惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
V
V2EX
博客园 - 【当耐特】
WordPress大学
WordPress大学
爱范儿
爱范儿
美团技术团队
宝玉的分享
宝玉的分享
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
小众软件
小众软件
量子位
Hugging Face - Blog
Hugging Face - Blog
B
Blog RSS Feed
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
博客园 - 叶小钗
GbyAI
GbyAI
Y
Y Combinator Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
G
Google Developers Blog
D
Docker
T
Tailwind CSS Blog
C
Check Point Blog
Last Week in AI
Last Week in AI
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
B
Blog
博客园 - 三生石上(FineUI控件)
博客园 - Franky
H
Help Net Security
MyScale Blog
MyScale Blog
U
Unit 42
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
L
LangChain Blog
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
Microsoft Security Blog
Microsoft Security Blog

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report
MeriTalk Sta · 2024-06-06 · via MeriTalk

By James Turgal, Vice President of Cyber Risk, Strategy and Board Relations, Optiv

The FBI recently released its annual Internet Crime Report for 2023, based on complaints received by the Internet Crime Complaint Center (IC3). The report paints a concerning picture of the cybersecurity landscape in the United States. With a record-breaking 880,418 cybercrime complaints filed in 2023, resulting in potential total losses that exceeded $12.5 billion, the need for a collective effort to strengthen national cybersecurity defenses is more critical than it’s ever been.

The 880,418 complaints are a nearly 10 percent increase in complaints received, and the $12.5 billion represents a 22 percent increase in losses suffered, compared to 2022. As alarming as these figures appear to be, they are likely much higher in reality, as there are many victims of cybercrime that don’t report to authorities. For instance, in the FBI’s report, they cite the Hive ransomware group and the fact that about 20 percent of Hive’s victims reported their incidents to law enforcement. If that 20 percent number remained consistent across the board, that would mean that there were more than 4.4 million cyber incidents in the past year. That number is simply too high.

Diving deeper into the report, there are several key areas that demand more attention if we want to bring cybercrime numbers down in 2024.

Investment Fraud Leads the Pack

Investment fraud emerged as the report’s most damaging cybercrime in 2023. Losses surged 38 percent to a whopping $4.57 billion, highlighting a troubling rise in sophisticated financial scams. This dwarfs all other cybercrimes tracked by the IC3. Business Email Compromise (BEC) scams resulted in $2.9 billion in losses, while tech support scams disproportionately impacted the elderly, resulting in $924 million in losses. Though overall losses were lower for tech support scams, the impact on individual victims, especially those with limited technical knowledge, can be devastating.

To combat these issues and improve numbers moving forward, we need a targeted approach. Investment awareness campaigns for younger adults, cybersecurity training for businesses, and tech-support literacy initiatives for seniors are crucial. Collaboration between law enforcement, financial institutions, and cybersecurity experts is also essential to disrupt fraudulent operations and hold attackers accountable. Most importantly, we all must remember that if anything seems too good to be true, it probably is. No matter the situation, it’s always better to take your time and ask people you trust before giving away your personal information.

Ransomware Back on the Rise

Following a brief period of decline in 2022, ransomware attacks came roaring back in 2023, with a 74 percent increase in reported losses ($59.6 million) and an 18 percent increase in complaints reported (2,825). These significant increases underscore the growing sophistication of cybercriminals who are exploiting a growing number of vulnerabilities for substantial financial gain. Specifically, the FBI has observed emerging trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate.

Ransomware’s resurgence demands a multi-faceted defense. Organizations must prioritize layered security, implementing robust controls across email, network, data, and endpoint protection. Breaking down security silos and integrating tools with an XDR platform is essential. This holistic view allows for a deeper understanding of attacker tactics, including emerging trends like double extortion and multiplatform threats. Frameworks like MITRE ATT&CK can further pinpoint vulnerabilities, while monitoring for activity associated with common attacker tools helps detect suspicious behavior.  Furthermore, regularly analyzing lessons learned and adapting your security controls is crucial for staying ahead of evolving threats.

Phishing Remains Relentless

While phishing came in 21st on the list of most lucrative crime types, with losses totaling $18.7 million, it was once again the most prevalent cybercrime overall with nearly 300,000 complaints to the IC3 in 2023. This was almost five and a half times the second most popular complaint – personal data breaches.

This highlights the constant threat that phishing poses due to a general lack of cybersecurity awareness. We can all be vigilant by clicking with care and staying wary of suspicious emails, texts, and messages on social media, no matter where we are. To fortify our defenses, public awareness campaigns and education is key. Regular training programs can equip individuals and organizations alike to identify phishing attempts. Organizations should also leverage eLearning courses and run simulated phishing exercises to further train their employees and keep phishing top of mind. Additionally, implementing multi-factor authentication adds an extra security layer which can make a big difference. Working together – individuals, organizations, and cybersecurity experts – we can significantly reduce the effectiveness of phishing attacks.

Looking Ahead

The FBI’s report highlights the growing threat of cybercrime, but it doesn’t have to define our future. By paying closer attention to the biggest threats, prioritizing cybersecurity awareness campaigns, fostering collaboration between public and private sectors, and implementing robust security measures, we can begin to turn the tide. Let’s make 2024 the year we collectively outsmart cybercriminals and create a safer digital landscape for everyone.

James Turgal is the former executive assistant director for the FBI Information and Technology Branch (CIO). He now serves as Optiv Security’s vice president of cyber risk, strategy and board relations. James has personally helped many companies respond to and recover from ransomware attacks and is an expert in cybercrime, cyber insurance, cybersecurity, ransomware and more. James draws on his two decades of experience investigating and solving cybercrimes for the FBI. He was instrumental in the creation of the FBI’s Terrorist Watch and No-Fly Lists.