Cyber security news roundup: January 2022

We're rounding up some of the biggest cyber security stories of the past few weeks. In January, the government introduced new laws to tackle security vulnerabilities in the UK's supply chains, new figures highlighted the extent of cyber attacks in 2021, and it was revealed that more than 40 per cent of UK cyber professionals are considering looking for a new job in the next six months.

New laws aim to boost UK's cyber resilience

A new series of measures unveiled by the government this month will aim to increase the country's cyber resiliency following a series of high-profile breaches such as the SolarWinds hack and attacks on Microsoft Exchange Servers.

The laws, announced by the Department for Digital, Culture, Media and Sport, will aim to increase the security standards of outsourced IT services, which the department said are used by almost every British business. It noted that only 12 per cent of organisations review the cyber security risks coming from their immediate suppliers, while just one in 20 firms (five per cent) address vulnerabilities in their wider supply chain.

Minister of state for media, data and digital infrastructure Julia Lopez, said: "Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched. The plans we are announcing today will help protect essential services and our wider economy from cyber threats."

2021 'worst year on record' for data breaches, report shows

The last 12 months saw the highest number of data breaches on record, with cyber security incidents climbing by 68 per cent year-on-year, a new report from the US has revealed.

According to the Identity Theft Resource Center's (ITRC's) 2021 Data Breach Report, there were 1,862 recorded incidents in 2021, surpassing 2020's total of 1,108 and the previous record of 1,506 set in 2017. Of these, 83 per cent were said to involve 'sensitive information' such as personal details.

While the number of people affected by data breaches dropped by around five per cent last year, ITRC attributed this to a shift in the focus of cybercriminals toward smaller, more focused attacks, rather than large-scale data theft. The number of breaches also increased across all sectors, although the biggest rise was seen in manufacturing and utilities.

Morgan Stanley to pay $60 million over data breach failings

Financial services firm Morgan Stanley has agreed to pay a settlement of $60 million (£44.8 million) in order to end a legal claim brought on behalf of customers who had fallen victim to a data breach in 2020.

The class-action lawsuit represented around 15 million of the bank's users, alleging Morgan Stanley had not adequately safeguarded personally identifiable information by failing to fully wipe information from decommissioned data centre hardware.

The agreement illustrates the high costs that companies can incur to compensate customers and follows a separate $60 million fine imposed by the US Office of Comptroller of Currency for the data protection failure. Victims of the incident will be entitled to at least 24 months of fraud insurance services, while each class member can claim up to $10,000 for out-of-pocket expenses.

Ransomware vulnerabilities up by 29% in 2021, report finds

The number of vulnerabilities exploited by ransomware groups in order to infiltrate their targets has increased by nearly a third over the last 12 months, according to a new report from security vendors Ivanti and Cyware.

It found there was a 29 per cent rise in bugs in 2021, with 65 new issues uncovered, taking the total of known common vulnerabilities and exposures (CVEs) to 288. Of these, over half (56 per cent) are still being actively exploited by criminals.

Srinivas Mukkamala, senior vice-president of products at Ivanti, said: "Organisations need to be extra vigilant and patch weaponised vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritisation and automated patch intelligence to identify and prioritise vulnerability weaknesses and then accelerate remediation."

2 in 5 UK security managers 'considering moving jobs in 2022'

More than two out of five security managers in the UK (41 per cent) are considering quitting their jobs in the next six months, according to a new survey from security firm ThreatConnect.

Senior managers quizzed by the study reported an average turnover rate of 20 per cent within their organisation. What's more, 74 per cent of respondents reported this rate as rising in the past year, while nearly one in three (31 per cent) said they experienced difficulties recruiting people with the skills and talent required for cybersecurity.

The most common reason given for cyber security staff to move on was a lack of opportunities for home working, which was cited by 31 per cent of respondents. This was followed by high stress levels (26 per cent) and the promise of a better salary elsewhere (25 per cent).