When security and resiliency converge: A CSO’s perspective on how security organizations can thrive

Implementing a converged security organization is perhaps one of the most resourceful and beneficial business decisions an organization can make when seeking to enhance security risk management. In this era of heightened consequences and sophisticated security threats, the need for integration between siloed security and risk management teams is imperative. The need for collaboration between those two teams and the business is equally imperative. Let’s look at five more specific benefits:

from Cyber Security News https://ift.tt/3ucRnVc

Identity and securing the remote work perimeter

Securing diverse and distributed IT environments starts with the identity plane. Modern and evolving security threats are best prevented by securing identity through many layers relying on a Zero Trust model. Zero Trust, by which I mean “trust nothing, verify everything,” can serve as a foundation for the evolution of a modern security perimeter, one virtually drawn around each individual user, from anywhere they log on. By following Zero Trust principles and establishing user identity across devices, programs, and networks, modern enterprises can pursue a security program that is adaptive, contextual, and robust enough to defend against modern threats.

from Cyber Security News https://ift.tt/39zSdn4

Be prepared for the first 24 hours of a cyberattack

The first line of defense in cybersecurity is taking proactive measures to detect and protect the entire IT landscape. It’s critical to have the right security systems and processes in place to  find known and unknown threats before they impact your business. But you also need a bulletproof plan in case your systems are breached. You need to move very quickly to limit damage, so you should have a team experienced in handling these situations ready to jump to action, bringing along tools, procedures, and a proven methodology to stop attacks and to repair and restore whatever you can. Here are five critical factors in preparing for the first 24 hours after an attack:

from Cyber Security News https://ift.tt/3cJRWQN

Today is World Backup Day 2021

Today, March 31st is World Backup Day 2021, the 10th anniversary of the inaugural World Backup Day in 2011. Though the day serves as a reminder to backup your data, this process should be done frequently to offset the risk of data loss - or the intentional or unintentional destruction of information, which may be caused by people or processes from within or outside of an organization. 

from Cyber Security News https://ift.tt/3whk716

IRS warns university students and staff of email scam

The Internal Revenue Service recently warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ".edu" email addresses.

from Cyber Security News https://ift.tt/3rEwjpd

5 minutes with Jane Lee - The fraud supply chain, cyberattacks and more

How can consumers and retailers protect themselves against fraud in the coming months? Here, Jane Lee, Trust and Safety Architect at Sift, speaks to Security magazine about this critical issue.

from Cyber Security News https://ift.tt/39urI2i

Majority of organizations still face foundational challenges when securing remote work

Bitglass announced the release of its 2021 Remote Workforce Security Report. Bitglass surveyed IT and security professionals to understand how remote work has transformed the state of security operations over the last year. Data from this report shows that the majority of organizations (57%) still have over three-quarters of their teams working remotely. An overwhelming 90% of organizations said they are likely to continue these increased levels of remote work in the future due to productivity benefits. Additionally, 53% of companies said they are looking to make some positions permanently remote after the COVID crisis ends--a much higher rate than when the pandemic began (33%).

from Cyber Security News https://ift.tt/3umeblN

93% of Fortune 500 companies have domain names with security risks

Online risk mitigation specialists DNProtect released details of their market report that exposes a high number of security issues related to the domain names that Fortune 500 companies rely upon for business and consumer interaction. The report serves as an early warning indicator of possible security threats and open windows for domain theft or service disruption. The market release follows a number of recent high profile cases involving GoDaddy, Network Solutions, and other registrars where critical domain names were stolen, resulting in disruptions that can easily impact millions of Internet users.

from Cyber Security News https://ift.tt/3dnHHjR

Apple releases security updates for zero-day vulnerability

Apple has released security updates to address a iOS zero-day vulnerability in multiple products. According to the Cybersecurity and Infrastructure Security Agency (CISA), an attacker could exploit some of these vulnerabilities to take control of an affected device. 

from Cyber Security News https://ift.tt/31yOuBO

3 signs that it’s time to reevaluate your monitoring platform

When is the last time you assessed your monitoring platform? You may have already noticed signs indicating that your tools are not keeping up with the rapidly changing digital workforce – gathering nonessential data while failing to forewarn you about legitimate issues to your network operations. Post-2020, these systems have to handle workforces that are staying connected digitally regardless of where employees are working. Your monitoring tools should be hyper-focused on alerting you to issues from outside your network and any weakness from within it. Often, we turn out to be monitoring for too much and still missing the essential problems until it’s too late.

from Cyber Security News https://ift.tt/3cAFeni

Passwords are bad for business, frustrating for consumers

Transmit Security has released “The Impact of Passwords on Your Business,” a State of Customer Authentication report that includes customer experience insights based on its survey of 600 U.S. consumers. According to the report findings, organizations are losing potential customers and a substantial amount of revenue due to their dependency on traditional password systems and outdated customer authentication models.

from Cyber Security News https://ift.tt/2PGGk7Q

More solutions will not solve cybersecurity and data protection challenges, study reveals

Acronis released the findings of its second annual Cyber Protection Week survey, which uncovered a dangerous disconnect between the need for organizations to keep their data protected and the ineffective investments they’ve made trying to reach that goal. While 2020 saw companies purchase new systems to enable and secure remote workers during the COVID-19 pandemic, those investments are not paying off. The global survey discovered that 80% of companies now run as many as 10 solutions simultaneously for their data protection and cybersecurity needs – yet more than half of those organizations suffered unexpected downtime last year because of data loss.

from Cyber Security News https://ift.tt/3uaq5iv

The cybersecurity reality distortion field: Deepfakes and other manipulated data

Deepfakes –mostly falsified videos and images combining the terms “deep learning” and “fake” – weren’t limited in 2019 to the Nixon presentation and were not uncommon before that. But today they are more numerous and realistic-looking and, most important, increasingly dangerous. And there is no better example of that than the warning this month (March 2021) by the FBI that nation-states are virtually certain to use deepfakes to help propagate increasingly misleading campaigns in the U.S. in coming weeks.

from Cyber Security News https://ift.tt/3dg4Zs9

Hades ransomware may link to Hafnium attack group

The Awake Security division of Arista Networks has discovered evidence linking the Hades ransomware gang to Hafnium, the state-sponsored threat actor operating from China that Microsoft says is behind the recent Exchange hacks. 

from Cyber Security News https://ift.tt/3rAreho

5 minutes with Tony Howlett - Vendor risk management needs to be a top security priority in 2021 and beyond

The recent SolarWinds breach has brought vendor risk management into the spotlight, but not an isolated example (other major third-party breaches include Target in 2013, JP Morgan Chase in 2014, T-Mobile in 2015… the list goes on). With 59% of data breaches being traced to third-party vendors and the average enterprise having 67 vendors with privileged access, managing third party risk is no longer optional, says Tony Howlett, Chief Information Security Officer (CISO) of SecureLink. Here, we speak to Howlett about why security and risk professionals need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability. 

from Cyber Security News https://ift.tt/3cxhUXo

The evolving role of user experience in security

When it comes to most digital initiatives, user experience is a primary focal point. Not only is user experience a critical element in the design process, it also remains pertinent as product evolution keeps pace with business scale. As online interactions have exponentially grown during the pandemic, it has become startlingly clear that seamless and secure user experiences (UX) are necessary for success.

from Cyber Security News https://ift.tt/3diWyfu

NSA Cybersecurity Collaboration Center releases first speaker series video on Protective Domain Name System (PDNS)

NSA released the first video of its new Cybersecurity Collaboration Center speaker series. In these talks, NSA experts will share insights, lessons, and contributions of their cybersecurity work. The Center works with government and industry partners to protect U.S. National Security Systems, the Department of Defense (DoD) and the Defense Industrial Base (DIB).

from Cyber Security News https://ift.tt/3w6KTJf

Slack removes message invites in DM feature over harassment concerns

Slack rolled out a new cross-organizational direct messaging feature, and hours later disabled the option to send a message alongside an invite due to concerns that the feature could be used to send abusive messages or enable harassment. 

from Cyber Security News https://ift.tt/39ztuQ7

5 minutes with Darren Copper - Organizations are fighting a daily battle against data loss

Has the pandemic and remote working created an environment of heightened risk of insider data breaches? Here, Darren Cooper, Chief Technology Officer (CTO) for Egress, speaks to Security magazine about what organizations can do to prevent data loss. 

from Cyber Security News https://ift.tt/31ozcQ2

Study reveals the state of mobile application security

The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. The study targeted the most downloaded and highest grossing apps across 18 categories, many of which have seen explosive growth during the pandemic.

from Cyber Security News https://ift.tt/31nISu5

Clop ransomware gang breaches University of Colorado and University of Miami

Clop ransomware group has allegedly hacked the grades and social security numbers for students at the University of Colorado and patient data of the University of Miami. 

from Cyber Security News https://ift.tt/31fDTMb

CNA Financial hit by cyberattack

Cyberinsurance firm CNA Financial was reportedly hit by a possible cyberattack. The company is one of the largest insurance providers in the U.S. The company's website is experiencing widespread network disruptions and employee services have been down for more than three days. CNA says it was hit by a sophisticated cyberattack and has engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing.

from Cyber Security News https://ift.tt/3tUbzLv

More than 40% of applications actively leaking information and at-risk of exposing sensitive data

WhiteHat Security released AppSec Stats Flash Volume 3, the latest installment of the company’s monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape.

from Cyber Security News https://ift.tt/3dazy2t

Are "disrupted" employees a new cybersecurity threat?

Another challenge is the new home office, where spouses may be working remotely, often alongside their children attending school online. Home networks lack typical protections and bifurcations of the corporate office and may be prone to attacks using lateral movement techniques. In these scenarios, after gaining initial access through an insufficiently protected device, such as a family computer, attackers move deeper into a network, searching for other devices to compromise or obtain increased privileges. This continued probing could eventually lead to the exfiltration of sensitive corporate data or high-value intellectual property. 

from Cyber Security News https://ift.tt/39fSJ9T

Cybersecurity overspending: It’s time to shed the belt or the suspenders

As economic uncertainty continues alongside the ongoing pandemic, IT and Security budgets are likely to see modest - if any – growth this year. Therefore, it will fall to CIOs to focus on maximizing existing investments, getting back to the basics, and doing more with the same (or less). There are some core principles I believe are important to keep top of mind when it comes to minimizing risk and maximizing budgets.

from Cyber Security News https://ift.tt/31hrFTe

Bots attack London vaccine appointments

An online site used to book COVID-19 vaccines in the London area was attacked by bots, as thousands attempted to register for their vaccine appointments. According to the London Free Press, just before 10:15 a.m., the Middlesex-London Health Unit tweeted the booking system had experienced challenges. “We have addressed the issues and will continue to monitor the booking system closely,” the organization claimed.

from Cyber Security News https://ift.tt/2QBo54j

Hobby Lobby exposes of 138GB of customer and payment data

American arts and crafts giant Hobby Lobby has exposed a large amount of customer data, including names, phone numbers, physical and email addresses, and the last four digits of payment cards, and the source code for the company's app, according to a security researcher known as "boogeyman," who discovered the leak.

from Cyber Security News https://ift.tt/31eIPRy

5 minutes with Jay Leaf-Clark - Getting started in cybersecurity

Have you considered a career as a cybersecurity professional, but weren't really sure if you had the right degree or skillset needed for success? Here, Jay Leaf-Clark, Head of IT at Dashlane, walks you through how to get started in cybersecurity. 

from Cyber Security News https://ift.tt/3ceKzAd

5 ways IT departments can build trust among their business partners

We have come to a point in the world where IT is being called upon more than ever due to the surge in remote work and technology’s increasingly significant role in driving business direction. The pandemic disruption has increased internal-control risks, leaving every business to adapt and have an increased focus on the overall technology vulnerabilities. To accomplish all they need to keep their organization secure, IT departments have been brought to the realization that they must prioritize building trust among their business partners – but that trust doesn’t happen in a flip of a switch, there’s a variety of steps both parties have to take in order to reach the light at the end of the tunnel.

from Cyber Security News https://ift.tt/3u2j8A3

CPRA update: Board appointments announced for California Privacy Protection Agency

On March 17, California officials announced the establishment of the five-member inaugural board for the California Privacy Protection Agency (CPPA). The CPPA was established by the California Privacy Rights Act (CPRA), which California voters approved in the November election. The CPPA will take over rulemaking duties from the California Attorney General’s office and will administratively enforce the CPRA. Given that California has the world’s fifth largest economy, the CPPA has the potential to be one of the most important data privacy authorities in the world.

from Cyber Security News https://ift.tt/3tTzuLd

LogMeIn names Michael Oberlaender as Chief Information Security Officer

LogMeIn, Inc. has announced that security and privacy veteran, Michael Oberlaender, has joined the company as its new Chief Information Security Officer (CISO). Oberlaender will be responsible for managing and growing LogMeIn’s security program, including infrastructure, applications, and overall data security for both internal systems and the company’s suite of award-winning software products.  

from Cyber Security News https://ift.tt/39atcPg

Security assurance concept for your business

In the current environment, it is wise to incorporate security into your software development lifecycle as early as possible. Historically, security checks were a pre-release gateway for a software team: if you passed, your product/service could go to production. At the same time, security checks used to require a code and environment freeze, while audit preparations led to chaos and a non-systematic approach in collecting important security documentation. All these elements led to a bottleneck for the project team. However, a long wait for security testing results is no longer an option since the typical project pace has significantly increased. Various project models suggest their own approaches for introducing security into software development.

from Cyber Security News https://ift.tt/3cdlqGg

CCPA update: New regulations approved

On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.

from Cyber Security News https://ift.tt/2QpdHMM

Your streaming service is fertile ground for bot attacks

Today, it seems like every few weeks, a new content provider launches an exclusive way to access entertainment. In the last year alone, we saw the introduction of Disney+, Peacock, HBO Max, and others. This is good news for consumers who want exclusive access to content, good news for broadcasters who can charge a premium for access, and especially good news for hackers. Yep, hackers. Streaming services are an enticing target for cybercriminals who use malicious bots to grab your customer’s account information and then sell or even use it themselves to access other services.

from Cyber Security News https://ift.tt/3d4tI2B

ACER hit with up to $50m ransom

Acer has been hit with a $50 million ransomware demand, in what appears to be one of the biggest ransomware demands to date.

from Cyber Security News https://ift.tt/2Polhqn

5 minutes with Jonathan Ehret – The need for third-party risk management in cybersecurity

The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data. 

from Cyber Security News https://ift.tt/3vRcJsQ

Ransomware: The ROI of being prepared

These are the terrible uncertainties and costs organizations like yours face as ransomware rages around the cybersphere. As you deliberate on the best strategy and tactics for defending your organization from ransomware, understand that the total cost of recovering from such an attack more than outweighs the cost of being prepared to defend against it.

from Cyber Security News https://ift.tt/3lLLnju

K-12 cybersecurity education is the key to solving our national cybersecurity crisis

Though filling the cybersecurity talent pipeline has often been thought of as a longer-term goal for the United States, there is renewed urgency to address the tremendous workforce shortage – and quickly. Recent cyberattacks on U.S. infrastructure continue to serve as warning signs that the cadence of threats has increased tremendously and requires immediate action by both industry and government partners. Solving the cybersecurity workforce and talent shortage requires taking action, starting with the youngest learners in the K-12 educational system.

from Cyber Security News https://ift.tt/3r8ijUf

FBI alerts of rise in PYSA ransomware targeting schools

There has been an significant increase in PYSA ransomware targeting education institutions in 12 U.S. states and the U.K., according to a joint Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) flash industry alert. 

from Cyber Security News https://ift.tt/3c1DTWj

Modernizing your legacy ecosystem: Determining risks and readiness

It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.

from Cyber Security News https://ift.tt/38TeLyL

5 minutes with Seth Rachlin - SolarWinds, cyberattacks and cyber insurance

The SolarWinds supply chain attack has, to date, impacted nine government agencies and as many as 100 private sector companies, according to some reports. By the time the full extent of the hack is known, it may be the most widespread security breach on record. But what does this mean for the organizations impacted and is it potentially insurable? In light of the massive cyberattack, we spoke to Seth Rachlin, Executive Vice President and Insurance Lead at Capgemini, to discuss the implications of this attack, and a specific look at the fast-growing cyber insurance market. 

from Cyber Security News https://ift.tt/3r2Rkt2

New spear phishing emails target C-suite executives, assistants & financial departments

Area 1 Security recently stopped a sophisticated Microsoft Office 365 credential harvesting campaign targeting C-suite executives, high-level assistants, and financial departments across numerous industries, including financial services, insurance, and retail. Further research and analysis of the activity revealed a much larger operation than originally discovered. This included several additional directly-related credential phishing campaigns that targeted the same industries and positions using sophisticated techniques and advanced phishing kits, to bypass Microsoft’s native email defenses and email authentication.  

from Cyber Security News https://ift.tt/3r0fR23

The changing face of cyberwarfare

Nearly daily we see new stories of cybercriminals breaching security walls, stealing valuable data, and then holding it hostage in return for money. Companies risk exposing valued customer data as well as their own reputations, placing their credibility in disarray.

from Cyber Security News https://ift.tt/38W4YYQ

Strengthening your security culture: Does the “fear factor” approach really work?

It’s all too common to see “fear appeals” used to motivate users to keep their guards up against the vast amount of cybercriminal activity that occurs online daily. The term FUD (Fear, Uncertainty, and Doubt) was originally coined in the 1970s in reference to IBM’s marketing technique of spreading scary rumors about a competitor’s new product. Ever since, it’s been a mainstay used by security practitioners to try to win budget and to scare employees into following the rules laid down by IT. As cybersecurity research Karen Renaud put it in a recent Wall Street Journal piece, “Companies often turn to a powerful emotion to get employees to be vigilant about cybersecurity. They scare them.”

from Cyber Security News https://ift.tt/3f2BjRw

Mimecast releases report on SolarWinds security incident investigation

Mimecast released an incident response report on their internal investigation of the SolarWinds supply chain attack. The investigation was supported by third-party forensics and cyber incident response experts at Mandiant, a division of FireEye, and in coordination with law enforcement to aid their investigation into this threat actor. 

from Cyber Security News https://ift.tt/3lwjc86

5 minutes with Kelvin Coleman - Remote learning and data privacy issues

The education space has become a major target for cybercriminals. In fact, CISA and the FBI recently issued a joint statement warning K-12 schools of worsening dangers in 2021 after a recent 57% spike ransomware attacks in the sector. So, how can teachers and students stay safe? Here, we speak with Kelvin Coleman, Executive Director, National Cyber Security Alliance (NCSA) about how educators and K-12 cybersecurity leaders can better protect students’ privacy during distance learning sessions. 

from Cyber Security News https://ift.tt/38R9NTg

58% of data backups are failing, creating data protection challenges

Data protection challenges are undermining organizations’ ability to execute Digital Transformation (DX) initiatives globally, according to the Veeam Data Protection Report 2021, which has found that 58% of backups fail leaving data unprotected. The report revealed that against the backdrop of COVID-19 and ensuing economic uncertainty, which 40% of CXOs cite as the biggest threat to their organization’s DX in the next 12 months, inadequate data protection and the challenges to business continuity posed by the pandemic are hindering organizations’ initiatives to transform.

from Cyber Security News https://ift.tt/3vszfYZ

Cybersecurity allies: Why you need them and how to find them

Security teams need an ally that can help them make meaningful progress, no matter where they are in their maturity. In other words, you need vendors who support your mission—an Alfred Pennyworth to your Batman, if you will. While your organization is out serving society, you need to have someone watching your back, making sure operations run like clockwork.

from Cyber Security News https://ift.tt/38RUJoF

FBI releases the Internet Crime Complaint Center 2020 Internet Crime Report

The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and in the accompanying 2020 State Reports.

from Cyber Security News https://ift.tt/2P4AuwC

5 minutes with Kevin Bocek - Why machine identity management is critical for security

Meet Kevin Bocek, who is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders, including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, NCipher, and Xcert. Most recently, Bocek led the investigation that identified Secretary Hillary Clinton’s email server did not use digital certificates and encryption for the first three months of term. Here, we talk to Bocek about a topic he is passionate about: machine identity management. 

from Cyber Security News https://ift.tt/3bSzmp4

Making videoconferences more secure

Videoconferencing has been around for a surprisingly long time.  In fact, the first call involving both audio and video links has been traced all the way back to 1927 in a call that took place between officials in Washington, DC and the president of AT&T in New York. Although it was laughably primitive by current standards, electronic conferencing technology has never stopped growing in either refinement or use. 

from Cyber Security News https://ift.tt/2OXyfvc

Google fixes Chrome zero‑day bug

Google has released an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability known to be exploited by malicious actors. The bugs affect Windows, macOS and Linux versions of the browser. 

from Cyber Security News https://ift.tt/3rYQH5b

75% of cloud users suffered up to seven malicious account takeovers in last year

Vectra AI released its global survey of 1,112 security professionals working in mid to large sized organizations using Microsoft Office 365. The results confirm that the COVID-19 pandemic has accelerated cloud migration and digital transformation amongst 88% of companies and that 71% of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user’s account, not once, but on average seven times in the last year. 

from Cyber Security News https://ift.tt/3rY39Cb

29% of cyber threats previously unknown, HP research finds

HP Inc. released its new Quarterly Threat Insights Report, providing analysis of real-world attacks against customers worldwide. The report found that 29% of malware captured was previously unknown* – due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. 88% of malware was delivered by email into users’ inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines – giving hackers over a week’s ‘head-start’ to further their campaigns.

from Cyber Security News https://ift.tt/2OzdIgR

A look at how COVID-19 challenged security leaders

To mark the anniversary of the shift to remote work due to the pandemic, Randori surveyed 400 security decision-makers to understand how the community was impacted and how they’ve responded to the security challenges of the COVID-19 era. Here are the key findings from the report.

from Cyber Security News https://ift.tt/2Q3Fwdl

Buffalo Public Schools cancels classes after cyberattack

Buffalo Public Schools have canceled both online and in-person instruction due to a cyberattack that occurred the morning of March 12, 2021. 

from Cyber Security News https://ift.tt/3eEFYcq

Nearly half of American employees feel burnt out after a year working during a pandemic

ClickUp announced the findings of its new report, "The 2021 Workplace Pulse," which reveals the sentiments of today’s workers after one year of working during this immense pandemic-driven shift in workplace culture. The survey, which was conducted online on its behalf by The Harris Poll among employed U.S. Americans, sheds light on how employees feel about the changing workplace over the past year, including the sudden shift to remote work, new challenges around managing work/life balance, and gaps in workplace communication and coordination. In fact, nearly half (45%) of U.S. employees said they would give up 10% of their salary in order to have an easier work life. 

from Cyber Security News https://ift.tt/3qPMgII

Ransomware soars with 62% increase since 2019

The 2021 SonicWall Cyber Threat Report goes inside the stories that headlined 2020, and takes a closer look at new and disruptive cyber threats to provide insight into the evolving cyber threat landscape. Major findings of the new in-depth SonicWall report include:

from Cyber Security News https://ift.tt/38Ln9Au

Crafting an effective risk register

You can’t effectively create a risk program if you don’t have a full picture of just how large the risks are for your organization. “You can’t secure what you can’t see” so to speak. Risks don’t necessarily arise from lack of technology – oftentimes they are hidden in faulty business practices. We are well beyond the days of IT and security being segmented off in their own little world away from the business.

from Cyber Security News https://ift.tt/38FAbiM

TIA releases first-ever ICT supply chain security standard

The Telecommunications Industry Association published a new white paper on SCS 9001, the first process-based supply chain security standard for the information communications technology (ICT) industry.

from Cyber Security News https://ift.tt/3eCKfNu

5 minutes with George Waller - Best practices when using video conferencing platforms

Video conferencing platforms have become an essential communication tool over the past year. In addition to increasing team collaboration, video conferencing can help prevent miscommunication among teams, increase engagement, and allow for face-to-face communication to help build relationships among teams, particularly for remote teams. Though the benefits are many, there are growing concerns about the security shortcomings of video conferencing, according to George Waller, EVP and Co-Founder of StrikeForce Technologies. To get more insight on this topic, we spoke to Waller about key challenges with securing video conferencing platforms, as well as why these services are so susceptible to hacking. 

from Cyber Security News https://ift.tt/2Q60to9

Tips small businesses can use to strengthen their cyber health

Although small businesses may not have the financial resources of larger enterprises, they do possess a trove of business and customer information that can net attackers a tidy profit either via ransomware or sale on the dark web. Understanding today’s threats—and how to defend against them—has grown increasingly critical for small businesses. Here are a few of the most common attack vectors that they should be prepared to face.

from Cyber Security News https://ift.tt/30GYbOm

Molson Coors beer production disrupted after cyberattack

Molson Coors Beverage Company, a multinational drink and brewing company headquartered in Chicago in the United States, has suffered a cyberattack that has halted its beer-making production. 

from Cyber Security News https://ift.tt/2OpjRfi

NSA announces GenCyber call for proposals

The National Security Agency announced a new GenCyber Call for Proposals for 2022 GenCyber summer camps. The new Call for Proposals for GenCyber goes out to institutions interested in hosting a 2022 summer camp and to provide young students with the skills they need to better prepare for a career in the fast-changing field of cybersecurity.

from Cyber Security News https://ift.tt/3qFDQn7

Carnegie Mellon University to launch picoCTF cybersecurity event next week

Carnegie Mellon University is set to launch its seventh picoCTF, an online cybersecurity competition run by security and privacy experts in Carnegie Mellon University’s CyLab who hope to help generate interest in the field and build a pipeline of talent into the currently-starved workforce.

from Cyber Security News https://ift.tt/3bI0hnw

5 minutes with Michael Lines - Why the IT/infosec community should be concerned after SolarWinds

The recent attack on SolarWind's Orion product demonstrated how vital it is for Chief Information Security Officers (CISOs) and their teams manage supply chain risks and understand all the products in their environment and how they are being used. Here we talk to Michael Lines, CISO and Head of Security Product Management at Cleanshelf, about why the IT and information security community should be concerned after the SolarWinds hack. 

from Cyber Security News https://ift.tt/3bDAFrO

How to defend against human operated ransomware

Ransomware can be delivered via several mechanisms, the most popular of which is often phishing.  However, a new category called “Human-Operated“ Ransomware is now being used to execute multi-level attacks against company networks. Here’s how it works:

from Cyber Security News https://ift.tt/3qHLD3A

National Consumer Data Privacy Legislation introduced

Congresswoman Suzan DelBene (WA-01) introduced the Information Transparency and Personal Data Control Act, legislation that would create a national data privacy standard to protect personal information.

from Cyber Security News https://ift.tt/3taEDxX

Bubba Nunnery and Hannah Zimmerman join ZoomInfo's privacy team

ZoomInfo announced the expansion of its privacy team with Bubba Nunnery as Senior Director of Privacy and Public Policy. The privacy team is tasked with delivering one of ZoomInfo’s core missions: providing transparency about how it collects its professional contact data and upholding consumers’ rights to privacy. 

from Cyber Security News https://ift.tt/3vfBbUL

FBI and CISA release advisory on cybersecurity compromise of Microsoft Exchange Server

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. The CSA is meant to highlight the cyber threat associated with active exploitation of vulnerabilities in Microsoft Exchange on-premises products. 

from Cyber Security News https://ift.tt/3tecwhx

Is the World Economic Forum's prediction of a global cybersecurity failure in the next 10 years avoidable?

 The World Economic Forum's Global Risk Report for 2021 placed cybersecurity failure among the greatest threats facing humanity within the next ten years. Clearly, in this climate, and since many jumped into the world of cyber operations without adequate preparation, cybersecurity is now a critical priority.

from Cyber Security News https://ift.tt/3eqY8OL

Moving from ‘working at from home’ to a hybrid work experience

Identity management has become a focal point for enterprise security. With the 2020 COVID-19 pandemic and the scramble to support work-from-home employees, the real threat to business data assets, whether in the enterprise or the cloud, has become unsecured remote access.

from Cyber Security News https://ift.tt/3vbcoRv

Verkada breach exposed live feeds of 150,000 surveillance cameras inside schools, hospitals and more

Bloomberg has reported  that a group of hackers have breached a database containing security camera feeds collected by Verkada Inc., a Silicon Valley startup. The database includes live feeds of 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools. 

from Cyber Security News https://ift.tt/3venKEg

Security researchers discover SUPERNOVA web shell activity linked to Chinese hackers

Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.

from Cyber Security News https://ift.tt/3vm455E

5 minutes with Michael Borromeo – Cybersecurity best practices with a hybrid workforce

Hybrid work is emerging as a norm, especially for companies who have a mix of workers whose job requires coming into the office, and those who are able to accomplish their work at home. This hybrid workforce is expected to become more prevalent as 75% of workers want to retain flexibility over their schedule beyond the pandemic. To get some insight into how security executives executives can implement consistent security practices for the new hybrid workforce environment, we spoke to Michael Borromeo, Vice President, Data Protection at Stericycle, the provider of Shred-it information security services.

from Cyber Security News https://ift.tt/2OmBAns

71% of employees share sensitive and business-critical data using instant messaging and business collaboration tools

Veritas Technologies revealed new research that highlights the dangers of mis-using instant messaging (IM) and business collaboration tools: 71% of office workers globally – including 68% in the US – admitted to sharing sensitive and business-critical company data using these tools, the survey found.

from Cyber Security News https://ift.tt/30s7Lod

Starting 2021 with a clean cyber slate

The new year is upon us, and as such, it is a time to reflect on what worked over the past 12 months, and more importantly, what didn’t work. Organizations all over the world are utilizing applications, operating systems, and IoT devices while their data, and their customer’s data, increasingly lives in the cloud. Organizations should take the beginning of the year as a housekeeping opportunity to assess their systems to set themselves up for success in the new year.

from Cyber Security News https://ift.tt/3vdcZC6

The evolution of workplace data privacy best practices

There has been no shortage of ransomware reports and data breaches affecting companies from all sectors all over the world, accelerated, in part, during 2020 as the COVID-19 pandemic caused a mass move to remote work and many organizations raced to accommodate the new normal.

from Cyber Security News https://ift.tt/3cjWDPy

30,000 U.S. organizations breached by cyber espionage group Hafnium

At least 30,000 organizations in the U.S. have been hacked by a Chinese cyber espionage unit, known as "Hafnium." The group is targeting and exploiting security vulnerabilities in Microsoft Exchange Server email software. 

from Cyber Security News https://ift.tt/3rAOs80

New survey examines the impact of SolarWinds breach on cybersecurity

In the wake of the biggest breach in history, DomainTools’ new survey on “The Impact of the SolarWinds Breach on Cybersecurity” aims to capture the effects felt by 200 security researchers and analysts, threat hunters, managers, C-suite executives and those whose organizations join the collateral damage left in the fallout.

from Cyber Security News https://ift.tt/38nGI1v

Over two million corporate secrets detected on public GitHub in 2020

GitGuardian announced the results of its 2021 State of Secrets Sprawl on GitHub report. The report, which is based on GitGuardian’s constant monitoring of every single commit pushed to public GitHub, indicates an alarming growth of 20% year-over-year in the number of secrets found.  A growing volume of sensitive data - or secrets – such as API keys, private keys, certificates, username and passwords end up publicly exposed on GitHub, putting corporate security at risk as the vast majority of organizations are either ignoring the problem or poorly equipped to cope with it.

from Cyber Security News https://ift.tt/3v8RmTO

Half of women in cybersecurity report positive career impact from COVID-19

While the global job market has been hit hard by the pandemic, cybersecurity job recruitment thrived in 2020. According to a new global report from human layer security company Tessian, titled Opportunity in Cybersecurity 2021, 94% of women in cybersecurity hired new staff members in 2020 to support their teams, with IT, finance and healthcare industries making the most hires.

from Cyber Security News https://ift.tt/3ejkgdL

UTSA receives $1.2 million CISA grant to develop information system to enhance critical infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) has awarded the University of Texas at San Antonio Center for Infrastructure Assurance and Security (CIAS) a $1.2 million grant to conduct a pilot program to help state, local, tribal and territorial governments identify high value assets (HVA) to prioritize resources and planning.

from Cyber Security News https://ift.tt/2N39gWQ

5 minutes with Bryce Webster-Jacobsen - What the new CMMC Framework means for defense contractors

GroupSense’s director of intelligence operations Bryce Webster-Jacobsen outlines the U.S. Department of Defense’s Cybersecurity Maturity Model Certification’s Impact on Defense Contractors.

from Cyber Security News https://ift.tt/2Ovhd7A

Don’t throw out your prohibited thumb drives: Liberate your workers who need more IT freedom

The Unofficial Law of Endpoint Security Proportionality: The security measures taken to protect an employee’s endpoint are proportionate to the proximity of the employee to the company’s most valued assets. Or, put in simpler terms, the more closely an employee works with a company’s crown jewels, the more essential it is to virtually eliminate the possibility of an endpoint security breach.

from Cyber Security News https://ift.tt/30k6Gyr

The fight against cyber threats requires a public-private partnership. Here’s how to get it done.

In order to combat cybersecurity threats, the Biden administration and state governors across the country should immediately work to foster deeper relationships with the private sector. Tech and government certainly don’t always get along, but the threats we face now require a national effort that would rival the Space Race of the 1960s. This can be done through state and federal governments offering financial incentives to businesses that prioritize the development and integration of cybersecurity measures, amplified communication from the government concerning the importance of cybersecurity, as well as the potential bolstering of compliance standards to minimize threats and the negative impact of breaches.

from Cyber Security News https://ift.tt/3ema2cy

NSA and CISA release cybersecurity guidance on strengthening cyber defense through protective DNS

The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, “Selecting a Protective DNS Service." This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS.

from Cyber Security News https://ift.tt/2MSKB7g

2021 Electronic Security Expo goes virtual

The 2021 edition of the Electronic Security Expo (ESX), an annual education and networking event dedicated to professionals from the electronic security and life safety industry, will be conducted virtually out of consideration for the health and well-being of participants. Renamed the ESX 2021 Virtual Experience, the event will take place exclusively online from June 15-17.

from Cyber Security News https://ift.tt/30hAvQp

Will AI malware change the game?

The use of artificial intelligence (AI) in cybersecurity, while often overhyped, is not a new concept. Hackers have included countermeasures in malware since its inception to detect runtime environments or sense detection attempts. Early actions were primitive compared to what we know today, but they laid the groundwork for more critical thought about adaptive and evasive technologies and sophisticated situational awareness. This lethal combination of research and deep targeting is likely the future of malware as adversaries attempt to outsmart the companies and researchers trying to thwart them. 

from Cyber Security News https://ift.tt/3rjGPmk

Data privacy good governance and controls

With the inception of privacy regulatory laws and associated penalties, it has become mandatory for organizations to take necessary steps in establishing and implementing a strong privacy risk management framework. Inadequate, or the lack of, a risk management framework may present numerous organizational risks.

from Cyber Security News https://ift.tt/30bcdaK

Designing an integrated cybersecurity approach to cloud migration strategies

In a paper released recently, “An integrated cyber approach to your cloud migration strategy,” Deloitte explores how an integrated cloud-cyber strategy enables organizations to use cyber as a differentiator, and outlines how cybersecurity teams must adapt.

from Cyber Security News https://ift.tt/2OlXJCj

Why schools need to incorporate endpoint management into their proactive cybersecurity strategy for 2021 and beyond

Education is particularly attractive to criminals because of the vast amount of valuable data it holds: student and staff information, supplier information, alumni databases, and research data - so, as security experts, what’s to be done to help schools secure their endpoint devices?

from Cyber Security News https://ift.tt/3sPbmsC

The integration of small business cybersecurity protection and cyber insurance: An emerging trend in 2021

Now more than ever before, the small business sector is beginning to prioritize cybersecurity and cyber liability insurance to mitigate potential crippling financial risk, which is setting the stage for a major trend moving forward: the merging of cybersecurity technology and insurance to mitigate insurer’s risk and provide the best overall coverage for small businesses.

from Cyber Security News https://ift.tt/30ciRNN

Beware skyrocketing ransomware

Ransomware – a cyberattack in which attackers hijack computer systems and demand payment to release them – has skyrocketed from a relative rarity a few years ago to the single biggest type of cybercrime today. And there is no end in sight to its growth trajectory. Last year, 2,354 American government entities, healthcare organizations and schools were the victims of ransomware attacks. The average ransomware payout swelled to $178,000 in the first half of 2020, up from $112,000 a year ago, according to ransomware incident response firm Coveware, and few clandestine culprits were caught.

from Cyber Security News https://ift.tt/3qcJUmF

16Shop adds phishing kit to target cash app users

The developer of the 16Shop phishing platform added a new component that targets users of popular Cash App mobile payment service, according to reports. 

from Cyber Security News https://ift.tt/2O4fx51

The Open Security & Safety Alliance announces camera cybersecurity specification and alliance council for app developers

The Open Security & Safety Alliance (OSSA), an industry body comprised of stakeholders from all facets of the security, safety and building automation space, announced two important developments to help pave the road towards trustworthy and innovative security and safety solutions. First, a new specification is now available to members that focuses on camera cybersecurity measures. OSSA also introduces a new App Developer Council designed to attract and involve app developers in the Alliance’s ever-growing ecosystem of security and safety industry players.

from Cyber Security News https://ift.tt/2NSO6v1

Dark web takedowns up in 2021

2021 has proven to be busy for law enforcement operations already, taking down numerous high-profile dark web marketplaces and forums including Dark Market (500k users, 2.4k sellers,  transactions ~ €140 million), Emotet, Netwalker, and Egregor, with some even producing arrests of site operators. Digital Shadows’ new report, “Cybercriminal law enforcement crackdowns in 2021,” highlights the impact that these takedowns have had to date.

from Cyber Security News https://ift.tt/3sUZ4it

CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

from Cyber Security News https://ift.tt/3rhBdsK

DoS vulnerability discovered in Eclipse Jetty

Synopsys Cybersecurity Research Center (CyRC) researchers have discovered CVE-2020-27223, a denial of service vulnerability in Eclipse Jetty, a widely used open source web server and servlet container.

from Cyber Security News https://ift.tt/2NY1f5R

Researcher discovers and patches Linux kernel vulnerabilities

Positive Technologies security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. These vulnerabilities could be exploited for local privilege escalation, as confirmed by Popov in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).

from Cyber Security News https://ift.tt/3e97M8r

Malaysian Airlines is breached

Malaysia Airlines has confirmed it has suffered a "data security incident" via a third-party IT service provider. The company also said the breach had not affected its carrier's core IT infrastructure and systems. 

from Cyber Security News https://ift.tt/3c19I00

Securing the cloud in 2021: 3 steps to cloud-based identity

Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.

from Cyber Security News https://ift.tt/3uMA3HH

Far-right platform Gab confirms it was hacked

CEO and co-founder of social media platform Gab said the site had suffered a data breach. WIRED reported that the far-right platform had more than 70 gigabytes of data, and 40 million posts, leaked by a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project." 

from Cyber Security News https://ift.tt/3qaxVGr

CISA releases COVID-19 vaccine physical security guidance

CISA created the COVID-19 Vaccine Distribution Physical Security Measures guidance. This guidance provides a non-comprehensive list of physical security resources available to the public to help facility owners and operators enhance their physical security to protect workers and individuals.

from Cyber Security News https://ift.tt/3e7B2g1

Juan Rodriguez named Executive Vice President & Chief Information Security Officer at Comerica Incorporated

Comerica Incorporated announced that Juan Rodriguez has been named Executive Vice President, Chief Information Security Officer. Reporting to Executive Vice President and Chief Technology & Operations Services Officer Megan Crespi, Rodriguez oversees Comerica's enterprise-wide information security policy, strategy, architecture, operations and capability enhancements of the bank. 

from Cyber Security News https://ift.tt/3bPIABf

NSA issues guidance on Zero Trust Security Model

The National Security Agency (NSA) published a cybersecurity guidance, “Embracing a Zero Trust Security Model.” This guidance shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data.

from Cyber Security News https://ift.tt/3dYiQFg

What modern cybersecurity can learn from ancient adversaries

With increasingly sophisticated attacks on targets of opportunity, how can enterprises ensure they are doing everything possible to safeguard against cyber threats? Surprisingly, we can apply techniques used to fend off enemies throughout ancient history by emperors, warriors, and soldiers to our high-tech environments of today. Below, we’ll examine three civilizations’ decision making and how we can integrate their best practices into modern-day security strategies.

from Cyber Security News https://ift.tt/380vlwx

Sophos details delivery method of financial malware Gootkit

Sophos has published new research, “Gootloader Expands Its Payload Delivery Options,” that details how the delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform, “Gootloader.” Gootloader is actively delivering malicious payloads through tightly targeted operations in the U.S., Germany and South Korea. Previous campaigns also targeted internet users in France.

from Cyber Security News https://ift.tt/3q6Jkaf

2021 Top Cybersecurity Leaders - Ira Winkler

While Ira Winkler’s tenure as CISO within Skyline Tech Solutions has been short, he has made a significant impact. In October 2020, he took over a security department that lacked leadership, as it grew organically out of a successful network and IT services operations.

from Cyber Security News https://ift.tt/2PlKrpP

2021 Top Cybersecurity Leaders - Spencer Wilcox

Spencer Wilcox first started his career in cybersecurity while in law enforcement in the Commonwealth of Virginia. With training in computer forensics and cyber investigations from the Federal Bureau of Investigation (FBI), Wilcox transitioned to the energy industry at Constellation Energy as a DFIR (Digital Forensics and Incident Response) investigator and has held positions in cyber and physical security leadership ever since.

from Cyber Security News https://ift.tt/2O4TbzX

2021 Top Cybersecurity Leaders - Grant Sewell

At Safelite Group, an American provider of vehicle glass repair, replacement and recalibration services, headquartered in Columbus, Ohio, Grant Sewell has built the security team from the ground up.

from Cyber Security News https://ift.tt/302Xqyw

2021 Top Cybersecurity Leaders - Shawn Harris

As Director of Information Security responsible for cybersecurity strategy, engagement and architecture at Starbucks, Shawn Harris leads a team of 10 security professionals comprised of principal level architects, security program and management professionals.

from Cyber Security News https://ift.tt/2O9JjF4

2021 Top Cybersecurity Leaders - Theresa Grafenstine

As the Global Chief Auditor for Technology at Citi, Theresa Grafenstine oversees a staff of approximately 250 technology auditors – all of whom are required to incorporate a standardized testing program that covers basic principles of information security. Grafenstine also manages a team of more than 30 auditors who specialize in cybersecurity and conduct technical cyber reviews of Citi’s systems globally.

from Cyber Security News https://ift.tt/3dWjG5m

2021 Top Cybersecurity Leaders - Heather Gantt-Evans

Heather Gantt-Evans was recently appointed the Chief Information Security Officer (CISO) at SailPoint. Previously, she was Senior Director of Security Operations and Cyber Resilience at the Home Depot, where she was responsible for leading security engineering, application security, vulnerability management, network security and the security operations center.

from Cyber Security News https://ift.tt/3b7PXoB

2021 Top Cybersecurity Leaders - Dave Estlick

Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.

from Cyber Security News https://ift.tt/3bQ2fAS

2021 Top Cybersecurity Leaders - Chuck Davis

Chuck Davis, MSIA, CISSP-ISSAP, is Senior Director of Cybersecurity at Hikvision, a global company with more than 40,000 employees and 59 branch offices and subsidiaries around the world. Based in the U.S., Davis leads the global cybersecurity team and, under his leadership, Hikvision has achieved several cybersecurity milestones to include the establishment of the Source Code Transparency Center at Hikvision USA’s Los Angeles headquarters, where government and law enforcement officials may examine the source code for Hikvision’s cameras and NVRs.

from Cyber Security News https://ift.tt/3r50arg

2021 Top Cybersecurity Leaders - Edna Conway

Edna Conway is globally recognized as an innovative and empowering executive who forecasts the future of business and creates clear strategies to get ahead of burgeoning trends. Her expertise and insight span the expanding arena of third-party risk, changing global government cybersecurity demands and consumer privacy expectations.

from Cyber Security News https://ift.tt/2ZZcTQn

2021 Top Cybersecurity Leaders - Jason Albuquerque

Jason Albuquerque is Chief Information Officer (CIO) and Chief Security Officer (CSO) at Carousel Industries, Inc. Headquartered in Exeter, R.I., Carousel Industries is a provider of managed services, including cloud, data center and security, as well as communication and network technologies.

from Cyber Security News https://ift.tt/3bJiU9g

2021 Top Cybersecurity Leaders - Derrick A. Butts

When Derrick A. Butts first started his role as Chief Information and Cybersecurity Officer at Truth Initiative, a large non-profit public health organization dedicated to making tobacco use and nicotine addiction a thing of the past, he had an 18-month plan dedicated to increasing cybersecurity confidence, IT members’ skillsets, and overall security posture within the organization while rebranding the IT department as a positive security and technology resource.

from Cyber Security News https://ift.tt/3dU8Ehd

Security magazine announces 2021 Top Cybersecurity Leaders recipients

Security magazine launched its inaugural Top Cybersecurity Leaders program for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession. 

from Cyber Security News https://ift.tt/3bTDSm5

The 2021 Top Cybersecurity Leaders

Security magazine is pleased to present our inaugural Top Cybersecurity Leaders for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession. They were nominated by their colleagues and associates, and were chosen based upon their leadership qualities and the overall positive impact that their cybersecurity projects, programs or departments have had on their shareholders, organizations, colleagues and the general public.

from Cyber Security News https://ift.tt/2MxS3nZ

CISA announces winners of the second annual President’s Cup Cybersecurity Competition

The Cybersecurity and Infrastructure Security Agency's (CISA) second annual President’s Cup Cybersecurity Competition concluded last week, with the final rounds taking place over a three-day period.  The President’s Cup is a national competition designed to identify, challenge, and reward the best cybersecurity talent in the federal workforce.  This year’s competition featured two individual tracks – one focused on incident response and forensic analysis and the other focused on vulnerability exploitation analysis – and a team track.  The first rounds of the competition started in August.

from Cyber Security News https://ift.tt/3qbdRnq