SoylentNews

Arthur T Knackerbracket has processed the following story:

The average cost of a data security breach has hit another record-high of $4.35 million per incident, growing 12.7% over the past two years. And some businesses are passing the buck to customers, even as the cost of products and services has climbed amidst inflation and supply chain constraints. 

This year's figure was up 2.6% from last year's $4.24 million per breach, according to IBM's 2022 Cost of Data Breach report, which further revealed that 83% of companies surveyed had experienced more than one data breach. Conducted by Ponemon Institute, the report analysed 550 organisations across 17 global markets that were impacted by data breaches between March 2021 and March 2022.

Just 17% said this was their first breach. In addition, 60% said they increased the price tag on their products and services due to losses suffered from the data breach. They also continued to chalk up losses long after the breach, where almost half of such costs were incurred more than a year after the incident. 

Organisations in the US saw the highest average cost of a breach, which climbed 4.3% to $9.44 million, followed by the Middle East region where the average cost clocked at $7.46 million this year, up from $6.93 million in 2021. Canada, the UK, and Germany rounded up the top five pack, chalking at average losses of $5.64 million, $5.05 million, and $4.85 million per breach, respectively. 

Six markets, including Japan, South Korea, and France, amongst the 17 markets analysed saw a dip in their respective average breach cost. 

Across the board, companies took an average of 207 days to identify the breach and 70 days to contain it, down overall from last year's average of 212 days to identify and 75 days to contain the breach.

Some 19% of breaches were the result of supply chain attacks, costing an average $4.46 million and clocking a lifecycle of 26 days longer than the global average of 277 days, which measured the combined time to identify and contain a data breach. Supply chain breaches were due to a business partner being the initial point of compromise. 

Human errors, which encompassed negligent actions of employees or external contractors, accounted for 21% of incidents, while IT failures--the result of disruption or failure in a company's IT systems that led to data loss--were behind 24% of breaches. The latter included errors in source codes or process failures, such as automated communication errors. 

Some 11% of breaches were ransomware attacks, up from 7.8% last year and at a growth rate of 41%, but the average cost of such attacks dropped slightly to $4.54 million from $4.62 million in 2021. 

Attacks from stolen or compromised credentials remained the most common cause of a data breach, accounting for 19% of all incidents this year, the report found. Breaches from stolen or compromised credentials cost an average $4.5 million per incident and had the longest lifecycle of 243 days to identify and 84 days to contain the breach. 

Phishing was the second-most common cause of a data breach, accounting for 16% for overall attacks, but the costliest with an average $4.91 million in losses. 

[...] Amongst organisations that suffered ransomware attacks, those that paid up clocked $610,000 lower breach costs--excluding cost of ransom--compared to those that chose not to pay.

In addition, 62% of companies that said they were insufficiently staffed to support their cybersecurity needs saw an average $550,000 higher breach costs than those that were adequately staffed.

Original Submission

Arthur T Knackerbracket has processed the following story:

The "glass ceiling" is a metaphor for the barriers facing women and various minorities in the workplace when they strive for promotion or other improvements in their career. Research published in the International Journal of Services and Operations Management, compares the phenomenon in the European Union and the U.S.

Saška Gavrilovska and Balasundram Maniam of the Sam Houston State University in Huntsville, Texas, U.S., have found that the glass ceiling has been raised somewhat in recent times with many women and members of minority groups achieving higher mid-level positions at many companies and institutions. However, the barrier is still very much in evidence in terms of limited opportunities to break through the glass ceiling to top-level management positions. The team suggests that personality differences, discrimination, and the challenges of motherhood and childcare often reinforce the glass ceiling.

Earlier work and common experience suggest that there remain significant inequities between men and women and between majority and minority groups. Pay and grade disparities remain strong. To reduce workplace discrimination and promote gender and equality in general, there is a need for improved rights and policies, which should be adopted by companies and enacted in law. The EU and U.S. do have in place policies to improve rights, but there are many gaps, oversights, and loopholes that mean the glass ceiling, while slightly higher than in the past, remains a major barrier for women and minority groups.

Citation:Saška Gavrilovska et al, The glass ceiling phenomenon in the US and EU labour market: a comparative study, International Journal of Services and Operations Management (2022). DOI: 10.1504/IJSOM.2022.124282

Original Submission

Arthur T Knackerbracket has processed the following story:

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday.

According to the report by researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the year prior. Fake Facebook messages are up 177 percent in the second quarter of 2022 within the same timeframe.

The study by Vade analyzed unique instances of phishing URLs used by criminals carrying out phishing attacks and not the number of phishing emails associated with the URLs. The report tallied the 25 most commonly targeted companies, along with the most abused industries and days of the week for phishing emails.

Other top abused brands in phishing attacks include Credit Agricole, WhatsApp, and French telecommunications company Orange. Popular brands also included PayPal, Google and Apple (see chart).

Through the first half of 2022, 34 percent of all unique phishing attacks tracked by the researchers impersonated financial services brands. The next most popular industry for criminals to abuse is cloud and the firms Microsoft, Google and Adobe. Social media was also a popular target with Facebook, WhatsApp and Instagram leading the list of brands leveraged in attacks.

Original Submission

Arthur T Knackerbracket has processed the following story:

Today, if a parent smacks a child mid-tantrum in the supermarket, they are likely to get looks of disapproval from other shoppers. Smacking is not as socially acceptable as it used to be.

Recent research shows only 15% of people aged 16–24 view physical discipline as necessary to properly raise children. This compares with 38% of people over 65.

But it still happens—and it is very harmful to children. So we need to help parents find alternative methods of discipline.

In 2017, the royal commission into child sexual abuse recommended a national study on how common child abuse is in Australia. Early findings released last month revealed 61% of those aged 16–24 said they were physically hit for discipline four or more times during their childhood.

The research also found those who were hit had almost double the risk of depression and anxiety. This partly because those who had been smacked as a child may have also experienced other forms of mistreatment, such as harsh parental reactions, neglect or insufficient support.

This fits with other research showing negative consequences if children are smacked or hit. A 2016 review of more than 70 international studies showed it was linked to reduced compliance with parents' instructions over time, children having increased aggression and antisocial behavior, mental health problems, and lower self-esteem.

In adulthood, it is also linked to antisocial behavior and being either a victim or perpetrator of intimate partner violence.

Currently, the use of reasonable force for the purpose of discipline in the home remains lawful under criminal law provisions or common law principles made by courts. This is despite the fact it is illegal in most Australian states and territories in other settings such as schools, or between adults—where it is classed as assault.

Many countries are changing their laws because they understand the harms and because it is a violation of children's right to live a life free from violence. Already, 63 countries have banned corporal punishment for children, including New Zealand, Sweden, Denmark, South Korea, Wales, Scotland, France and Japan.

[...] The good news is there are evidence-based alternatives to smacking. These are strategies that aim to help children understand what behaviors are expected, teach them to work through their feelings and learn how to repair a situation or solve a problem.

These approaches lead to much better outcomes for parents and children, including more realistic expectations on the part of the parent and a better relationship between the parent and child. They also improve a child's well-being and mental health.

Here are some approaches to consider with your child:

• Children need to know how you want them to behave and for this to be clear. An example might be: "It's not OK to hit your brother" or "You can't take lollies off the supermarket shelves without asking me first."

• Anger is contagious, so try not to lose your temper in front of your kids. Instead, pause before you react: take three deep breaths, have a cold drink of water, or step outside for a moment.

• Parents need to show how they manage their own emotions—or make amends when they act in less-than-ideal ways. Parents should be brave enough to say "I'm sorry I got angry and shouted at you. I wasn't very patient."

• Kids can be uncertain or confused by their emotions. So, try and help them understand their feelings. This could include saying something like "I can see you felt left out and jealous."

• Also validate their emotions because this helps them feel accepted by you while learning to understand and manage their feelings. For example, say "It's difficult when this happens."

• When they are calmer, you could explore other feelings behind their actions.

• This is about separating feelings (jealousy, frustration) from behavior (hitting). All feelings are okay, but not all behaviors.

• No one can think, talk or listen properly if they are upset. Take time to do some breathing or something soothing with your child. Or perhaps they need a run around to release strong feelings.

• When everyone is calmer, help them work out the solution or next step. This teaches them how to resolve situations, repair relationships and take responsibility for their behavior. You might say something like, "It can be embarrassing saying sorry to someone you've been angry with. What do you think might help?"

• If something is broken, children might need to fix it, use pocket money to replace it, or explore what might make the situation better.

• Children need family rules about behavior and it can be useful to discuss what should happen if these are broken.

Getting discipline right is not easy as a parent, grandparent or caregiver. And this can be especially difficult if you were brought up with smacking (and have older relatives telling you it is "fine").

Original Submission

Arthur T Knackerbracket has processed the following story:

Researchers at the U.S. Department of Energy's (DOE) Princeton Plasma Physics Laboratory (PPPL) have found a way to build powerful magnets smaller than before, aiding the design and construction of machines that could help the world harness the power of the sun to create electricity without producing greenhouse gases that contribute to climate change.

The scientists found a way to build high-temperature superconducting magnets that are made of material that conducts electricity with little or no resistance at temperatures warmer than before. Such powerful magnets would more easily fit within the tight space inside spherical tokamaks, which are shaped more like a cored apple than the doughnut-like shape of conventional tokamaks, and are being explored as a possible design for future fusion power plants.

Since the magnets could be positioned apart from other machinery in the spherical tokamak's central cavity to corral the hot plasma that fuels fusion reactions, researchers could repair them without having to take anything else apart. "To do this, you need a magnet with a stronger magnetic field and a smaller size than current magnets," said Yuhu Zhai, a principal engineer at PPPL and lead author of a paper reporting the results in IEEE Transactions on Applied Superconductivity. "The only way you do that is with superconducting wires, and that's what we've done."

[...] High-temperature superconducting magnets have several advantages over copper magnets. They can be turned on for longer periods than copper magnets can because they don't heat up as quickly, making them better suited for use in future fusion power plants that will have to run for months at a time. Superconducting wires are also powerful, able to transmit the same amount of electrical current as a copper wire many times wider while producing a stronger magnetic field.

The magnets could also help scientists continue to shrink the size of tokamaks, improving performance and reducing construction cost. "Tokamaks are sensitive to the conditions in their central regions, including the size of the central magnet, or solenoid, the shielding, and the vacuum vessel," said Jon Menard, PPPL's deputy director for research. "A lot depends on the center. So if you can shrink things in the middle, you can shrink the whole machine and reduce cost while, in theory, improving performance."

Original Submission

hubie writes:

By identifying clouds in data collected by NASA's Mars Reconnaissance Orbiter, the public can increase scientists' understanding of the Red Planet's atmosphere:

NASA scientists hope to solve a fundamental mystery about Mars' atmosphere, and you can help. They've organized a project called Cloudspotting on Mars that invites the public to identify Martian clouds using the citizen science platform Zooniverse. The information may help researchers figure out why the planet's atmosphere is just 1% as dense as Earth's even though ample evidence suggests the planet used to have a much thicker atmosphere.

The air pressure is so low that liquid water simply vaporizes from the planet's surface into the atmosphere. But billions of years ago, lakes and rivers covered Mars, suggesting the atmosphere must have been thicker then.

[...] "We want to learn what triggers the formation of clouds – especially water ice clouds, which could teach us how high water vapor gets in the atmosphere – and during which seasons," said Marek Slipski, a postdoctoral researcher at NASA's Jet Propulsion Laboratory in Southern California.

That's where Cloudspotting on Mars comes in. The project revolves around a 16-year record of data from the agency's Mars Reconnaissance Orbiter (MRO), which has been studying the Red Planet since 2006. The spacecraft's Mars Climate Sounder instrument studies the atmosphere in infrared light, which is invisible to the human eye. In measurements taken by the instrument as MRO orbits Mars, clouds appear as arches. The team needs help sifting through that data on Zooniverse, marking the arches so that the scientists can more efficiently study where in the atmosphere they occur.

[...] While scientists have experimented with algorithms to identify the arches in Mars Climate Sounder data, it's much easier for humans to spot them by eye. But Kleinboehl said the Cloudspotting project may also help train better algorithms that could do this work in the future. In addition, the project includes occasional webinars in which participants can hear from scientists about how the data will be used.

Cloudspotting on Mars is the first planetary science project to be funded by NASA's Citizen Science Seed Funding program. The project is conducted in collaboration with the International Institute for Astronautical Sciences. For more NASA citizen science opportunities, go to science.nasa.gov/citizenscience.

Original Submission

[* AC Friendly *]

upstart writes:

California sets nation's toughest plastics reduction rules:

Companies selling shampoo, food and other products wrapped in plastic have a decade to cut down on their use of the polluting material if they want their wares on California store shelves.

Major legislation passed and signed by Gov. Gavin Newsom on Thursday aims to significantly reduce single-use plastic packaging in the state and drastically boost recycling rates for what remains. It sets the nation's most stringent requirements for the use of plastic packaging, with lawmakers saying they hope it sets a precedent for other states to follow.

[...] Under the bill, plastic producers would have to reduce plastics in single-use products 10% by 2027, increasing to 25% by 2032. That reduction in plastic packaging can be met through a combination of reducing package sizing, switching to a different material or making the product easily reusable or refillable. Also by 2032, plastic would have to be recycled at a rate of 65%, a massive jump from today's rates. It wouldn't apply to plastic beverage bottles, which have their own recycling rules.

Efforts to limit plastic packaging have failed in the Legislature for years, but the threat of a similar ballot measure going before voters in November prompted business groups to come to the negotiating table. The measure's three main backers withdrew it from the ballot after the bill passed, though they expressed concern the plastics industry will try to weaken the requirements.

[...] It does not ban styrofoam food packaging but would require it to be recycled at a rate of 30% by 2028, which some supporters said is a de facto ban because the material can't be recycled. The ballot measure would have banned the material outright. It would have given more power to the state recycling agency to implement the rules rather than letting industry organize itself.

Sen. Ben Allen, a Santa Monica Democrat who led negotiations on the bill, said it represented an example of two groups that are often at odds—environmentalists and industry—coming together to make positive change.

[...] Joshua Baca of the American Chemistry Council, which represents the plastics industry, said the bill unfairly caps the amount of post-consumer recycled plastic that can be used to meet the 25% reduction requirement and limits "new, innovative recycling technologies."

The bill bans incineration and combustion of plastic, but leaves open the possibility for some forms of so-called chemical recycling.

[* AC Friendly *)

looorg writes:

Lockbit ransomware gang creates first malicious bug bounty program:

Today, the Lockbit ransomware gang announced the launch of Lockbit 3.0, a new ransomware-as-a-service offering and a bug bounty program.

According to Lockbit's leak site, as part of the bug bounty program, the cyber gang will pay all security researchers, ethical and unethical hackers "to provide Personally Identifiable Information (PII) on high-profile individuals and web exploits in exchange for remuneration ranging from $1,000 to $1 million."

[...] "A key focus of the bug bounty program are defensive measures: preventing security researchers and law enforcement from finding bugs in its leak sites or ransomware, identifying ways that members including the affiliate program boss could be doxed, as well as funding bugs within the messaging software used by the group for internal communications and the Tor network itself," Narang said.

The writing on the wall is that Lockbit's adversarial approach is about to get much more sophisticated. "Anyone that still doubts cybercriminal gangs have reached a level of maturity that rivals the organizations they target, may need to reassess," said Mike Parkin, senior technical engineer at Vulcan Cyber.

[...] "This should have every enterprise looking at the security of their internal supply chain, including who and what has access to their code, and any secrets in it. Unethical bounty programs like this turn passwords and keys in code into gold for everybody who has access to your code," said Casey Bisson, head of product and developer enablement at BluBracket.

Lockbit 3.0 Ransomware bughunting for $$$ So the makers of ransomware are now offering bug-bounties to find bugs in their software and info to doxx them. Rewards ranging from $1k to millions. Question is can you trust them to pay out if you find something? And if you find something wouldn't it be more appropriate to send them to jail with it? Or if you are a crook wouldn't you use what you found against them? Isn't it also a security risk for them to share code for their malware ransomware with outsiders?

I guess the question is: if you found something would you (1) give it to them for the bounty (2) use it against them to steal their shit (3) turn it over to law enforcement?

We are currently trying to prevent the site from being abused by spammers and trolls. That is my priority task at the moment.

The method we have chosen involves restricting posting to logged in users only - i.e. only those who have an account and are prepared to log in before posting.

I understand how frustrating it might be to feel that you are being ostracised from the site - that is not our intention. I appreciate that the majority of you contribute positively to the site and you have not been forgotten. Your usual contribution is obvious when I look at the significantly reduced number of comments made in the stories that are being published. There is discussion going on to resolve the 2 diametrically opposed requirements but this is not an easy problem to solve.

For the time being there is no easy solution. I know that you want to express your feelings - I haven't even managed to get the feelings of those who are still using the main site yet. Only a small number of our usual accounts are even aware that there has been a problem yet as they haven't logged on for a day or two. They might not do so in the next few days particularly as it is a holiday weekend for many of you. You will have to be patient. There are also some who are trying to use this as another opportunity to create dissent amongst you. All I can ask it that you remember that not all ACs have your best interests at heart.

For those of you who looked at the AC Friendly story (A Brief History of Zork or 'Eaten by a Grue' ) you will know that it has already been targetted by our resident spammer, and I have had to remove the ability for ACs to comment in it. Please don't blame me - another AC who is claiming to be APK is responsible and any privileges we give to you we automatically give to him too.

Please feel free to leave your views in the comments to this journal. We cannot protect it - we have no control over who journal authors permit to comment in them, nor can we protect the comments from bots etc. I am leaving it wide open so that you can say whatever you wish to say. Your comments WILL be read but do not expect immediate answers to any questions. I will be working on the site all weekend but most of the other staff will be enjoying the holiday. I have a lot to do and will not be concentrating on this journal - but I will pop in from time to time.