeover using ISO 27001 best practices booklet. In our free e-book, we will guide you through the world of NIS2 and show you how to leverage ISO 27001 best practices to achieve compliance. Grab yours here: https://www.cyberday.ai/ebook
The RaaS cybercrime group RansomHub has already targeted 210 organisations since February 2024, targeting a number of key sectors, including water, IT, government, healthcare, food, finance, manufacturing, logistics and communications.
The RansomHub team has exploited vulnerabilities that were originally published. Features that have emerged in attacks include disabling anti-virus software, using intermittent encryption and deploying tools for network scanning and reconnaissance.
The RansomHub attacks highlight common trends seen in ransomware attacks:
The evolution of ransomware strategies highlights the urgent need for organisations to strengthen their cybersecurity against increasingly complex threats.
The fight against ransomware attacks has for years felt like a heavy and endless struggle, time after time, attack after attack. And if and when an attack is repelled or a cybercriminal group is caught, there is inevitably criticism that the measures taken are temporary and that cybercriminal groups will only regenerate and come back. One of the biggest challenges in combating ransomware attacks is their global nature. The only way to achieve results would be international cooperation, which is not the easiest to organise.
The use of increasingly sophisticated technology is needed to track and catch cybercriminals. In the case of ransomware, the aim is also to minimise the prey for criminals, with the aim of making fewer and fewer victims pay the attackers.
However, the past year has seen some of the biggest takedowns in history, with law enforcement agencies working together internationally and using new tactics. Perhaps this is the beginning of a new era?
According to the report, up to 25% of password reset requests are scams. In the UK, there are around 70,000 such attacks every week as cybercriminals try to take over the passwords of individuals. According to the report, desktop computer users are particularly targeted by reset attacks. The number of bot-triggered password reset attacks has increased by a staggering 1680%.
The introduction of multi-factor authentication and improved password reset functionality is crucial to protect against these attacks. Password reset systems should be as well managed as logon systems.
It would be important for organisations to raise awareness and train staff to recognise potential phishing attacks, such as the password reset request scams mentioned in this article. In addition to multi-factor authentication, the risk of being compromised can be mitigated, for example by password management systems.
Phishing techniques are constantly changing and evolving, and unfortunately they also get through the email filters. This is why it is so important to identify potential phishing messages to avoid major damage. In this article, we looked at a few phishing tactics that can help you avoid filters:
How does your organisation ensure that phishing attempts remain an attempt?
Now you can share your ideas with other Cyberday users and vote for your favourites! 🎉 We added a new Development ideas -section to Cyberday Community. Here you can post own ideas or vote for other ideas to bring them up on the lists. We're hoping many active users take part to bring their opinions visible and indicate which improvements would be truly beneficial! Learn about the new feature here.
All Cyberday users can now enable MFA through their own profile page. In the past, the use of multi-factor authentication has been the default situation when using Teams, and possible to enforce by an organization-level decision in the web UI.
Read more about the current development here.
We will be introducing national NIS2 legislation to Cyberday on demand. We have just published the Finnish Kyberturvallisuuslaki to support the NIS2 requirements framework. Next up is Belgium's CyberFundamentals and Norway's NSM ICT Security Principles.
ISO 9001 is a globally recognised quality management standard. It helps organisations of all sizes and in all industries to improve their performance, meet customer expectations and demonstrate their commitment to quality.
The upcoming frameworks for Cyberday are TISAX & National NIS2 Cybersecurity legistation
See the available and upcoming requirements frameworks in the Cyberday application or on the Frameworks website.
Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.
