Happy Friday!

Cycore, builds enterprise-grade security, privacy, and compliance programs for the modern organization. We take the hassle out of achieving compliance, increasing your security posture, and avoiding hefty privacy fines, so you can focus on what matters - your customers.

Make sure to follow our Cycore LinkedIn page and subscribe to receive updates on current events, trends, and industry news that matter to you.

In today’s rundown:

• Trends in cybersecurity budgets

• Weekly Security, Privacy, and Compliance News round-ups

• What Cycore found interesting this week!

Let’s dive right in.

What caught our attention: Cyber Spending Rises Modestly While Hacking Threats Evolve

Cybersecurity budgets are seeing modest increases in 2024, rising by 8%, compared to 6% in 2023, according to a survey of 755 chief information security officers (CISOs). Although spending growth is still well below the 17% surge in 2022, this uptick reflects a gradual recovery after pandemic-induced freezes in hiring and spending. Companies are recognizing the growing risks posed by sophisticated cyberattacks and emerging technologies, such as AI, which are driving the need for increased cybersecurity investments.

Cycore Analysis

The chart reveals some interesting trends in cybersecurity budget allocations:

• The majority of CISOs continue to report increased budgets in both years, highlighting the ongoing importance of cybersecurity investments.

• There's a slight overall shift towards budget reductions, as evidenced by the increase in decreased budgets and the small declines in both increased and flat budget categories.

• The changes, while noticeable, are not drastic, suggesting a relatively stable cybersecurity spending environment with some minor adjustments.

Despite the budget growth, the majority of CISOs (71%) reported only modest increases of up to 10%, with 30% seeing just 1-5% growth. This restrained rise in spending indicates companies are still cautious about committing to larger investments due to economic uncertainty, high interest rates, and macroeconomic factors. Interestingly, companies that significantly increased their budgets often did so in response to breaches or attacks, signaling a reactive approach to cybersecurity.

To read more click here.

Weekly Security, Compliance & Privacy Roundup

Cybersecurity

Emerging Threats and Vulnerabilities

• Microsoft warns of ransomware attacks on US Healthcare: Microsoft’s threat intelligence team observed the threat actor using a borrowed Gootloader infection to deploy INC ransomware on victim systems.

• CISA again raises alarm on hacktivist threat to water utilities: The alert comes just days after an attack against a water treatment facility in Kansas.
  

Incident Reports

• Hacker Claims Minor Data Breach at DELL; Leaks Over 10,000 Employee Details: A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns amid ongoing threats targeting businesses by tricking employees into phishing and phone call scams.

Security Innovation and Best Practices

• How to investigate ChatGPT activity in Google Workspace.

• Best practices for event logging and threat detection.

Privacy

Regulatory Updates:

• Judge declares NYC law on sharing food delivery customers’ data unconstitutional: A federal judge on Tuesday declared unconstitutional a New York City law requiring food delivery companies to share customer data with restaurants.

• Mozilla hit with privacy complaint over Firefox user tracking: Vienna-based advocacy group NOYB on Wednesday said it has filed a complaint with the Austrian data protection authority against Mozilla accusing the Firefox browser maker of tracking user behavior on websites without consent.

Privacy Breaches

One-third of the US population’s background info is now public: Cybernews exclusive research has revealed that a massive data leak at MC2 Data, a background check firm, affects a staggering amount of US citizens.

Data Protection Strategies:

• The privacy nightmare of Microsoft Copilot.

• Data Privacy: Trevor Horwitz Of TrustNet On 5 Things You Need to Know to Optimize Your Company’s Approach to Data Privacy

What Cycore found interesting this week:

Let's Build Trust

Work with us or follow along:

1. Cycore, builds enterprise-grade security, privacy and compliance programs for the modern organization. Partner with us.

2. Follow us on LinkedIn for security, privacy & compliance updates!

3. How else can we help? Feedback? Have a question? Reply to this email.

4. Know someone who would like this email? Forward it to a friend...

Your security & compliance ally,
Cycore Secure Team