RIPTA data breach compromises unexplained PII

Discrepancies in who and how many individuals were affected by a recent data breach of the Rhode Island Public Transit Authority may be resolved by an ongoing cyber investigation.

from Cyber Security News https://ift.tt/3qrTd4g

Listen to Michael Welch and how to address fourth-party risks and improve supply chain security in our latest The Security Podcast episode

Listen to the latest The Security Podcasts edition as we sit down with Michael Welch, Managing Director of Strategy and Risk at MorganFranklin Consulting, to discuss the growing challenges of fourth-party risks, why they're important, and how organizations can mitigate their impacts.

from Cyber Security News https://ift.tt/3z6mMMZ

John Sherman named Department of Defense CIO

John Sherman has been named the Chief Information Officer (CIO) for the Department of Defense (DoD) following a year of service as Acting DoD CIO.

from Cyber Security News https://ift.tt/3sJw5kD

5 minutes with Oliver Tavakoli: Remote and hybrid work strategies for increased enterprise security

Security chats with Oliver Tavakoli, CTO at Vectra, a California-based AI cybersecurity company, about the future of remote work and cybersecurity risk management frameworks security leaders should rely on to ensure proper security during the next year.

from Cyber Security News https://ift.tt/3Hf8E6L

Six ways to reduce cyber risk in the C-suite

A report from Sapien Cyber, "The C-Suite's Guide to Cyber Risks," highlights changes that boardrooms can make to better prioritize cybersecurity.

from Cyber Security News https://ift.tt/3qLNuH1

Growing data privacy enforcement on the horizon

Data privacy leaders from the International Association of Privacy Professionals (IAPP) highlight what to expect in the field from increased privacy regulations to global data management practices.

from Cyber Security News https://ift.tt/340YLLM

Security magazine's Top 10 web exclusives

The Security team compiled this year's top web exclusive articles — all of which were contributed by security and risk experts

from Cyber Security News https://ift.tt/3qp8l2l

RSAC postponed due to health and safety concerns

The 2022 RSA Conference has been postponed to June 2022 due to COVID-19 concerns.

from Cyber Security News https://ift.tt/3ejeaJi

SANS holiday hack challenge adds in log4j bonus challenge

The SANS Institute has announced the addition of a log4j security vulnerability bonus challenge to the 2021 SANS Holiday Hack Challenge. 

from Cyber Security News https://ift.tt/3ecZ0VX

Cyber strategy should consider more than compliance

The "Beyond the Cyber EO: How to Build a Better Mousetrap" report from MeriTalk asked federal cybersecurity leaders for their thoughts on the May 2021 executive order on cybersecurity and how the field can move forward.

from Cyber Security News https://ift.tt/32lyua5

Tal Weitzman named CIO at Medecision

Tal Weitzman, a leader in healthcare IT and financial services, will join Medecision as the new Chief Information Officer (CIO).

from Cyber Security News https://ift.tt/3ee20Bg

Top 15 cybersecurity predictions for 2022

As you build your roadmap for the year ahead, security and risk experts offer 15 cybersecurity predictions for 2022.

from Cyber Security News https://ift.tt/3ewtJxr

How cyber underwriters can better respond to the current cyber pandemic

With cybercrime on the rise, below are a few ways that underwriters can provide more comprehensive cyber insurance.

from Cyber Security News https://ift.tt/30Nbkca

Why so many cybersecurity attacks still start with an email

  As attackers continue to advance and increase their sophistication levels, legacy email security technologies no longer provide sufficient protection for organizations.

from Cyber Security News https://ift.tt/3efnI83

CISA & FBI share holiday safety PSA

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI), launched a joint public service announcement (PSA) sharing clear actions to stay cybersecure this holiday season. 

from Cyber Security News https://ift.tt/3Fu8cRu

What’s next after Log4j?

It’s hard to know how many systems are already compromised by the log4j security vulnerability. It may take months or even years until we know if most critical systems were patched in time.

from Cyber Security News https://ift.tt/3JaoQIo

Four steps to build and retain a solid cybersecurity team during a labor shortage

Here are four steps to consider when building or improving your existing culture and recruiting practices.  

from Cyber Security News https://ift.tt/3pgScgd

Researchers discover alternative local attack vector in Log4j

Blumira research team has discovered an alternative attack vector in the Log4j vulnerability that relies on a basic Javascript WebSocket connection to trigger the RCE locally via drive-by compromise.

from Cyber Security News https://ift.tt/3J5VWcf

7 essential capabilities to consider when evaluating ERP security, risk and compliance solutions

Here are seven questions to ask vendors to guide your organization's evaluation of enterprise resource planning (ERP) application security, risk and compliance solutions and help them understand which features are genuinely the most valuable.

from Cyber Security News https://ift.tt/3pbzAhy

Peacetime PSIRT activities boost security

Let's look at how to get the most out of your Product Security Incident Response Team (PSIRT) investment.

from Cyber Security News https://ift.tt/3e23KNT

5 tips for a stronger cybersecurity posture for retailers

As retailers prepare for one of the busiest times of the year, let’s discuss some of the challenges and priorities to consider now to manage the evolving cybersecurity landscape ahead of the holidays.

from Cyber Security News https://ift.tt/3meQAl3

Key takeaways from the Log4Shell vulnerability

As many have seen, the Log4Shell vulnerability, which was discovered over the weekend, is an extremely serious flaw and will likely impact organizations for years to come. Here’s what we know thus far, and how enterprises can remain safe as this vulnerability persists.
 

from Cyber Security News https://ift.tt/3F8gHl5

The 4 tenets of Scottish AI adoption

Albert King, the Chief Data Officer of the Scottish Government, discussed the key aspects involved in Scotland's artificial intelligence (AI) strategy in a session of Cognilytica's AI in Government speaker series. The country prioritizes data as a means to improve decision-making and enable national goals.

from Cyber Security News https://ift.tt/3F7ZAQv

Log4j worm fears arise

Cybersecurity leaders are concerned that attackers could further weaponize the Log4j security vulnerability by creating a "worm" that spreads automatically from one vulnerable device to another. 

from Cyber Security News https://ift.tt/33BEsnZ

Most risk-based vulnerability management programs ineffective

A Vulcan Cyber study highlights the struggle of IT security teams to transition from simple vulnerability identification to meaningful response and mitigation, limiting the risk insights business leaders and IT management professionals need to effectively protect valuable business assets.

from Cyber Security News https://ift.tt/3yvfySm

Anubis campaign targets hundred of financial apps

Lookout Threat Labs researchers have discovered a distribution of the Anubis Android banking malware that is masquerading as the official account management application from Orange S.A., a leading French telecommunications company. 

from Cyber Security News https://ift.tt/3F0Z9Yk

Laura Élan named Director of MxD Cyber

Laura Élan has joined MxD Cyber: The National Center for Cybersecurity in Manufacturing as its new Director. The cybersecurity leader will lead the organization's Cybersecurity Steering Committee.

from Cyber Security News https://ift.tt/3F1Ifsh

It’s not all about the C-suite: How to digitally protect employees

Now more than ever, discussions must be had on digital and cyber protections for employees, not just executives and the C-suite.

from Cyber Security News https://ift.tt/3E0GuKP

Data security is critical to your organization’s reputation strategy

The first step in creating a complete data security plan is to know what types of data the company collects, where it is stored, and with whom and how it is shared. Next, the business should determine the potential risks to that data and whether the information resides in electronic or physical form (or both). 

from Cyber Security News https://ift.tt/3mcDzIK

SIA releases 2022 Security Megatrends

The Security Industry Association has released its 2022 Security Megatrends, which highlight security topics for business leaders in all industries to watch.

from Cyber Security News https://ift.tt/3EYeskr

Cybersecurity, risk and compliance: What’s in store for 2022?

What should security leaders focus on as they look to 2022? Organizational resilience, reputational risk and cybersecurity all will play major roles in enterprise security.

from Cyber Security News https://ift.tt/3F0sEcL

How to execute a successful ransomware tabletop exercise

Check out five tips on how to execute a successful ransomware tabletop exercise, including how to identify key participants and ensure representatives from core business and operations teams are involved.

from Cyber Security News https://ift.tt/3DXEWkT

Find network breaches before they crush your business

If hackers can learn the ins and outs of your network, shouldn’t you beat them to the punch by obtaining deeper visibility and holistic mapping of your network infrastructure and attached applications, services, and devices? 

from Cyber Security News https://ift.tt/30qIbTZ

Current state of security operations center performance

Devo Technology announced the results of its 3rd annual SOC Performance Report (SPR), a survey on the current state of security operations center (SOC) performance.

from Cyber Security News https://ift.tt/3yu8fKv

Chemical security seminars enter last week

The Cybersecurity and Infrastructure Security Agency (CISA) will be hosting the final Chemical Security Seminar of 2021 on December 15, featuring panel discussions on supply chain disruptions, emergency management collaboration, and a workshop to assist chemical industry members in designing their own chemical security exercises.

from Cyber Security News https://ift.tt/3IRFJHu

What businesses look for when outsourcing IT

As most small and medium businesses are forced to figure out ways to do more with less, outsourcing IT is the right choice for many different reasons.

from Cyber Security News https://ift.tt/3yn3532

The 10 worst password offenders of 2021

Compromised passwords led to many data breaches in 2021, a record-breaking year for cyber vulnerabilities. Dashlane compiled the sixth annual "Worst Password Offenders" list, which highlights high-profile cyber incidents.

from Cyber Security News https://ift.tt/3GDqOyE

What cyber insurance costs by sector

A study from AdvisorSmith ranked sectors by their cost of cyber insurance. Organizations in the financial industry reported the highest cyber insurance expenses.

from Cyber Security News https://ift.tt/3qbJMpR

Apache Log4j security flaw presents critical risk to organizations

Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services, meaning many organizations are at risk from threat actors actively exploiting this vulnerability.

from Cyber Security News https://ift.tt/30n7pTn

UK founds cyber resilience center group

National Cyber Resilience Centre Group (NCRCG) is comprised of government and corporate entities working together to ensure cybersecurity across the United Kingdom.

from Cyber Security News https://ift.tt/3s3aKCw

Cyberattacks target IT and communications sector in 2021

The information technology (IT) and communications sector was the most targeted by cyberattacks in 2021, according to data from Darktrace. This marks a shift from 2020, when the financial and insurance sector underwent the highest cyberattack volume.

from Cyber Security News https://ift.tt/3pVAH3Y

Stop operating in the dark — we need continuous, runtime IaaS visibility

It feels like IT and security pros are tasked with the impossible job of operating business-critical applications in Infrastructure as a Service (IaaS) environments in the dark with no ability to monitor and protect them in runtime.

from Cyber Security News https://ift.tt/3dJUJcc

The sneaky security risk of overprovisioning the network

To manage unprecedented demand on the network, IT teams took to overprovisioning — adding additional capacity to the network — as a quick fix to maintain connections between employees, stakeholders and customers.

from Cyber Security News https://ift.tt/3ynyZfN

CK Chim named Cybereason Field CSO for Asia Pacific region

CK Chim has been named the new Field Chief Security Officer (CSO) for the Asia Pacific Region at Cybereason.

from Cyber Security News https://ift.tt/31MSDWv

Ben Carr named CISO at Cradlepoint

Ben Carr, an experienced global cybersecurity executive, has been named the new Chief Information Security Officer (CISO) at Cradlepoint.

from Cyber Security News https://ift.tt/3dGZMdi

2021 breaks the record for security vulnerabilities

The US-CERT Vulnerability database has recorded 18376 vulnerabilities as of December 8, 2021, which exceeds the 2020 record of 18351.

from Cyber Security News https://ift.tt/3DEJBYw

How cybersecurity and executive leaders communicate about ransomware

How do cybersecurity and executive leaders communicate about ransomware? A new (ISC)² study provides insights for cybersecurity professionals into the minds of C-suite executives and how they perceive their organizations’ readiness for ransomware attacks.

from Cyber Security News https://ift.tt/3rRsVuz

The top data breaches of 2021

2021 will be a record-breaking year for data breaches. According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 has already exceeded the total number of events in 2020 by 17%. Here, Security magazine brings you a list of 2021’s top 10 data breaches and exposures, and a few other noteworthy mentions.
 

from Cyber Security News https://ift.tt/3IAdxJb

Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges

Heading into 2022, business leaders and security professionals have many challenges to deal with. For many, the year ahead will feel like the movie “Groundhog Day,” as most businesses and organizations continue to work to find a proportional response to ransomware.

from Cyber Security News https://ift.tt/3dBUVu4

Chris Fallon named CIO at Fortune Brands GPG

Former Starbucks technology executive Chris Fallon has been named the new Chief Information Officer (CIO) at Fortune Brands Global Plumbing Group.

from Cyber Security News https://ift.tt/3Gs5BaU

Preparing for the 2022 fraud threat landscape

Heading into 2022 there are three key areas where security leaders need to be well-versed: innovations in eSkimming methods, intensifying pressure from ransomware campaigns on the payments ecosystem and the supply chain, and sophisticated enumeration attacks that impact and payments ecosystem.

from Cyber Security News https://ift.tt/3dtchcB

Avishai Avivi named CISO at SafeBreach

 Avishai “Avi” Avivi has joined SafeBreach as Chief Information Security Officer. Avivi will oversee areas including incident response, security policies and procedures, threat intelligence, information governance, and more.

from Cyber Security News https://ift.tt/31CSKUE

Audit dread has increased from 78% in 2020 to 95% in 2021

How are financial services faring with the ever-increasing challenge of audit overload? A new Telos study explores the challenges financial institutions experience when working on audits. 

from Cyber Security News https://ift.tt/3oyvZK6

Researchers discover GraphQL authorization flaws in fintech SaaS platform

Salt Security released new API threat research from Salt Labs that highlights a GraphQL API authorization vulnerability in a B2B financial technology (FinTech) platform.

from Cyber Security News https://ift.tt/3lMWdGX

Ralph Buelling named CIO at UW Credit Union

Ralph Buelling will lead data services and strategic information implementation in his Chief Information Officer (CIO) role at UW Credit Union.

from Cyber Security News https://ift.tt/3lKC4Bn

Den Jones joins Banyan Security as CSO

Banyan Security has named its first Chief Security Officer: Den Jones. The experienced zero trust leader will aid the enterprise's security strategy.

from Cyber Security News https://ift.tt/3ECzBjW

Burnout can lead to security threats, insider risk

The new State of Access report from 1Password found that security professionals who suffer burnout may pose an insider threat to an enterprise.

from Cyber Security News https://ift.tt/3dt54cl

NSA, CISA release final 5G Cybersecurity Guidance

Enduring Security Framework (ESF) experts from the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published the third installment of guidance to protect the confidentiality, integrity and availability of data within a 5G core cloud infrastructure.

from Cyber Security News https://ift.tt/331Sf6R

Protecting school devices in the age of digital learning

Although the increased mobility and the ‘learn-from-anywhere’ environment are both positive outcomes, the IT teams who support school districts are faced with the very real challenge of being able to track and manage much larger volumes of valuable assets that are now well outside the security of a school’s network.

from Cyber Security News https://ift.tt/3lJRq9f

FBI finds ransomware targeting critical infrastructure

The Federal Bureau of Investigation (FBI) has issued an alert on "Cuba" ransomware, which has launched cyberattacks against 49 critical infrastructure organizations.

from Cyber Security News https://ift.tt/3dq1kIB

John Edwards named CIO of WTS International

WTS International, a hospitality provider, has appointed John Edwards as the new Chief Information Officer (CIO).

from Cyber Security News https://ift.tt/3GbwVtR

CISA, FBI release alert on Zoho vulnerability

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability — CVE-2021-44077 — in Zoho ManageEngine ServiceDesk Plus

from Cyber Security News https://ift.tt/3lvu2MR

Data from 400,000 Planned Parenthood patients compromised

Planned Parenthood Los Angeles has suffered a data breach that compromised the information of over 400,000 patients.

from Cyber Security News https://ift.tt/3DhFYri

Researchers take down scams targeting US military families

Threat intelligence researchers have taken down phishing scams that are actively targeting U.S. military personnel. 

from Cyber Security News https://ift.tt/3og0ft0

CISA names 23 members to new Cybersecurity Advisory Committee

Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) announced the appointment of the first 23 members of the Agency’s new Cybersecurity Advisory Committee, a group that will advise and provide recommendations to the Director on policies, programs, planning, and training to enhance the nation’s cyber defense.

from Cyber Security News https://ift.tt/3ogIb2c

What Microsoft’s shift to passwordless means for cybersecurity

Passwordless security solutions are here — but are all enterprise organizations ready to implement them?

from Cyber Security News https://ift.tt/3FZqIBk

Panasonic discloses data breach

Panasonic disclosed a data breach after detecting unauthorized access in its network.

from Cyber Security News https://ift.tt/3EeRrcG

300,000 banking Trojan infections from Google Play in 4 months

In the span of only four months, four large Android families were spread via Google Play, resulting in 300.000+ infections via multiple dropper apps, according to ThreatFabric research. 

from Cyber Security News https://ift.tt/3rnUICU

Password management strategies differ across the US

The annual Password Decisions Survey from Bitwarden explores how U.S. companies manage their login credentials.

from Cyber Security News https://ift.tt/3pgl2fh

Mitigating cyber threats within 5G cloud infrastructure

As part of the Enduring Security Framework, the National Security Agency and the Cybersecurity and Infrastructure Security Agency published guidance to mitigate cyber threats within 5G cloud infrastructure.

from Cyber Security News https://ift.tt/3xxRvSj

Will the convergence of IGA, PAM and AM fix the fractured identity landscape?

Identity is fast becoming less of a tool and more of a strategic framework to secure digital assets and protect data privacy.

from Cyber Security News https://ift.tt/3pbwicP

Why the threat of wire fraud is particularly high for private capital markets – and what’s being done to address it

Although cybercriminals will always try to adapt to new security measures and insert themselves in the middle of a financial transaction, financial firms can prevent cyberattacks by using fingerprint, facial recognition, and other verification methods that cannot be stolen or faked. 

from Cyber Security News https://ift.tt/3rj20b8

Metropolitan school system blocks threats with cybersecurity platform

A large K-12 school system implemented a cybersecurity platform from CloudCover to mitigate cyber risk.

from Cyber Security News https://ift.tt/3lwFB6v

Apple is suing NSO Group

Apple is suing NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones.

from Cyber Security News https://ift.tt/3DSSQoZ

45% of companies do not employ a CISO

Navisite's "The State of Cybersecurity Leadership and Readiness" report found that 45% of companies do not employ a Chief Information Security Officer (CISO).

from Cyber Security News https://ift.tt/3nOzoEv

5 minutes with Chris Hass: Why you shouldn't rely on cyber insurance

from Cyber Security News https://ift.tt/32wWgA7

Standardizing video conferencing security guidelines should be a top government priority

The new realities of communicating in the remote work environment have led to a whole new set of challenges. Initiatives related to protecting users on virtual meeting tools should be at the forefront of every government’s cybersecurity agenda. 

from Cyber Security News https://ift.tt/32hKdGz

Wesley Story joins Genesys as Chief Information Officer

Experienced cybersecurity professional Wesley Story joins Genesys as the new Chief Information Officer (CIO).

from Cyber Security News https://ift.tt/3l477HZ

GoDaddy breach: Up to 1.2 million user records compromised

A breach of the GoDaddy Managed WordPress hosting environment exposed information from up to 1.2 million users, including email addresses, login information and more.

from Cyber Security News https://ift.tt/2ZhsOwB

Jason Lobell named Chief Technology Officer at Cyber Defense Labs

Jason Lobell, the new Chief Technology Officer (CTO) at Cyber Defense Labs, has protected company operations from cyber threats and built and managed security operations centers on behalf of a range of multinational companies.

from Cyber Security News https://ift.tt/3r4pWii

Artificial intelligence, machine learning, cloud computing, 5G will be most important tech in 2022

A new IEEE study covers the most important technologies in 2022, industries most impacted by technology in the year ahead, and technology trends through the next decade.

from Cyber Security News https://ift.tt/3oSO0C2

5 minutes with Jann Yogman: The cure for human error? Comedy.

Security talks to Jann Yogman, who has written and produced comedy for Michael J. Fox, Dana Carvey and Conan O'Brien during his career. Yogman brought his comedy skills to Mimecast to help out with cybersecurity awareness training, structuring the program like seasons of a situation comedy, with actual comedic actors playing repeating characters.

from Cyber Security News https://ift.tt/3xfQTAm

Try creating employee personas to customize your security communications efforts

Security awareness should be an ongoing campaign, not just an event. That campaign, just like any marketing campaign, starts with a thorough understanding of the target audience — the people you wish to influence to adapt security best practices.

from Cyber Security News https://ift.tt/2ZfZQxf

The 10 best US cities for IT security professionals

Where are the best cities for IT security analysts? New rankings from AdvisorSmith compare average salary, cost of living and cybersecurity job density to find cities in the U.S. best suited for IT security careers.

from Cyber Security News https://ift.tt/3CHDbY4

John Kreul joins Jewelers Mutual Group as Chief Information Officer

John Kreul will oversee the operations and strategy of Jewelers Mutual Group's technology department as the insurance provider's Chief Information Officer.

from Cyber Security News https://ift.tt/3CG9W84

CISA issues holiday warning: Critical infrastructure stay vigilant

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation are reminding critical infrastructure partners to stay vigilant against threats during holidays and weekends.

from Cyber Security News https://ift.tt/3oTL73A

Banks now required to report cyber incidents within 36 hours

Federal bank regulatory agencies approved a rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system.

from Cyber Security News https://ift.tt/3xiQ4XF

Why network-based zero trust doesn’t protect your most valuable assets

By shifting to data-centric zero trust with innovative solutions that integrate enhanced levels of control to data security, organizations can boost their ability to prevent breaches, defend against attacks, and combat increasingly sophisticated cybercriminal enterprises. 

from Cyber Security News https://ift.tt/3cC4Ter

Passwordless made simple with user empowerment

While relying on passwordless authentication is both easier and safer for IT and end users, the transitional period is everything but. 

from Cyber Security News https://ift.tt/30OLoNr

AI tracks illegal wildlife trafficking at Heathrow

A recent test of artificial intelligence (AI) designed to identify illegally trafficked animals and animal products in air cargo and baggage proved successful in over 70% of cases. The AI model represents a collaboration between Smiths Detections, Microsoft and the Heathrow Airport.

from Cyber Security News https://ift.tt/3HFo4lE

Emotet malware returns; here's what to look out for

Once described as "the world's most dangerous malware," Emotet, has allegedly returned and is being installed on Windows systems infected with TrickBot malware. 

from Cyber Security News https://ift.tt/3kNVAwo

100,000 California Pizza Kitchen employee SSNs compromised in data breach

In a data breach of California Pizza Kitchen, personal data from over 100,000 employees including names, Social Security numbers and other identifying information was accessed by cybercriminals. Security leaders around the globe give their insights into the cyberattack.

from Cyber Security News https://ift.tt/3kRLta0

70% of security pros find security hygiene and posture more challenging

JupiterOne announced the findings of a new survey by Enterprise Strategy Group (ESG), which warns of inadequate security hygiene and posture management practices at many organizations.

from Cyber Security News https://ift.tt/3kONwM4

The unforeseen risks of sharing smartphone location data

From app usage to location data, developers are siphoning consumer data and selling it to data brokers and advertisers for top dollar. And while this data may be inconsequential, at its core, this issue is about consumers’ right to privacy. 

from Cyber Security News https://ift.tt/30DDy94

Mitigating the risk posed by remote work

In a remote or hybrid environment, employers have less visibility into employee activity, and as a result, the risk has greatly increased.

from Cyber Security News https://ift.tt/3qRRQOj

73% of airline passengers interested in biometrics replacing passports

The 2021 Global Passenger Survey from the International Air Travel Association (IATA) highlighted how biometric data collection is perceived and used within the air travel industry.

from Cyber Security News https://ift.tt/3Cscsif

Are your critical IT assets safe from cyberattacks?

A new study from Telos Corporation and conducted by Vanson Bourne, "Critical IT Assets Need Protection Beyond Standard Network Security," revealed that 99% of security professionals believe an attack on their critical IT assets would have both organizational and societal repercussions.

from Cyber Security News https://ift.tt/3Fsi1Px

Multi-cloud adoption will be strong in 2022 but key security gaps and challenges remain

While 95% of businesses are making multi-cloud a strategic priority in 2022 with security being top of mind (96%), only 54% feel highly confident that they have the tools or skills they need to execute, Valtix research reveals.

from Cyber Security News https://ift.tt/3DpD30J

Despite breaches, consumer trust remains high

According to a new White Hat Security, 35% of consumers indicated that they would continue shopping with a retailer that experienced a security breach, while only 25% said they would begin taking their business elsewhere.

from Cyber Security News https://ift.tt/3Hygv06

The rising tide of cyber insurance premiums in the age of ransomware

Insurance providers have had to take on increased risk with ransomware attacks on the rise, thus the surging price of insurance premiums. What are some trends fueling the cyber insurance industry?

from Cyber Security News https://ift.tt/30DM0oN

How Ireland’s second city emerged as a global cybersecurity hub

Cork may be Ireland’s second city, but it’s clearly punching above its weight. Because it’s here that several multinational companies — and many Irish start-ups — have established or expanded their cybersecurity operations. How did Cork land this distinction?

from Cyber Security News https://ift.tt/3HAYQ8j

An unfortunate side effect: How privacy trends are weakening website security

Enterprises and security vendors alike need to better understand how these privacy improvements affect the way companies ascertain which traffic is human and which is fake, and thus the impact it has on stopping online fraud.

from Cyber Security News https://ift.tt/3cppl21

2022 Ransomware Resilience Summit Europe to take place in February

The 2022 Ransomware Resilience Summit Europe will bring organizations and expert advisors together to benchmark resilience and business continuity planning, share lessons learned and enable businesses to better protect themselves.

from Cyber Security News https://ift.tt/3Dr5w6d

Dan Lohrmann named Field CISO at Presidio

Cybersecurity leader Dan Lohrmann has been named Field Chief Information Security Officer (CISO) for the Public Sector at Presidio.

from Cyber Security News https://ift.tt/3qGUWVk

Minnesota IT Services bolsters cloud security

Minnesota IT Services, the state cybersecurity and information technology agency, added cloud protection from Radware to better serve the Minnesota community. Read more about the solution in this case study.

from Cyber Security News https://ift.tt/3kN8FpL

Actionable tips to create a business cybersecurity plan

Just as you wouldn’t recommend going to a basement during a fire nor running outside during a tornado, it is crucial to outline safety plans according to cyber disasters. Organizations can do this by implementing a business cybersecurity plan.

from Cyber Security News https://ift.tt/3qLuABI

Securing multi-cloud environments: Why DIY privilege access management doesn’t work

Organizations are moving to multi-cloud environments in droves, largely because the cloud is fast, agile and powerful. But is it secure? Inherently — no.  

from Cyber Security News https://ift.tt/3DnMuOk

2021 BlackBerry Security Summit roundup

This year, on October 13th, the BlackBerry Security Summit 2021 took place — fully virtual. Keynote speakers included a range of BlackBerry organizational leaders across specialties, from Cybersecurity and Threat Detection to Product Management and Engineering.

from Cyber Security News https://ift.tt/3DoOWEj

Data access strategy helps hotels on- and offboard employees

Village Hotels, a hotel group with over 30 locations across the United Kingdom, has implemented a data management solution from CloudM to help on- and offboard employees. Read more about the solution in this case study.

from Cyber Security News https://ift.tt/30Azgzt

Study finds knowledge gaps in K-12 cloud security

A report from ManagedMethods and administered by the EdWeek Research Center, "What You Don't Know Can Hurt You: New Survey Identifies Gaps in K-12 Cloud Security," details cybersecurity knowledge gaps in the K-12 sector.

from Cyber Security News https://ift.tt/30suJyP

Ethical hackers reduce $27 billion in risk during COVID-19

Ethical hackers prevented 27 billion dollars worth of cybercrime from May 1, 2020 to August 31, 2021, according to Bugcrowd.

from Cyber Security News https://ift.tt/30mI4sh

Eliminate the growing pains from your security strategy

Delaying the evolution of your organization’s security is a big mistake. As your organization scales, so does the magnitude of the security threats you face. To avoid costly growing pains, the time to start planning a modern security strategy is today.

from Cyber Security News https://ift.tt/3wRy8TQ

Remote productivity surveillance could increase staff turnover

Email monitoring, video surveillance and keylogger software are some of the methods employers use to track productivity in the remote work environment. However, a new study from VMware, "The Virtual Floorplan: New Rules for a New Era of Work," has found a higher employee turnover rate in businesses that monitor productivity remotely.

from Cyber Security News https://ift.tt/3cb3QSy

Nearly half of employees have been asked to aid ransomware attacks

A new survey from Pulse and Hitachi ID reveals that nearly half of all enterprise team members have been approached by cybercriminals to assist a ransomware attack.

from Cyber Security News https://ift.tt/3wPshON

One-third of retail and hospitality organizations have experienced a data breach

Cornell researchers and FreedomPay have partnered to release the "Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks" study, which measures enterprise leaders' perspectives on cybersecurity in the retail and hospitality sector.

from Cyber Security News https://ift.tt/3DcGKa0

3 tips for stopping the next insider attack

Reducing our threat surface by limiting what any one person can access and improving organizational efficiency processes can go a long way in mitigating damage from the vast majority of attacks  — no matter if they come from inside or outside your organization.

from Cyber Security News https://ift.tt/3Cbj4Bp

Pentagon to launch zero trust cyber office in December

The Pentagon is set to launch a new office dedicated to expediting the adoption of a new zero trust cybersecurity model.

from Cyber Security News https://ift.tt/30qDY2L

DHS requests public comment on AI, facial recognition

The Department of Homeland Security (DHS) has requested feedback from industry leaders and interested parties on the subject of artificial intelligence, including facial recognition. The technologies have been used widely by the department, but DHS highlighted concerns around bias and privacy that follow AI and facial recognition implementations.

from Cyber Security News https://ift.tt/3c5zqAW

Pinny Tam named CISO at FastTrack

Pinny Tam brings over 20 years of information security experience to the Chief Information Security Officer (CISO) role at FastTrack.

from Cyber Security News https://ift.tt/3H9Zn0C

Expect 2022 to be the year of cybersecurity

2022 is just around the corner, and we are already following new developments in cybersecurity that will significantly impact your business in this upcoming year and the rest of the decade.

from Cyber Security News https://ift.tt/3HdAvVO

Robinhood data breach impacts seven million users

American financial services company Robinhood has suffered a data breach that affects seven million customers. 

from Cyber Security News https://ift.tt/3D5AC3k

DOJ charges REvil ransomware leaders with Kaseya attack

from Cyber Security News https://ift.tt/30aI7b6

Chris Gebhardt joins Synoptek as CISO

Chris Gebhardt brings over 30 years of experience to his new role as Synoptek’s Chief Information Security Officer.

from Cyber Security News https://ift.tt/2YyP5FX

Account compromises may decrease by 96% at Florida State

After implementing a two-factor authentication program, Florida State University projects account compromises to decrease by 96% in 2021.

from Cyber Security News https://ift.tt/3kqNjyd

DDoS attacks and botnets in 2021 – Mozi, takedowns and high-frequency attacks reshape the threat landscape

The first half of 2021 brought both bad news and good news about distributed denial-of-service (DDoS) attacks. The DDoS threat continues to be a global problem, at a massive scale, with increasing complexity, but proactive actions have had a positive impact.

from Cyber Security News https://ift.tt/2YwD8jW

Canadian healthcare system suffered cyberattack

A widespread cyberattack has targeted the public health system in Newfoundland and Labrador, Canada. Officials recently confirmed the attack as hospital systems in the province struggle to reinstitute health services.

from Cyber Security News https://ift.tt/3EZWeyK

Cybercriminals target mobile banking apps

The 2021 Threat Intelligence Report from Nokia detailed this year's security trends, focusing on a rise in malware attacks on mobile banking apps.

from Cyber Security News https://ift.tt/3mUcyL2

New strategic direction for CMMC 2.0 announced

The Department of Defense announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, marking the completion of an internal program assessment led by senior leaders across the Department.

from Cyber Security News https://ift.tt/3CVtKFB

7 out of 10 IT employees may quit their jobs

A new survey on how information technology (IT) employees perceived their work environment revealed that 72% of IT professionals are considering leaving their jobs an looking for other opportunities within the next twelve months. Find out why here.

from Cyber Security News https://ift.tt/3BGa4nx

$1 million CISA grant funds cybersecurity training for underserved populations

"You can't expect to have the best and brightest if you're only recruiting from 50% of the population. You have to recruit from 100% of the population and if you don't, you're not going to get the best and brightest," said CyberWarrior COO Jonathan Edwards. The Cybersecurity and Infrastructure Security Agency (CISA) awarded CyberWarrior a grant to develop cyber workforce training for underserved populations.

from Cyber Security News https://ift.tt/3kcOUaP

US offers reward of up to $10 million for information on DarkSide

The U.S. Department of State is offering up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the DarkSide ransomware crime group. 

from Cyber Security News https://ift.tt/3nVIPRc

John McCorry named CIO and VP of Business Tech at Airlines Reporting Corp

John McCorry will join the Airlines Reporting Corp. (ARC) team as their new Chief Information Officer (CIO) and Vice President of Business Technology.

from Cyber Security News https://ift.tt/3o4dhsi

US government blacklists four companies due to national security concerns

The United States Government has added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the U.S. 

from Cyber Security News https://ift.tt/3k9oCGw

Ransomware actors use financial events to target companies

Ransomware actors are using significant, time-sensitive financial events, such as mergers and acquisitions, to target and leverage victim companies, according to the Federal Bureau of Investigation (FBI) recent Private Industry Notification (PIN). 

from Cyber Security News https://ift.tt/3BPF5FV

Why cyber risk assessments should be a part of your business strategy

It’s vital for C-suites to include cybersecurity as part of their capital planning. And the key to that is determining what “just enough security” is for the organization to meet its business goals. What’s the best way to determine how much security is “just enough”? 

from Cyber Security News https://ift.tt/3CNAAgo

Rohinee Mohindroo joins Sitecore as Chief Information Officer

Rohinee Mohindroo brings cybersecurity experience to the Chief Information Officer (CIO) position at Sitecore from her roles at three other firms, where she helped design cyber strategies to best defend against threats.

from Cyber Security News https://ift.tt/3q7T73A

Biden administration issues cybersecurity mandate for federal agencies

The Biden administration issued a broad new order — Binding Operational Directive 22-01 - Reducing the Significant Risk of Known Exploited Vulnerabilities — requiring nearly all federal agencies to patch hundreds of cybersecurity flaws considered major vulnerabilities for damaging intrusions into government computer systems. 

from Cyber Security News https://ift.tt/3GUox3o

BlackMatter ransomware gang claims to have shut down

Distributors of BlackMatter ransomware have announced plans to shut down amid mounting pressure from law enforcement.

from Cyber Security News https://ift.tt/3mHymth

UAE Central Bank establishes cybersecurity center

The Central Bank of the United Arab Emirates (CBUAE) has added a cybersecurity center to its security strategy. The CBUAE Networking and Cyber Security Operations Centre aims to mitigate cyber risk in the country's financial sector.

from Cyber Security News https://ift.tt/3k5ej6r

Michael Gregg named North Dakota CISO

A cybersecurity leader with over 20 years of experience in the field, Michael Gregg will focus on end point protection, risk management and more as the State of North Dakota's new Chief Information Security Officer (CISO).

from Cyber Security News https://ift.tt/3EIo568

80% of organizations report employee misuse or abuse of access to business applications

New research released by CyberArk reveals that organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft.

from Cyber Security News https://ift.tt/3bESXrG

Marco Maiurano joins First Citizens Bank as Chief Information Security Officer

Marco Maiurano has joined First Citizens Bank as Chief Information Security Officer. He is responsible for overseeing the company’s information security operations, identity and access management, information security architecture and security consulting solutions.

from Cyber Security News https://ift.tt/3wc5dte

CCPA enforcement: Implications on the big data ecosystem

The tech giants that the CCPA attempted to target were able to escape liability by capitalizing on a convenient loophole that excluded data analytics from the definition of a sale. New CCPA enforcement letters could have major implications for the broader data ecosystem — third-party data may disappear as we know it. The time has come to provide consumers with value for opting in.

from Cyber Security News https://ift.tt/3w9VQKw

Kicking off National Critical Infrastructure Security and Resilience Month

November is Infrastructure Security Month and a time to think about how organizations can contribute to the security and resilience of the U.S.'s essential services and functions.

from Cyber Security News https://ift.tt/3CJqoFy

Mobile phishing threats surged 161% in 2021

Lookout, Inc. released a report showing that mobile phishing exposure surged 161% within the energy industry between the second half of 2020 and the first half of 2021. 

from Cyber Security News https://ift.tt/2ZJPbeA

Passwordless made simple with user empowerment

You must’ve heard it dozens of times by now: passwords are not secure enough to protect business data. But everyone mentions alternatives to passwords as if uprooting your current identity authentication system is a piece of cake.

from Cyber Security News https://ift.tt/3q0ddN2

Miro Pihkanen named CSO and Board Member at OwlGaze

Miro Pihkanen joins OwlGaze as their new Chief Security Officer (CSO) and Board Member. In his security and advisor roles, Pihkanen will help the organization finalize a cyber threat detection solution.

from Cyber Security News https://ift.tt/3jXJLU6

New 'AbstractEmu' Android malware seizes total control of your device, evades detection

Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu, with rooting capabilities distributed on Google Play and major third-party stores, including the Amazon Appstore and Samsung Galaxy Store.

from Cyber Security News https://ift.tt/3jQFQbB

Defining synthetic identity fraud once and for all

Jeffrey Feinstein, Vice President of Global Analytic Strategy, LexisNexis Risk Solutions, had the honor of serving on a Federal Reserve committee this past winter to define synthetic identity fraud. The result of this effort was the release of a paper that defines it for the industry, an essential step forward in the fight against this pervasive threat.

from Cyber Security News https://ift.tt/3mFNsj7

How a layered defense strategy protects organizations from security incidents occurring at the seams

Incidents tend to happen at the seams and cracks of your organization, where the automation is incomplete, observability is not omniscient, and humans are still in the loop. Our blind spots are constantly evolving, and we must update our mental models of how to approach security accordingly.

from Cyber Security News https://ift.tt/3bsBRNB

Securing 5G cloud infrastructures

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. 

from Cyber Security News https://ift.tt/3Er12g6

U.S. water and wastewater systems targeted by cybercrime

Water and wastewater (WWS) facilities are under cyberattack, along with the recent increase in critical infrastructure cyberattacks. A joint statement from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA) and the National Security Agency (NSA) details recent attacks and what WWS systems can do to bolster their cyber defense.

from Cyber Security News https://ift.tt/3GzGuny

WordPress plugin bug can lead to complete loss of site content

Researchers have helped patch a high-severity-rated security flaw in a popular WordPress plugin, which could be exploited to completely wipe and reset any vulnerable WordPress website.

from Cyber Security News https://ift.tt/3w0poui

Georgia State founds Trustworthy AI certificate program

The new Georgia State University online graduate certificate program in Trustworthy Artificial Intelligence Systems can be completed in 21 weeks via virtual coursework.

from Cyber Security News https://ift.tt/3Br8JRD

40% of organizations have suffered a cloud-based data breach

A new Thales Global Cloud Security Study reports that 40% of organizations have experienced a cloud-based data breach in the past 12 months.  

from Cyber Security News https://ift.tt/3pMDM87

5 minutes with Emily Frolick - Trust in the digital age

Trust is the ultimate business enabler. When enterprises inspire trust in all their stakeholders, they create a platform for better business performance. But not all brands are starting from a level playing field, says Emily Frolick, KPMG’s  Partner, IT Audit and Assurance.

from Cyber Security News https://ift.tt/3mpO1Nw

Poor security threatens Internet of Things hypergrowth

In a world replete with endless cyberattacks, IoT devices have minimal security, in part because cybersecurity stewards and their bosses are busy with other things and aren’t demanding improvement. 

from Cyber Security News https://ift.tt/2ZyqrVQ

Over 800 million medical records exposed in data breach

Security researcher Jeremiah Fowler and the Website Planet team discovered an unsecured database belonging to Deep6.ai, an American medical artificial intelligence platform, containing 886,521,320 records.

from Cyber Security News https://ift.tt/3mvjBK9

83% of companies suffer business damage when down for 24 hours

A Netenrich survey found that 83% of companies would suffer business damage during the first 24 hours of an outage and thereafter.

from Cyber Security News https://ift.tt/2XSyCvN

Supply chain security must include cyber resilience

In the Leadership Keynote speech at the Security Industry Association (SIA) Securing New Ground conference, Intel Vice President and General Manager for Client Security Strategy and Initiatives Tom Garrison outlined how and why supply chain security needs to be seen as both a physical and cybersecurity priority.

from Cyber Security News https://ift.tt/3GtUYFx

Overcoming roadblocks to accelerate IT/OT convergence

IT and OT convergence can present many challenges for an enterprise organization. Explore case studies of convergence to help the process along at your own business.

from Cyber Security News https://ift.tt/3Bo55b2

Kim Wyman to join Biden Administration as CISA’s Senior Election Security Lead

Washington Secretary of State Kim Wyman will join the Biden Administration as CISA’s Senior Election Security Lead. 

from Cyber Security News https://ift.tt/3vTjivo

5 minutes with Claudia Rast - Focusing on basic cybersecurity principles

The latest and greatest technology will not always protect a company. Instead, focus on the basics of cybersecurity: leadership, training and security monitoring, says Claudia Rast, Practice Department Chair for the IP, Cyber and Emerging Technology Group for ButzelLong. 

from Cyber Security News https://ift.tt/3jHKQPO

Toss your standard crisis communications plan for cyberattacks. Five questions to ensure your company’s preparedness

Cyberattacks are distinct from other types of corporate crises, especially in how, when and why an organization communicates with its stakeholders during and in the aftermath of an attack. Here are five questions boards should ask the C-suite before a cyberattack occurs.

from Cyber Security News https://ift.tt/2ZxJ254

University of Nebraska wins DOD grant for bridge monitoring research

University of Nebraska researchers will study the implementation of smart monitoring technology at various bridges in the state, evaluating the cybersecurity risks of the new instruments and their effects on bridge safety. The Department of Defense will fund the project, which is a collaboration between the University of Nebraska at Omaha and the University of Nebraska-Lincoln.

from Cyber Security News https://ift.tt/3GrPScY

Karen Evans named Managing Director at the Cyber Readiness Institute

Cybersecurity policy leader Karen Evans has been named the new Managing Director of the Cyber Readiness Institute (CRI). In her role at CRI, Evans will lead the public-private partnerships developed by CRI.

from Cyber Security News https://ift.tt/2Zq3Nzc

Five new trends in healthcare cybersecurity

Defending the medical device supply chain, cracking down on ransomware and monitoring new technology are all priorities for cybersecurity professionals in the healthcare field. In a panel hosted by BD, Eric Decker, William Landry, Inhel Rekik and Scott Shindledecker discuss top of mind issues for healthcare cybersecurity professionals.

from Cyber Security News https://ift.tt/3EoVNxE

6 common mistakes that lead to ransomware infections

Let’s take a look at six of the most common mistakes that lead to ransomware infections. 

from Cyber Security News https://ift.tt/3vQTOiz

14% of C-suite executives say organizations have no cyber threat defense plans

Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey. 

from Cyber Security News https://ift.tt/3jHKmsO

The three V’s of SaaS security

By focusing on the three V’s — volume, velocity and visibility — of Software as a Service (SaaS) security, organizations can streamline and improve their security team’s efficiency, reducing their workload and increasing protection for the company against any potential exposure or data breach.

from Cyber Security News https://ift.tt/3mnrq4x

SolarWinds hackers, Nobelium, targeting global IT supply chain

from Cyber Security News https://ift.tt/3bcpqFD

National Governors Association works with 4 states on exercise to improve energy emergency preparedness

The National Governors Association (NGA) will support four states —  California, Connecticut, Illinois and Utah — as they participate in the nationwide GridEx VI exercise, which reviews and tests energy emergency preparedness through a simulated coordinated cyber and physical incident on the electrical grid.

from Cyber Security News https://ift.tt/3bawgLR

Closing the cybersecurity workforce gap

The 2021 Cybersecurity Workforce Study from (ICS)² revealed global and national trends in the cybersecurity profession, with 700,000 professionals joining the industry since 2020.

from Cyber Security News https://ift.tt/2Zqd1Lx

More than half of healthcare applications currently open to attack

from Cyber Security News https://ift.tt/3mhaMmS

Nevada, North Dakota top cybercrime lists in the US

A new report studied the per capita rate of cybercrime in each U.S. state, finding that the national average of victims per capita is 240. Find out more about this state-by-state breakdown here.

from Cyber Security News https://ift.tt/3nlsOna

Biometrics lead passwordless authentication methods

As major organizations integrate passwordless solutions into their products, the FIDO Alliance's new Online Authentication Barometer finds that biometrics are gaining in use and popularity.

from Cyber Security News https://ift.tt/3GmUctK

Ransomware payments shrank from 44% to 12%

Data shows a rise in ransomware claims from Q2 2020 through Q1 2021 (0.25% to 0.58% increase in frequency) but then a drop by 50% in Q2 2021 that largely sustained through Q3 2021, according to the Corvus Risk Insights Index.

from Cyber Security News https://ift.tt/3B7AGxv

The urgent need for the healthcare industry to develop cyber-resiliency

Healthcare is disproportionately targeted: 34% of all data breaches in the U.S. involve a healthcare organization. Yes, healthcare is a large industry, but we’re not that large. Here’s why security is such an issue for our critically important but increasingly fragile industry.

from Cyber Security News https://ift.tt/30YZbkh

How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

Cyber insurance can still play a critical role in protecting a business during the interruption of a ransomware attack, as well as help cover potential ransom payments and/or associated legal fees.

from Cyber Security News https://ift.tt/3nuwoM3

Gigabyte victim to ransomware again

Gigabyte Technology, a Taiwanese manufacturer and distributor of computer hardware, has allegedly suffered a massive data breach as a result of a ransomware attack. 

from Cyber Security News https://ift.tt/3b32oks

US senators urge FCC to address surveillance threats to telecom networks

U.S. senators urged the Federal Communications Commission (FCC) to address surveillance threats posed by foreign corporations managing U.S. telecommunications providers.

from Cyber Security News https://ift.tt/3vy2Pgc

Employers increase cybersecurity budgets as workplaces go hybrid

A new survey from Nexor shows the knowledge gap when it comes to cybersecurity, with 23% of employers not knowing where to begin protecting their businesses from cyber threats or being able to afford adequate protection.

from Cyber Security News https://ift.tt/3G5hLqS

Strengthening IT to help withstand cyberattacks

Employees and non-employee contractors continue representing the most critical weak link in the IT chain. Too many employees, and vendors using corporate networks, are still falling for phishing attacks. Enhanced worker training on cyber risks helps, but training coupled with stronger systems offers the best protection against cyber threats.

from Cyber Security News https://ift.tt/3E6PfDv

Ed Skoudis named President of SANS Technology Institute

Ed Skoudis, a cybersecurity leader and educator, has been named the new President of the SANS Technology Institute, according to a statement. Ed will lead the institute's degree programs and Internet Storm Center.

from Cyber Security News https://ift.tt/3vyxIRH

The five W's of third-party incident management

When it comes to cyber incident management of third-party risks, enterprise security professionals can follow a simplified task list to cover their bases by answering the questions "who, what, where, when, why and how."

from Cyber Security News https://ift.tt/3GctcgA

Congress passes DHS software supply chain bill

The new bill, the DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), will secure the supply chains involved in Department of Homeland Security software contracts by requiring a new certification.

from Cyber Security News https://ift.tt/3aYSuR6

Shirin Hamid named CIO and Director of IT at IMF

Shirin Hamid, an experienced cybersecurity and IT professional, is expected to begin as the CIO and Director of the IT Department at the International Monetary Fund (IMF) in January 2022.

from Cyber Security News https://ift.tt/3E3JeHO

Bugs in malware creating backdoors for security researchers

Malware authors often take advantage of vulnerabilities in popular software. But, malware is also prone to bugs and coding errors, causing it to crash and serve as backdoors — any method by which authorized and unauthorized users can get around normal security measures and gain high-level user access — for white hat hackers. 

from Cyber Security News https://ift.tt/3B56e7j

Does your communication platform guarantee data security – and data privacy?

How often, when sending messages via a communication platform, are you thinking about your sensitive and private user information being exploited?

from Cyber Security News https://ift.tt/3aYWIIk

Insider risk, slow cyberattack response among worries for security professionals

The second Voice of SecOps report from Deep Instinct revealed that the average time elapsed before a company responded to a cyberattack was 20.9 hours globally. The report surveyed 1,500 cybersecurity professionals about their top cyber concerns.

from Cyber Security News https://ift.tt/3G4KMmu

Frank Russo named CISO at Calendly

Calendly announced the appointment of Frank Russo as its first chief information security officer. Russo will oversee application security, infrastructure security, corporate security, privacy and compliance to protect customers, partners, employees, systems and assets.

from Cyber Security News https://ift.tt/3AXxPHt

80% of executives will consider paying the ransom

A new Report, “Ransomware in Focus,” based on a survey of more than 250 Chief Information Security Officers (CISOs), cited ransomware as the #1 threat facing businesses and one of the primary CISO concerns for the next 12 months, with many believing an attack is inevitable. 

from Cyber Security News https://ift.tt/3n6rTXM

Cory Simpson named EVP at Resolute Strategic Services

Cory Simpson, former Senior Director at the U.S. Cyberspace Solarium Commission and international expert on national security and emerging technology, has joined Resolute Strategic Services as an Executive Vice President.

from Cyber Security News https://ift.tt/3BYYLIk

4 stages of a zero trust self-assessment

You want to begin implementing zero trust security at your organization, but where do you start? Let's walk through clear stages to build a zero trust framework that serves as the roadmap for your organization’s journey to better security and greater efficiency.  

from Cyber Security News https://ift.tt/3vsksxY

The real-world impacts of cyberattacks

Assessing cyber risk is essential to a business and is a key contributor to its overall reputational risk. Businesses need to take cyber risk into account in overall business strategy and planning. 

from Cyber Security News https://ift.tt/3jk9422

Companies lack basic cybersecurity practices to combat ransomware

Axio's 2021 State of Ransomware Preparedness report reveals that organizations are not equipped to defend against ransomware due to deficiencies in implementing and sustaining basic cybersecurity practices, including managing privileged administrator credentials and ensuring visibility of supply chain risk.

from Cyber Security News https://ift.tt/3AWYGDE

Bridging the gender gap in cybersecurity

Women make up only 24% of the cybersecurity field, according to an ISC² study. Cybersecurity leaders Sharon Smith, Lori Ross O'Neill, Aanchal Gupta and Meg West discussed how to solve the problem of underrepresentation in the industry at the ISC² Security Congress 2021.

from Cyber Security News https://ift.tt/3phjzXP

83% of ransomware victims paid to get data restored

ThycoticCentrify released new research confirming that ransomware has become a preferred method for cyberattacks, with nearly two out of three companies (64%) surveyed admitting to be victims of a ransomware attack in the last 12 months.

from Cyber Security News https://ift.tt/3vp1Kau

CISA issues advisory on BlackMatter ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations.

from Cyber Security News https://ift.tt/3G2U2ru

The dos and don'ts of advocating for cybersecurity in the boardroom

Chris Jacquet, VP and Chief Information Security Officer (CISO) at Hitachi Vantara, explains how best to approach cybersecurity in the boardroom. Being prepared, honest and concise can help a CISO secure much-needed funding for their department.

from Cyber Security News https://ift.tt/3jgpJDK

Security in the flexible working world

Whether remote, in the office or in a co-working space, all employees must be sensitized to cyber threats. It is important not only to provide training for employees but also to give IT security a permanent place in the corporate culture. 

from Cyber Security News https://ift.tt/3BW3N8q

Every company should have access to a bitcoin account

Despite a company’s belief on how it would respond in the event of a ransomware attack, companies should consider opening a bitcoin account with a nominal amount of bitcoin in it so that it is at least is prepared to timely make the tough decision should the need arise. 

from Cyber Security News https://ift.tt/3vmQf36

Sukumar Reddy Saddi hired as new CTO for Global Integrity Finance

Sukumar Reddy Saddi has been named Global Integrity Finance's Chief Technology Officer. Saddi will lead the company's end-to-end information technology strategy and development of financial applications.

from Cyber Security News https://ift.tt/3voeuOm

Challenges associated with diversity, equity and inclusion in cybersecurity teams

(ISC)² published a new research study highlighting the unique challenges diverse cybersecurity professionals worldwide face and provides recommendations to create positive change.

from Cyber Security News https://ift.tt/2Z9AQYe

Carrie Weber named CRO at LendingHome

LendingHome, a real estate loan provider, has named Carrie Weber their new Chief Risk Officer. Weber will develop a risk management strategy for the firm and oversee risk and compliance issues.

from Cyber Security News https://ift.tt/3BW1nqd

Cloud-based computing – Data collection and forensic investigation challenges

The recent pandemic accelerated a trend towards remote work that has been ongoing for years and, as a result, accelerated usage of cloud-based collaboration platforms and their impact on the field of digital forensics. This article will discuss the trends and challenges associated with these platforms as they pertain to cloud-based data collection and its use in forensic investigations.

from Cyber Security News https://ift.tt/3j84STd

Countering the fog of war in cybersecurity

We spend a lot of time and effort so we can spot attackers — and for a good reason! But without visibility into our own organizations, we’re left with too much uncertainty. So how can you use more visibility to counter the fog of war?

from Cyber Security News https://ift.tt/3jftOIn

US expected to break data breach record in 2021

The Identity Theft Resource Center's data breach analysis for the third quarter of 2021 has been released, highlighting an uptick in breaches compared to the first half of the year. The U.S. is set to break its own record for most data breaches in a year in 2021.

from Cyber Security News https://ift.tt/2YTSQ8t

CISA warns of ongoing cyber threats to US water and wastewater systems sector facilities

CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency have released a joint Cybersecurity Advisory that details ongoing cyber threats to U.S. Water and Wastewater Systems  Sector.

from Cyber Security News https://ift.tt/3lJDAnO

Shoring up cybersecurity in critical infrastructure and the nation's defense supply chain

A recent surge in cyberattacks, including SolarWinds and Colonial Pipeline, has intensified a focus on cybersecurity across industrial sectors and critical infrastructure. As a result, the U.S. government and other organizations within the nation’s defense supply chain have taken action to protect the critical assets and organizations that ensure the security and prosperity of our country. 

from Cyber Security News https://ift.tt/3j3jUcK

Pen testing vs. threat hunting: What’s the difference?

With all the security strategies, architectures, automation tools and activities present, it can be mind-boggling to distinguish one from the other. Like many other security processes, penetration testing and threat hunting are often incorrectly equated. However, the difference between the two is that between prevention and detection. 

from Cyber Security News https://ift.tt/3DPv117

Software engineers and developers among most in-demand cybersecurity roles

A new report from Veriff analyzes data about the cybersecurity workforce, finding strong cybersecurity industries in the United States, Brazil and Mexico. The report also details which jobs are the most in-demand, having researched global job boards and roles at cybersecurity companies.

from Cyber Security News https://ift.tt/3BITDb7

Biometric authentication sees increase in adoption during the pandemic

More than 50% of organizations are considering a passwordless authentication strategy, according to the 2021 Duo Trusted Access Report. The study, released by Cisco's Duo Security, measured authentication trends across more than 36 million devices.

from Cyber Security News https://ift.tt/3FLYVou

The critical role of a CISO means advocating for cybersecurity

At the Raines Cybersecurity Leadership webinar, cyber expert Elad Yoran discussed the essential traits of a CISO and why businesses should incorporate a security voice in their boardroom.

from Cyber Security News https://ift.tt/3lH8PQp

Attackers exploiting zero-day vulnerability before enterprises can patch

HP Wolf Security threat research team sees cybercriminals using legitimate cloud providers to host malware, and switching up file and script types to evade detection tools.

from Cyber Security News https://ift.tt/3azXmvA

Protecting schools in hybrid and remote learning environments

School budgets have been set for the 2021/2022 school year, policies and procedures have been updated, staffing levels have been established, and security solutions have been deployed into this dynamic environment. Here, we consider adjustments that can be made to deployed controls so that children and school staff remain safe in both hybrid and remote learning environments.

from Cyber Security News https://ift.tt/3j2AXvt

Supply chain cybersecurity trends: What professionals should be aware of and how to prepare for 2022

Throughout the past two years, supply chain professionals have experienced the national and international disruptions that can occur as a result of cyberattacks, with some threats completely halting certain sectors. 

from Cyber Security News https://ift.tt/2YHrLp7

Account takeover named top fraud risk for businesses

A new study from BioCatch, the "2021 Fraud Transformation Survey: Detecting and Preventing Emerging Schemes," asked security leaders at global financial institutions about their perceptions of fraud and risk management.

from Cyber Security News https://ift.tt/3vajXYY

Bill Shields named CISO at TransUnion

Bill Shields brings over a decade of information security leadership experience to his Chief Information Security Officer (CISO) at TransUnion.

from Cyber Security News https://ift.tt/3mN21A9

1/15 enterprises still vulnerable to SolarWinds

Randori released a report that identifies the most tempting internet-exposed assets that an attacker is likely to go after.

from Cyber Security News https://ift.tt/3azV5AI

Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

While offering incredible conveniences, mobile apps are also a vehicle for malicious hackers to obtain sensitive data and personal information. But before we dive into the work of hackers, it is important to understand user privacy.

from Cyber Security News https://ift.tt/3mSGGVI

Why hack back is still wack: 5 causes for concern

While the appeal of taking action against an attacker is easy to see, private sector hack back is a very bad idea. We encourage organizations to employ active defense techniques, but limit these to assets you own or operate. Hack back raises a number of concerns, as detailed here..

from Cyber Security News https://ift.tt/2YMXHIw

President Biden signs K-12 Cybersecurity Act

President Joe Biden has signed the K-12 Cybersecurity Act into law to enhance the cybersecurity of K-12 educational institutions.

from Cyber Security News https://ift.tt/3mJIn8c

BrewDog exposed PII details of more than 200,000 shareholders and customers

Pen Test Partners shared news that BrewDog exposed the details of more than 200,000 ‘Equity for Punks’ shareholders for over 18 months, along with many more customers. 

from Cyber Security News https://ift.tt/3lyoKQY

Formula for success: How to determine the optimal investment in cybersecurity protection

Decision-makers need to strike a balance when it comes to spending on cybersecurity technology in a way that still enables corporate growth without leaving the organization overly vulnerable to an attack. Invest too little, and there could be gaps in your cyber defenses. Invest too much, and there could be a false sense of security.

from Cyber Security News https://ift.tt/3ALiRo5

Four trends for the future of US privacy law

Existing privacy laws in California, Colorado, Virginia and the European Union reveal common trends that are likely to extend to future U.S. privacy legislation.

from Cyber Security News https://ift.tt/3FCfq6r

Protections fall short in mitigating online wildlife trafficking

The "Digital Markets: Wildlife Trafficking Hidden in Plain Sight" report from the International Fund for Animal Welfare identified over 1,100 advertisements for illegal wildlife trade and analyzed trends in the demand for and online sale of endangered species.

from Cyber Security News https://ift.tt/3iT4IyR

Human error, psychology and specificity: The power of spear phishing

Let's dive into what spear phishing is and how security teams can effectively tackle this very targeted method of digital attack, especially now that hackers are picking up their pace.

from Cyber Security News https://ift.tt/2YCtVGu

Emerging technology, evolving threats — Part III: 5G and the new surfaces and strategies

5G is here and redefining network architecture. Taking responsibility for its advancement in a secure manner has never been more important. Who ultimately is responsible for its associated security?

from Cyber Security News https://ift.tt/3mBasyi

US military bases add biometrics to visitor passes

The biometrics technology was developed by the Air Force for use in visitor control centers at U.S. military bases.

from Cyber Security News https://ift.tt/3Fr5jBv

David Zambri named CISO, Associate VP at UCF

David Zambri brings 28 years of law enforcement experience to his new role at the University of Central Florida, where he previously served as Deputy Chief of Police.

from Cyber Security News https://ift.tt/3BwgFly

US security must start with zero trust

As the United States continues to face attacks across critical sectors — energy and infrastructure, healthcare, and operational technology (OT) — a cultural shift in cybersecurity is taking place.  

from Cyber Security News https://ift.tt/2YprW8p

What are the DoD's top four priorities in the next year?

Dr. Kelly Fletcher, Performing the Duties of the Department of Defense (DoD) Chief Information Officer, talks about the department's cybersecurity priorities in a rapidly changing technology landscape.

from Cyber Security News https://ift.tt/3oIELFN

Novel RAT attacks global aerospace and telecommunications firms

Operation GhostShell, a highly targeted cyber espionage campaign, attacks the aerospace and telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe. 

from Cyber Security News https://ift.tt/3mBLQ8H

Ransom Disclosure Act would require victims to disclose ransom payments within 48 hours

The “Ransom Disclosure Act would require ransomware victims to disclose ransom payments within 48 hours of payment — including the amount of ransom demanded and paid the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.

from Cyber Security News https://ift.tt/3Df0oBC

80% of SMBs feel more secure, despite rise in cyberattacks

Despite the flurry of cyberattacks, an Untangle report finds that SMBs are expanding and embracing new work environments and investing in and investigating new technologies to secure their business.

from Cyber Security News https://ift.tt/3Fu7DrE

Joe Silva named CISO at JLL

In his new role as Chief Information Security Officer (CISO) at JLL, Joe Silva will oversee information security policies and threat management, among other responsibilities.

from Cyber Security News https://ift.tt/3BxO3be

The time to improve public safety cybersecurity is now

By understanding each of the bad actors, federal agencies, law enforcement and first responders — often victims of cyberhacktivism — can better prepare for, and prevent, cyberattacks from happening. Here are a few basic steps every public safety agency can take. 

from Cyber Security News https://ift.tt/3uNrJIe

Are you in the dark about dark data?

Dark data — masses of unstructured emails, social media posts, documents, photos and more — has bogged down companies for decades, yet it oftentimes remains overlooked. Extracting and eradicating non-value dark data will help make your organization less exposed to risks and liability in the event of a breach.

from Cyber Security News https://ift.tt/3uOqKYa

Why two-factor authentication messages should be branded

The debate around branding two-factor authentication (2FA) messages has heated arguments on both sides. Branding could provide both companies and end users with a more cohesive experience while using 2FA.

from Cyber Security News https://ift.tt/3lgJqg8

Twitch suffers massive data breach

Twitch has been hit by a massive leak after an anonymous hacker posted a torrent file containing a vast amount of data for the public to access.

from Cyber Security News https://ift.tt/3muEio3

CISA releases autonomous transit vehicle guidelines

The Cybersecurity and Infrastructure Security Agency (CISA) has identified several potential risks of autonomous vehicles in transit systems and supply chains. Along with these risks, CISA has introduced a set of guidelines for organizations who use autonomous vehicles in their operations.

from Cyber Security News https://ift.tt/3ldbbpY

Measuring the impact of multi-party security breaches

Cyentia Institute and RiskRecon released research that quantifies how a multi-party data breach impacts many other organizations in today’s interconnected digital world. 

from Cyber Security News https://ift.tt/3oD6Dex

Misconfigured airflows leak thousands of credentials from popular services

While researching a misconfiguration in the popular workflow platform Apache Airflow, Intezer discovered several unprotected instances. These unsecured instances expose companies’ sensitive information across various industries.

from Cyber Security News https://ift.tt/3oIGSK5

Arizona launches cybersecurity operations center

The new Cyber Command Center will facilitate information sharing and analysis between state organizations and protect Arizona residents from cyberattacks. Governor Doug Ducey opened the center alongside the Arizona Department of Homeland Security.

from Cyber Security News https://ift.tt/3lfsczG

NSA awards $500,000 cybersecurity grant to University of Missouri research

Cybersecurity researchers from the University of Missouri seek to develop a security tool that allows smart devices to learn from past cyberattacks with minimal user interaction. The cybersecurity feature would be functional across different types of smart devices and aim to prevent both small- and large-scale cyberattacks in the future.

from Cyber Security News https://ift.tt/3uL57YV

Unstructured data growth increases risk of ransomware and data breaches

The 2021 Data Governance Trends report from Egnyte ranked security leaders' concerns around unchecked data growth, citing the danger of dark data repositories like company email accounts, messaging sites and cloud-based storage.

from Cyber Security News https://ift.tt/3iEZy9s

How to convince the C-suite to buy in to active directory security

It’s difficult for security teams to get executive buy-in to address the problem because measuring and improving AD security is challenging. There are several reasons why.

from Cyber Security News https://ift.tt/3mst3fY

Flight Safety Foundation highlights need for digital health certificates

The Flight Safety Foundation recently released guidance on furthering COVID-19 protocols in the aviation industry, emphasizing risk mitigation and the need for standardized digital health certificates.

from Cyber Security News https://ift.tt/3BhHkCc

5 Steps to Building a Cyber-Aware Organization

Cyber-attacks are on the rise and organizations must be prepared to face the worst. Learn how you can build a cyber aware culture within your organization to keep your information and stakeholders protected.

from Cyber Security News https://ift.tt/3leJNbi

Europol arrests ransomware operators in Ukraine

EUROPOL announced a successful joint law enforcement operation that led to the arrest of two prolific ransomware operators.

from Cyber Security News https://ift.tt/3Bja3GU