fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Security Expert Coalition Shares Actions To Disrupt Ransomware

Security Expert Coalition Shares Actions To Disrupt Ransomware

The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model.

One of the priority recommendations refers to better regulating the cryptocurrency sector, which plays an essential part in obfuscating the threat actors and making ransomware attacks a lucrative endeavor.

Priority actions

In a document released today, the Institute for Security and Technology (IST) provides a list of 48 actions that governments and leaders in the private sector can adopt to seriously curb the ransomware threat.

Ransomware activity has grown constantly over the past years as cybercriminals increased their attacks to targets in both the private and the public sector (including healthcare and education branches).

The ransom demands last year averaged hundreds of thousands of U.S. dollars but the highest payouts were between $1 and $2 million for some ransomware gangs.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

Priority recommendations:

  1. Coordinated international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals
  2. The United States should lead by example and execute a sustained,  aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. In the U.S., this must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities;  mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
  4. An internationally coordinated effort should be developed to develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.

Congress help needed

Some of the rules developed within the Ransomware Task Force (RTF) require Congressional help to modernize some cybersecurity laws, such as the Cybersecurity Information Sharing Act of 2015 and the Computer Fraud and Abuse Act (CFAA).

The changes should incentivize ransomware victims to share anonymously ransomware payment details (cryptocurrency wallet addresses, transaction hashes, ransom notes).

They should also allow a broader set of actions to parties dealing with a ransomware incident “when acting in good faith without fear of legal liability.”

“The strategic framework is organized around four primary goals: to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the business model and reduce criminal profits; to help organizations prepare for ransomware attacks; and to respond to ransomware attacks more effectively” – Ransomware Task Force

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

RTF’s recommendations are designed for long-term effect once adopted and are likely to improve the cybersecurity posture of organizations. They can also tighten the collaboration between multiple actors dedicated to keeping the world safe from cyber threats.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us