Recent research shows that 56% of FTSE 100 employees reset their passwords monthly, costing over $1.7 billion annually. The cost of these password resets is estimated to be around $70 per reset, resulting in a total cost exceeding $156 million per month for the FTSE 100 alone. Julia O'Toole, CEO of MyCena Security Solutions, suggests that businesses should take control of their own access and passwords to eliminate the need for password resets. O’Toole emphasises that when employees know their passwords, companies are vulnerable to phishing attacks – a major cause of data breaches. To address password resets, businesses can regain control through access segmentation and encryption management solutions that generate strong random passwords for all systems, which are encrypted and distributed to employees. By implementing such solutions, businesses can eliminate password resets, reduce security risks, and save millions of dollars per year.

During the recent RSA cybersecurity conference, experts and officials expressed concerns about the use of artificial intelligence (AI) by cyber criminals. Criminals are using AI to automate personalised phishing attacks across email, voice and encrypted channels like WhatsApp. They’re also creating more sophisticated and believable disinformation campaigns. Experts fear that AI-powered software will enable attackers to breach corporate networks, disguise themselves to evade detection and extract data undetected. To fight against the growing threat, companies should ensure their systems don’t make an easy target for bad actors. Key defences include strong, unique passwords, system segmentation and ongoing employee education. Should a phishing attempt succeed, the defences are then designed to limit the damage as much as possible.

Cybersecurity company Dragos recently experienced a security incident where a known gang breached defences and attempted to encrypt devices. Although the threat actors failed to breach Dragos' network or cybersecurity platform, they did gain access to the company's SharePoint cloud service and contract management system. The breach occurred after the personal email address of a new sales employee was compromised before their start date, downloading data and intelligence reports typically reserved for customers. Dragos responded by disabling the compromised account, asserting that their layered security controls successfully prevented the threat actors from executing their objective of launching ransomware. The attackers were also unable to move laterally, escalate privileges, establish persistent access, or make any changes to Dragos' infrastructure.

The Business Research Company has officially published its Cybersecurity Insurance Global Market Report for 2023. The 200-page document takes inspiration from companies including AXIS Capital Holdings Limited, Lloyd’s of London Ltd., Zurich Insurance Group and many more. Standout figures show that the global cybersecurity insurance market grew from $11.95 billion in 2022 to $14.56 billion in 2023. The report is available to download as a PDF now.

The owner of fast-food chains KFC, Pizza Hut and Taco Bell has confirmed a data breach. Yum! Brands is sending out notification letters after it became away of a ransomware attack in January. The details leaked include some individuals’ names, driving licence numbers and ID card numbers. As a result of the attack, 300 restaurants were shut down in the UK. A spokesperson said: “While this incident caused temporary disruption, the company is aware of no other restaurant disruptions.”

A survey of IT security professionals has revealed that 40% are encouraged not to report a data leak. Findings from Bitdefender’s 2023 Cybersecurity Assessment Report revealed that 50% of organisations experienced a leak in the last year. Four in 10 across all the countries surveyed were advised to keep it quiet – a figure rising to 70% in the US. The main incentives for keeping schtum were fear of legal action, according to the report.