Hello all, another week another roundup! Welcome back to the Positive Security News where it's not all doom and gloom in the cyber security industry!
LAPSUS$ cyber attack traced back to 16 year old
A few days ago, extortionist gang LAPSUS$ got access to the authentication service provider Okta through a remote takeover of one of their customer support engineer's internal accounts.
Now this is where it gets fascinating. Fortunately, 7 suspected members of the gang have been arrested in the U.K in connected with the attack. Supposedly...wait for it... aged only 16-21, with the 16 year old spearheading the operation!
What's more, the alleged prodigies may have also had a role in the incident at game developer and publisher company Electronic Arts, last July.
No CISSP, no 10+ years of experience, no degrees. What they do have is curiosity that, without guidance, led them to the dark side. Not only is the security industry losing out on fantastic talent by failing to adequately address the skills gap but it is losing talent to malicious organisations.
We think it's high time we re-evaluate barriers to entry in cybersecurity.
Source: The Hacker News
2. UK Cyber Security Breaches Survey shows Cyber is a growing boardroom priority
The 2022 Cyber Security Breaches Survey has recently been published by the DCMS within the UK. This years edition has a very promising statistic for the perception of cybersecurity within business!
The survey concluded that eight in ten businesses (82%) report that cyber security is a high priority for their senior management, up from (77%) in the previous year. Furthermore, seven in ten charities (72%) say their trustees believe cyber security is a high priority. It was identified that this change in perception was driven by greater understanding at the senior level of the risks cyber attacks pose.
The survey concluded that It is more common for larger businesses to say that cyber security is a high priority (at 95% for large businesses and 92% for medium businesses, vs. 82% overall). Work will have to be done to ensure small businesses have an understanding of the cyber risks they may face.
Overall, this is very promising stuff! A better understanding at board level is enabling businesses to see the importance of cyber hygiene.
3. Australian Government announces funding pledge to boost Cyber capabilities
A new funding pledge in the country’s new 2022-23 budget was announced to help boost Cyber capabilities. REDSPICE (Resilience, Effects, Defense, Space, Intelligence, Cyber and Enablers) is biggest cybersecurity investment in Australian history, at $9.9bn over the next decade.
This program will aim to provide new capabilities, enhance national cyber defence and many more features. The REDSPICE program will also look to create 1900 new jobs over the next decade for the ASD, a significant boost to their current workforce of 2300 individuals.
A big development for Australia's Cyber Industry!
And so that does it for this week's Positive Security News, be sure to stick around for next week's edition! Until then!