Cyber Security Insights for Resilient Digital Defence

Leaders from cyber security sector come to RGU

Major figures from some of the top law enforcement agencies in the world are coming to RGU for an international cyber security conference. The University’s School of Computing has partnered with OSP Cyber Academy to host the Senior Leaders Cyber Summit on 31 August. Speakers include Cynthia Kaiser, Deputy Assistant Director of the FBI’s Cyber Division; David Charters, a former MI6 Intelligence Officer; and Chief Superintendent, Conrad Trickett, who leads Police Scotland’s Digital World Programme. The event has a distinct aim of discussing and setting out practical cyber security solutions which can be used at a national level and beyond. The Senior Leaders Cyber Summit will give a unique insight into the types of cyber security challenges faced by leaders across the globe.   Other speakers at the event come from a range of international sectors including academia, business and public services.   Irene Coyle, Chief Operating Officer of OSP Cyber Academy, says, “To bring this calibre of cyber security expertise and the diversity of the distinguished speakers to Aberdeen is truly remarkable. It is the perfect chance for people to hear from true leading lights in our sector. Working alongside RGU is perfect, as it means we can also use the University’s academic knowledge around cyber security to further accelerate awareness and engagement with this important part of our world.” As well as speakers, there will also be panel discussions and network opportunities for attendees. A senior leaders gala dinner is also being held at the Ardoe House Hotel later in the evening and this will also incorporate the Cyber Security Woman of the World Award.  Click here to find events happening around you.

Fighting a surge in AI-assisted cyber attacks with the help of AI

By Richard Massey, VP of Sales, EMEA at Arcserve With cyber attacks never ending, and its impact often lethal, organisations are constantly looking for ways to enhance their data resilience. It’s a back and forth battle, good guys versus bad guys, and recently the bad guys have taken a step forward. They’re using AI to ramp up the frequency and severity of their attacks. Worse, many newbies are jumping in to try their hand at cyber crime. Script kiddies with zero coding experience can grab off-the-shelf AI tools and create and deploy malicious software. Anyone with bad intentions can quickly develop and unleash malware that wreaks havoc on companies. For instance, readily available AI tools enable even unsophisticated actors to execute denial-of-service attacks, create phishing emails and launch ransomware. These attacks can be run simultaneously from numerous systems worldwide, making it nearly impossible for human operators to manually detect all the attacking systems accessing their websites or portals. Turning AI against the hackers It’s not all bad news for the good guys. AI and deep learning technologies are also potent weapons in the fight against cyber crime. AI-driven security solutions with self-learning capabilities can proactively respond to emerging threats and protect against a wide range of attacks — effectively putting the power back in the hands of organisations. For instance, AI security tools can detect anomalies and patterns indicative of malicious behaviour and stop attacks before they cause harm. This intelligent approach to data protection reduces reliance on reactive measures and empowers organisations to stay one step ahead of cyber criminals. AI and deep learning protection systems can also adapt and evolve to counter emerging threats. They can learn from past incidents and continuously improve their defence mechanisms. By leveraging techniques like transfer learning, these systems can update their knowledge base with the latest threat intelligence and ensure greater resilience against future attacks. These systems can also take proactive, automated actions based on predefined rules or learned behaviour. For example, upon detecting a security breach or anomaly, the system can automatically trigger measures like isolating affected systems or blocking suspicious traffic. This automated response reduces the time between detection and remediation, thereby minimising the potential impact of a cyber attack. AI in action Here’s an example of what AI looks like in action. There is a well-known threat in the cyber security industry called a remote administration tool. RAT can be embedded into a simple email attachment, such as a JPEG image, allowing cyber attackers to gain unauthorised access to a system. Antivirus engines typically detect RATs based on their signatures, then distribute an alert to all endpoints to identify and remove the RATs. However, attackers can easily modify their RATs, even slightly, to generate a different signature and evade traditional signature-based detection. To fight back, AI and deep learning technologies are crucial. Instead of relying solely on static signature matching, modern cyber security tools powered by AI can analyse the behaviour of files and processes. They can observe whether a file is executing specific actions or installing software. AI security tools can flag suspicious behaviour and prevent potentially malicious actions by learning and recognising patterns in these activities. This approach is more effective in detecting and stopping emerging threats. Attackers are constantly developing new methods to evade conventional cyber security measures, which makes it essential for organisations to keep pace. AI and deep learning can play a vital role in analysing actual threats and predicting potentially malicious actions based on observed patterns. Such a proactive approach enhances the security posture of organisations and helps them protect against evolving cyber threats. A still-evolving tool When implementing AI and deep learning tools, it’s essential to consider the challenges they may bring. We’ve discussed the benefits of AI, but it’s crucial to remember that mistakes can occur. AI is still evolving and is not 100% foolproof. Sometimes, it may misinterpret what is happening, disrupting data or system availability.  These disruptions might happen when the AI detects what it thinks are illegal activities. For instance, AI tools often work with a reliability score. An organisation can take preventive actions if the score falls below a preset threshold. However, these preventive actions may be unnecessary, resulting in unplanned downtime. As an evolving technology, AI cannot guarantee absolute perfection, and the threat of errors will always exist. Nonetheless, as more people use the technology and encounter various threats, AI systems will improve and become better at distinguishing real threats from non-threatening situations. Getting Started with AI Many companies are intrigued by AI’s potential but don’t know how and where to start with the technology. The easiest way is to work with reliable security solution providers well-versed in deep learning and AI and already incorporating the technology into their existing products. This approach enables end-users to embrace AI and apply it effectively in data resilience and cyber security. As the technology continues to evolve, we expect to see more inhouse AI and deep learning solutions developed and deployed. However, AI’s complexity will take some years to become mainstream. In the meantime, the most accessible and straightforward way for organisations to use AI to defend themselves is to engage with solution providers with readily available AI-powered tools that neutralise cyber attacks and protect against data loss. Click here for latest data centre news.

Hanwha Vision has been authorised by the CVE Program

Hanwha Vision has announced that it has been authorised by the CVE Program as a CVE Numbering Authority (CNA). In a demonstration of its commitment to best practice in cyber security, authorisation as a CNA allows it to identify, define and catalogue publicly reported cyber security vulnerabilities for the benefit of users, partners and the wider information technology and cyber security communities. The CVE Program is an international, community-based effort that relies on technology firms to share any vulnerabilities they discover, which are then assigned and published to the CVE list. In turn, IT and cyber security professionals use these records to coordinate efforts to prioritise and address these vulnerabilities. The list feeds the US National Vulnerability Database (NVD). “Authorisation as a CNA shows how seriously Hanwha Vision takes cyber security,” says Uri Guterman, Head of Product & Marketing at Hanwha Vision. “Being authorised as a CVE numbering authority represents a logical next step in Hanwha Vision’s ongoing commitment to cyber security and provides an added level of reassurance to users.” CNA authorisation will augment the work of the firm’s long established S-CERT department, where a dedicated team addresses all possible product security vulnerabilities and responds promptly in the event of a security vulnerability via documented security vulnerability response process and notice policy. With CNA status, the firm is able to publish CVE records and support a growing community of technology providers, as they work to minimise cyber security threats through swift and coordinated action. Click here for latest data centre news.

Schneider Electric partners with MK:U to develop smart campuses

Schneider Electric has announced a partnership with MK:U, part of Cranfield University. The two organisations will work closely together to shape the university courses of the future, ensuring that learning is applied to the real world, to prepare students to meet the current and future needs of the business world. Schneider Electric is investing with MK:U to train its degree apprentices in the coming years. Courses will include digital technology and solutions, cybersecurity, and a range of digital engineering options.  As the future campus of MK:U is developed, it will participate in the open tender process to provide expert advice on the smart technology required to create a sustainable-by-design campus from the ground up. Chris Collins, Country President and VP of Major Pursuits, Schneider Electric, says, “Students, businesses and the local community will all benefit from our partnership and the close collaboration that this will bring. Together, we can develop skills that are fit for future business, inspire a new generation, and help to promote DE&I talent to enter the STEM workforce though leading research and technology innovation projects.” “Working with MK:U, we will collaborate to innovate and promote sustainability to tackle the challenges of effective energy management that are critical to meeting net zero targets.” Professor Lynette Ryals OBE, Chief Executive of MK:U, says, “Close partnership with an organisation that has shared values and commitments to sustainability, inclusivity and representation in the industry is extremely important to us. MK:U is ‘built with business, for business’ and this partnership truly embodies this. This collaboration will help us shape education courses that will address the current and real challenges in the UK and ensure learning is aligned to business needs.” Click here for more on Schneider Electric.

Global Cyber Summit highlights Ukrainian experience amid geopolitical tensions

Nineteen Group, organiser of International Cyber Expo, has announced its programme for the annual Global Cyber Summit, sponsored by Sonatype, Opentext and Infoblox, and hosted at Olympia London on 26 and 27 September 2023. The summit returns with greater international appeal. Among other topics of discussion, guest speakers will provide the Ukrainian perspective on cyber security, in light of recent geopolitical events. With opening remarks by Professor Ciaran Martin CB, Chair of International Cyber Expo’s Advisory Council, the Global Cyber Summit assembles the industry’s great minds to review ongoing cyber threats, priorities and challenges. Uniquely, the programme this year invites advisors closely associated with Ukrainian government agencies to present their invaluable insight into the reality and impact of Russian cyber attacks on the country and beyond. Special guest speakers include, Oksana Kharchenko, a member of YouControl, who will delve into the challenges of managing sanctions risk in the current geopolitical setting; and Andrew Hural, Director, MDR of UnderDefense, who will reflect on the last 500 days of Russian cyber operations, determining the successes and failures of their espionage. Here are a few agenda highlights: Nicola Whiting MBE, co-owner of Titania Group, will reveal why diversity and inclusion efforts might be stalling and provide a new framework. Theresa Deumchen, Tech Policy Associate at Global Counsel, will examine the regulatory landscape concerning generative AI. Alexsander Gorkowienko, SecurityLabs’ Senior Managing Consultant at Spirent Communications, will explain how EU security regulations, such as the NIS 2 Directive, might affect businesses across the region. Jake Moore, Global Cyber Security Advisor at ESET, will shed light on his attempt to manipulate recruitment staff, land a job inside a company and gain full access to their data. Stewart Bertram, Head of Cyber Threat Intelligence at Elemendar, will utilise a mix of case studies and theories to expose the crossover between misinformation and cyber threat operations. Rashik Parmar, Group CEO of BCS, The Chartered Institute for IT, and Dr Saritha Arunkumar, IBM Public Cloud Worldwide Technical Leader - Security, will sit together on a panel to address the question: What does the rise of AI and quantum computing mean for the future of cyber security? Charlotte Hooper, Helpline Manager at The Cyber Helpline, will highlight the impact of cybercrime on individuals and what can be done to support them. Attendees can also take advantage of scheduled talks at the collocated International Security Expo. In fact, Joel Aleburu at Microsoft, will be speaking here about the role of cyber espionage in terrorist activities on the first day of the event, while Joe Wrieden, Intelligence Analyst at Cyjax, will assess the key role of Advanced Persistent Threats(APTs) in serious and organised crime on the second day. All sessions are CPD Certified. To register for free as a visitor: https://ice-2023.reg.buzz/dcnnAs press: https://www.internationalcyberexpo.com/press-pass-registration Click here for latest data centre news.

Infinidat appoints new regional director

Infinidat has announced the appointment of Richard Connolly as Regional Director for the UKI and the DACH (Germany, Austria and Switzerland) regions. Richard brings extensive experience selling enterprise storage, cyber security software, hybrid cloud storage, data centre solutions, and professional services to enterprise customers and service providers, including as a global sales director at Hitachi Vantara. He is responsible for driving sales growth in the UKI and DACH regions for Infinidat, reporting to Richard Bradbury, SVP, EMEA and APJ at Infinidat, effective immediately. “Richard Connolly is a strategic sales leader, who has a long, proven track record of exceeding sales growth targets. With his wealth of knowledge and his deep network of relationships with large enterprises across Europe, he will be an excellent leader to expand our market presence, continue to make our customers and partners more successful, and shift the balance of power in the storage industry to Infinidat’s award-winning enterprise storage solutions,” says Richard Bradbury, SVP, EMEA and APJ at Infinidat. "I am extremely excited to join Infinidat, recognised for the last 5 years as a leader in the Gartner Magic Quadrant for Primary Storage. Not only has the company substantially expanded and enhanced its enterprise solution portfolio in the last few years, but I strongly believe, with the business value, continuous innovation, and cyber storage capabilities that Infinidat offers to customers, we're well-positioned to solve some of the most complex problems and drive significant cost savings for enterprises," says Richard Connolly, Regional Director for the UKI and DACH regions at Infinidat. "Infinidat is one of the hottest companies in storage and I'm thrilled to contribute to the high-performance mindset that keeps customers at the centre of everything we do." Prior to joining Infinidat, Richard was the Director of Global & Strategic Accounts at Palo Alto Networks, where he drove large, cross-portfolio deals and transformed sales into a high-performance function. Before that, he worked at Hitachi Vantara as Global Sales Director, providing leadership to drive high sales growth. He also spent five years in sales roles at Avaya, leveraging professional services to improve outcomes for customers, particularly large financial service enterprises. Earlier in his career, he led infrastructure projects at JP Morgan and the Royal Bank of Scotland, among other major financial institutions. He earned an executive MBA from the London School of Economics. Click here for latest data centre news.

NCSC CEO warns AI must improve cyber security

The CEO of the National Cyber Security Centre has called for robust security systems in the early development of AI, amidst concerns that proper security measures are being overlooked. As businesses race to develop new AI products, a former intelligence chief explains that malicious attacks could have a “devastating” effect due to the rate AI is being developed in comparison to security. AI is set to play a huge role in many aspects of everyday life, from our homes and cities to high end national security, however, as businesses rush to develop products and secure their position in the market, the risk of misuse could act as a threat. The news follows the UK’s AI whitepaper, released earlier this year, which aims to put the UK on course to be the best place in the world to build, test and use AI tech after investing £2.5bn in the emerging technology since 2014. Suid Adeyanju, CEO of RiverSafe, comments, “AI-enabled cyber attacks present new challenges for security teams, adding increased complexities for organisations when protecting their devices and their data. Businesses evaluate their defence strategies to adapt, boosting their cyber security capabilities to ensure they are prepared for when an attack happens, either directly against their organisation or along the supply chain.” “Upskilling cyber workforces and ensuring diverse teams that can offer new and innovative ways of thinking to elevate expertise is an important part of the solution to defend against the new AI-powered threats. For businesses to protect themselves against the imminent and increasing threat of AI in cyber, strategies must be reassessed and more robust processes must be introduced.” Lindy Cameron, CEO of the NCSC, comments, "The scale and complexity of these models is such that if we don't apply the right basic principles as they are being developed in the early stages, it will be much more difficult to retrofit security." Click here for latest data centre news.

Acronis releases Mid-Year Cyberthreats Report

Acronis has released its ‘Mid-Year Cyberthreats Report, from Innovation to Risk: Managing the Implications of AI-driven Cyberattacks’. The study is based on data captured from many global endpoints and provides insight into the evolving cyber security landscape. It also uncovers the growing utilisation of generative AI systems by cybercriminals to craft malicious content and execute sophisticated attacks. The biannual threat report highlights ransomware as the dominant risk to small and medium size businesses. And while the number of new ransomware variants continues to decline, ransomware attacks’ severity remains significant. Equally concerning is the growing prominence of data stealers who leverage stolen credentials to gain unauthorised access to sensitive information.  “The volume of threats in 2023 has surged relative to last year, a sign that criminals are scaling and enhancing how they compromise systems and execute attacks,” says Candid Wüest, Acronis VP of Research. “To address the dynamic threat landscape, organisations need agile, comprehensive, unified security solutions that provide the necessary visibility to understand attacks, simplify context, and provide efficient remediation of any threat, whether it may be malware, system vulnerability, and everything in between.” According to the report's findings, phishing is the primary method criminals leverage to unearth login credentials. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464%, when compared to 2022. There has also been a 24% increase in attacks per organisation. Over the same frame, Acronis-monitored endpoints observed a 15% increase in the number of files and URLs per scanned email. Cyber criminals have also tapped into the burgeoning large language model (LLM)-based AI market, using platforms to create, automate, scale, and improve new attacks through active learning.  The cyberattack landscape is evolving Cyber criminals are becoming more sophisticated in their attacks, using AI and existing ransomware code to drill deeper into victims’ systems and extract sensitive information. AI-created malware is adept at avoiding detection in traditional antivirus models, and public ransomware cases have exploded relative to last year. Acronis picks up data about how these cybercriminals operate and recognises how some attacks have become more intelligent, sophisticated and difficult to detect. Drawing from research and analysis, key findings from the report include: Acronis blocked almost 50m URLs at the endpoint in Q1 2023, a 15% increase over Q4 2022.  There were 809 publicly mentioned ransomware cases in Q1 2023, with a 62% spike in March over the monthly average of 270 cases. In Q1 2023, 30.3% of all received emails were spam and 1.3% contained malware or phishing links.   Each malware sample lives an average of 2.1 days in the wild before it disappears. 73% of samples were only seen once. Public AI models are proving an unwitting accomplice for criminals looking for source code vulnerabilities, creating attacks and developing fraud prevention-thwarting attacks like deep fakes.  Cybercriminal gangs phish to acquire credentials, extract data and dollars, of note: Phishing remained the most popular form of stealing credentials, making up 73% of all attacks. Business email compromises (BECs) were second, at 15%. The LockBit gang was responsible for major data breaches. Clop breached a mental health provider’s system, affecting the personal and HIPAA-covered data of more than 783,000 individuals. BlackCat stole more than 2TB of secret military data, which included personal information of employees and customers, from an Indian industrial manufacturer. Vice Society compromised 1,200 servers and the personal information of 43,000 students, 4,000 academic staff and 1,500 administrative staff at the University of Duisburg-Essen in Germany. Breaches demonstrate major security concerns Traditional cyber security methods and lack of action let attackers in, the report shares: There is a lack of strong security solutions in place that can detect zero-day vulnerability exploitations. Organisations often fail to update vulnerable software in a timely manner, long after a fix becomes available.   Linux servers face inadequate protection against the cybercriminals who are increasingly going after them.   Not all organisations follow proper data backup protocol, including the 3-2-1 rule. With these trends in mind, Acronis emphasises the need for proactive cyber protection measures. A sound cybersecurity posture requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities. Leveraging an advanced solution that combines AI, machine learning, and behavioural analysis can help mitigate the risks posed by ransomware and data stealers.

Node4 announces the acquisition of ThreeTwoFour

Node4 has announced the acquisition of ThreeTwoFour to strengthen its cyber security offering and expand in the finance and banking sector. This is its third significant growth purchase in the last 18 months, having also bought risual and Tisski. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment, and governance. It also brings strong experience across the financial services sector. In addition, its expertise in M&A Cyber Due Diligence adds further capabilities to the company’s solutions and services portfolio.  The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, the company will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions.  Alex Coburn, Founder, ThreeTwoFour, along with his leadership team, will remain with the business as it integrates with Node4. The brand will also function as the consultative arm of security practice.   With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. Alongside its Cyber Essentials Certification, the firm provides expertise in various other sectors, such as data loss prevention, risk management and security architecture.

Indusface reveals cyber secure countries for business

Recent research has shown that 68% of high-revenue growth companies have embraced a hybrid model worldwide. With businesses enjoying remote or hybrid working, benefits including reduced maintenance costs, improved flexibility and extended talent pool, cyber security awareness has become more critical than ever. With this in mind, Indusface has been intrigued to find out the most secure countries for businesses to allow their employees to work from, by creating an index score based on cyber security data including DDOS attacks, phishing sites, malware hosting sites and compromised computers. Indusface found out that UK only ranked 12th most cyber secure European country and 40th in the global ranking, with an overall cyber security index score of 71.19/100. It has an average of 680 phishing sites and 750 malware hosting sites per 100,000 URLs, meaning that the chances of sites being fake or containing malware could be high. Top 10 most cyber secure European countries to work from RankCountryDDOS  attacks per 100,000 Internet UsersPhishing sites  per 100,000 URLsMalware  hosting sites  per 100,000 URLsCompromised  computers   per 100,000 internet users Cyber security index score (/100)= 1Finland793204304782.45= 1Belgium3142803901182.453Austria17526034013780.594Switzerland  2034604701778.09= 5Sweden9441039073676.31= 5Greece3863704402576.317Norway4753404901475.518France506108503174.92= 9 Germany1774805707573.89= 9 Estonia6985404401473.89 *Total DDOS attacks were counted between 2015 to 2021.  **Compromised computers = have been infected with the Gamarue botnet. The company found out that Finland and Belgium share the title of the most secure European countries for businesses to allow employees to remotely work from, each with a cyber security score of 82.45 out of 100.  Finland has received the second lowest number of DDOS attacks (79) during 2015 to 2021, only 29 attacks higher than France, who has the lowest among the top 10 European countries. This is an important factor for businesses to consider, as successful DDOS attacks could block your business sites and bring down all servers and connections you depend on.  Contributing to Belgium’s top ranking is that it has the lowest number of compromised computers per 100,000 internet users (11) in the country. Computers that have been infected with the Gamarue botnet open doors to hackers and make it easier for them to take control of your business data and devices. Belgium also has the second lowest malware hosting sites, with an average of 390 sites per 100,000 URLs.  Ranking third is Austria with an overall cyber security index score of 80.59/100. Boasting the lowest number of both malware hosting sites (34) and phishing sites (260) per 100,000 URLs, the country owns less sites that contain malware, making businesses less worried about sensitive information being stolen.  In fourth place is Switzerland with a cyber secure index score of 78.09/100. Sweden and Greece rank fifth place with a score of 76.31/100.  Five least cyber secure European countries to work from RankCountryDDOS  attacks per 100,000 Internet UsersPhishing  sites per 100,000 URLsMalware  hosting  sites per 100,000 URLsCompromised  computers per 100,000 internet users Cyber security score (/100)1Bulgaria167.4012201,17043051.822Serbia173.617807901,46753.833Lithuania560.7410108403855.774Romania118.0010407201,43556.015Croatia724.607503402,10556.57 Bulgaria ranks the least secure for businesses to allow employees to remotely work from, with a total cyber security score of only 51.82 out of 100. With 1,220 phishing sites and 1,170 malware hosting sites per 100,000 URLs, businesses in the country will need to be extra careful when identifying whether a website is genuine. Serbia owns one of the highest number of compromised computers per 100,000 internet users (1,467), which leads to its low cyber security score of 53.83, ranking as the second least cyber secure European country. Venky says, “attracting top talent through remote work can revolutionise your business. However, it also leaves your sensitive data and assets vulnerable to hackers. Therefore, it is important to be prepared to address remote work security risks. There are a few points when recruiting talents globally. “Firstly, you could consider which countries are least targeted by hackers and least risk to your cyber security. Secondly, look at regulations that govern data security. For example, GDPR is probably the gold standard when it comes to data security. Thirdly, research law enforcement. This indicates how quickly people will be punished when committing cyber crime. Fourthly, get to know the government grants. Cyber security grants are provided to SMBs who tend to be more susceptible to attacks. Finally, the level of cyber security awareness in the generation also affects how likely hackers would commit cyber crimes.”  Venky continues, “There is no one way to secure remote working but instead you should make remote work access security an integral part of your employee’s ongoing training and workplace culture. There are six best practices for secure remote working within your business.” The six best practices include: Create strong authentication  It starts by identifying the remote worker before a worker can access corporate data and assets. From this, a company can build audit trails of the actions against the identity. Update systems and encrypt devices Outdated technology could open doors to hackers with credential information like credit cards being stolen. Cases like this will have a fatal hit on a business’s reputation as well as cyber security. It is highly recommended that all the devices be updated and encrypted with SSL certificates. Conquer internal security risks Working habits could lead to malware or ransomware attacks that could put a company and clients at risk. Indusface recommends hosting full employee training on cyber security and making it fun. The team can get engaged in the training by setting up phishing email simulators so they could see the potential dangers in action.  Avoid weak or duplicate passwords Many businesses share duplicate passwords for multiple accounts. Research shows hackers rely on weak passwords when brute forcing PoS terminals. Use an automatic password generator to create safe and secure passwords company wide.  Only upload files to secure systems Hackers could upload their own files with malicious code that can be executed directly on company’s server. Therefore, it is important to avoid storing data in unencrypted storage, leaving data on devices without password protection, and attaching sensitive information directly into an email.  Secure web application security Using a combination of open-source CMS and cloud-based apps increases remote work risks. It should be considered as part of a company’s security policy to approve web app purchases and free downloads. The data was collected in June 2023 and is correct as of then.