Average ransom demand increased to $1.2 million

From the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim.

from Cyber Security News https://ift.tt/3liO8dX

49% of employees still use their personal computers for work as hybrid landscape intensifies enterprise cyber threat

Half (49%) of U.S. WFH employees say they continue to use their personal laptop or computer as they work remotely, according to Morphisec’s 2021 WFH Employee Cybersecurity Threat Index that was released . The second annual study found enterprise employees remain worryingly reliant on non-hardened personal devices for work activities 16 months after the pandemic forced them to go remote.

from Cyber Security News https://ift.tt/3id5vuL

5 minutes with Deborah Golden - Establishing trust in the digital identity ecosystem

Deborah Golden, Deloitte Risk & Financial Advisory’s U.S. Cyber and Strategic Risk leader, shares insights on the most significant barriers to widespread digital identity adoption and the need to face them head-on as we embrace a more digital world.

from Cyber Security News https://ift.tt/2V7sAWT

How hackers used ransomware to undermine healthcare everywhere

As COVID-19 ravaged hospitals’ patient care units last year, opportunistic criminals saw an opportunity to pluck low-hanging fruit: Hacking groups decided to breach and ransom healthcare institutions during a time of global crisis.

from Cyber Security News https://ift.tt/3BUpwOk

BlackMatter and Haron ransomware groups emerge after DarkSide and REvil disappear

Two new ransomware groups - BlackMatter and Haron - have emerged this July 2021, soon after the sudden disappearance of top-tier ransomware threat actors DarkSide and REvil. 

from Cyber Security News https://ift.tt/375fQm7

76% of companies impacted by it vulnerabilities in the last year

In a survey of enterprise IT security executives conducted by Vulcan Cyber, 76% of respondents indicated that a security vulnerability had impacted their business in the last year.

from Cyber Security News https://ift.tt/3x6cUjC

5 minutes with Joey Johnson - Safeguarding sensitive healthcare data from cybercriminals

Security spoke to Joey Johnson, Chief Information Security Officer of Premise Health, a direct healthcare provider, about how healthcare security leaders can keep up with rising cybersecurity threats.

from Cyber Security News https://ift.tt/3rEApis

US, UK and Australia issue joint cybersecurity advisory on top targeted vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S, Federal Bureau of Investigation (FBI), have co-authored a new advisory which provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.  

from Cyber Security News https://ift.tt/3f61PsM

The big takeaway from the Kaseya supply chain/ransomware cyberattack

While the Kaseya, SolarWinds and other cyberattacks and global disruptors may appear dissimilar, having wildly varying causes and impacts, there is strategic value in considering them – and the supply chains they spread across – as a collective. Together, they represent a rapid learning opportunity for both adversaries and defenders – an open-source global weapons development program.

from Cyber Security News https://ift.tt/3zGRFGG

The beginning of a beautiful friendship: How the insurance industry can partner with IT to create true digital transformation

IT executives and senior leaders are key drivers of success. For an organization to quickly realize a tech vision and reap the benefits of digitization, leaders must have cutting-edge technical knowledge, a shared vision for change and, most critically, a people-focused approach that empowers the organization now and in the future.

from Cyber Security News https://ift.tt/2V0mUOn

New bugs could let attackers hijack Zimbra server

SonarSource cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra - email collaboration software used by global enterprises - that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.

from Cyber Security News https://ift.tt/379LlLL

Ross Hosman joins Drata as CISO

Ross Hosman is taking over at Drata as Chief Information Security Officer (CISO) and will lead and grow the company's security program.

from Cyber Security News https://ift.tt/3zBwk1s

API attack traffic has grown at triple the rate of overall API traffic

Salt Security released the Salt Labs State of API Security Report, Q3 2021, revealing significant challenges in addressing API security, with all customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.

from Cyber Security News https://ift.tt/3zGL13e

Google launches bug hunters community

To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunter to submit issues. 

from Cyber Security News https://ift.tt/3f21YNS

Apple patches zero-day vulnerability in iOS, iPadOS and macOS

Apple has released security updates to address zero-day vulnerability exploited in the wild, impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher, BleepingComputer reports.

from Cyber Security News https://ift.tt/3ygPvgU

5 minutes with Tim Danks - Global collaboration in cyber risk management is needed

Tim Danks, Huawei VP of Risk Management, discusses his thoughts on cybersecurity and the great need for global collaboration to build cyber risk management standards across the world. 

from Cyber Security News https://ift.tt/2UUsMIV

Cloud incident response demands cloud native capabilities

In today’s business environment security is a fundamentally functional and non-functional requirement and cannot be an afterthought where issues are chased after systems are operational. That’s why it’s vital that best practices be implemented by companies from the onset of any cloud migration strategy: backed by a robust and real-time capability to plan, investigate, and respond to all security incidents.

from Cyber Security News https://ift.tt/3y9zCsz

Data privacy in the era of COVID-19 vaccine rollouts

Organizations are also navigating an increasingly complex regulatory landscape where failure to comply can and has led to costly fines, a damaged corporate reputation, and lost business opportunities. Data has truly proven to be an invaluable asset, but also an unbounded risk if not properly managed.

from Cyber Security News https://ift.tt/2UZElOS

New benchmark offers detailed comparison data for security programs

The Security Leadership Research Institute (SLRI) has released the results of its 2021 Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark.

from Cyber Security News https://ift.tt/3zHXeVu

Majority of employees take cybersecurity shortcuts, despite knowing risks

Workers are engaging in risky behaviors which could put their company’s digital security at risk, despite knowing the dangers, a global survey of more than 8,000 employees has revealed.

from Cyber Security News https://ift.tt/3iRQ4qS

66% of applications in the utilities sector have at least one exploitable security vulnerability per year

NTT Application Security released its six-month trend findings in its AppSec Stats Flash Vol. 7, reporting on the current state of application security and the wider threat landscape, including Window of Exposure (WoE), Vulnerability by Class, and Time to Fix.

from Cyber Security News https://ift.tt/3zETeF5

More than one in three organizations say that they are experiencing more cyberattacks

Ransomware attacks have been increasingly in the headlines—and reaching historic levels of impact with the recent Colonial Pipeline and Kaseya attacks. Findings from the State of Cybersecurity 2021, Part 2 survey report from ISACA in partnership with HCL Technologies show that 35% of respondents report that their enterprises are experiencing more cyberattacks, three percentage points higher than last year.

from Cyber Security News https://ift.tt/3zG8mlM

CWE top 25 most dangerous software weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.

from Cyber Security News https://ift.tt/3iRo9aj

CISA, partners hold annual election security exercise

The Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Association of Secretaries of State (NASS) and the National Association of State Election Directors (NASED), hosted the nation’s annual election security exercise last week, bringing together federal, state, local, and private sector partners for the fourth annual Tabletop the Vote. More than 1,000 participants ran through hypothetical scenarios affecting election operations to share practices around cyber and physical incident planning, preparedness, identification, response, and recovery.

from Cyber Security News https://ift.tt/3iUPysi

Department of Energy releases updated Cybersecurity Capability Maturity Model

The U.S. Department of Energy (DOE) released Version 2.0 (V2.0) of the Cybersecurity Capability Maturity Model (C2M2), a tool designed to help companies of all types and sizes evaluate and improve their cybersecurity capabilities.

from Cyber Security News https://ift.tt/3i6I8mA

Kaseya gets master key to unlock networks

Kaseya has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident.

from Cyber Security News https://ift.tt/3BxLre3

US municipalities suffer data breach due to misconfigured Amazon S3 buckets

More than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US were left exposed, according to a new report from a team of cybersecurity researchers with security company WizCase. 

from Cyber Security News https://ift.tt/2W7R56h

New research shows 97% still unaware of crucial container security principles that underline the urgency for runtime controls

Aqua Security released the results of its 2021 Cloud Native Security Survey revealing the knowledge gap around runtime security and the associated risks. The study found that only 3% of respondents recognize that a container, in and of itself, is not a security boundary, indicating that the default security capabilities of containers are overestimated. T

from Cyber Security News https://ift.tt/36SPp2V

Zero Trust vs. SASE - Here’s what you need to know

Zero Trust and SASE have become top of mind for many organizations globally in the past year as business models changed overnight to accommodate a remote workforce, bringing an expanded attack surface.

from Cyber Security News https://ift.tt/3eKA88o

TSA announces new cybersecurity regulations for critical pipeline owners and operators

In response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. 

from Cyber Security News https://ift.tt/2UuwR6B

5 minutes with Steve Grewal - Preparing for new data privacy regulations

Steve Grewal, Cohesity Federal CTO and former U.S. Department of Education CISO/CTO/CIO, shares his insights into how organizations can leverage modern data management strategies and technologies to ensure they are prepared to reduce the impact of ransomware attacks while being ready for audit and reporting processes to remain compliant with increasing state-by-state regulations.

from Cyber Security News https://ift.tt/3kKrquX

Creation of a customized college student cybersecurity awareness online learning solution

Although cybersecurity awareness training can be valuable to all students, a survey on the topic found that it can be particularly effective among non-Computer Science or Information Technology majors. The reasons are many, but the reliance on technology as students for their coursework and their personal affairs can be valuable to share with family and friends.

from Cyber Security News https://ift.tt/3eGQbUQ

Senators introduce cyber incident notification act

Leaders of the Senate Intelligence Committee and other bipartisan lawmakers have formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches following moLeaders of the Senate Intelligence Committee and other bipartisan lawmakers have formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches following months of escalating cyberattacks.  nths of escalating cyberattacks.

from Cyber Security News https://ift.tt/3wYRMMa

MITRE Engenuity releases first ATT&CK evaluations for industrial control systems security tools

MITRE Engenuity released results from its first round of independent MITRE Engenuity ATT&CK Evaluations for Industrial Control Systems (ICS). The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.

from Cyber Security News https://ift.tt/3Br7pzu

New research shows growing risk of data exposure

Netskope revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks.

from Cyber Security News https://ift.tt/3zmUi08

MosaicLoader malware targets software pirates

Bitdefender security researchers discovered a new malware strain spiking in their telemetry. The malware, which Bitdefender named MosaicLoader, is a downloader that can deliver any payload to the infected system. During their investigation, Bitdefender found that MosaicLoader threat actors used the following tactics to hinder researchers' malware analysis efforts and to increase their attacks' rate of success:

from Cyber Security News https://ift.tt/3zl7GBX

Hacker behind LinkedIn scraping grabbed 700m profiles 'for fun'

A hacker created a database of information scraped from 700 million LinkedIn users after tricking the company’s API and used the same technique to create a database on 533 million Facebook users.

from Cyber Security News https://ift.tt/3rmK652

5 minutes with Dr. Bobby Blumofe - Is zero-trust security bad for office morale?

Dr. Bobby Blumofe, Chief Technology Officer of Akamai, discusses zero-trust security models and how they impact employee morale. 

from Cyber Security News https://ift.tt/3hRHusG

US formally accuses China of Microsoft hack

The United States, the European Union, NATO and other world powers on Monday accused the Chinese government of an array of malicious cybersecurity incidents, blaming its Ministry of State Security (MSS) and hackers for the security attack on Microsoft's email server disclosed in early March 2021.

from Cyber Security News https://ift.tt/3kC14uR

iPhones compromised by NSO spyware

New evidence uncovered by Amnesty International and Forbidden Stories has revealed a massive wave of attacks by cyber surveillance company NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide.

from Cyber Security News https://ift.tt/3ezNioY

Linux version of HelloKitty ransomware targets VMware ESXi

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage, BleepingComputer reports.

from Cyber Security News https://ift.tt/3xWLwpC

79% of survey respondents identify threat modeling as a top priority in 2021

A recent study from Security Compass found just 25% of organizations surveyed conduct threat modeling during the early phases of software development—requirements gathering and design—before proceeding with application development.

from Cyber Security News https://ift.tt/3BgarX3

Going passwordless: Future-proofing your digital identity

In this article we will delve further into the many risks to today’s digital identity solutions. We will also review the benefits of alternatives to passwordless authentication solutions using biometrics, and ultimately where the future of identity security could be heading long-term.

from Cyber Security News https://ift.tt/2VSjcGt

Cyberattacks increased 17% in Q1 of 2020, with 77% being targeted attacks

The number of cyberattacks increased by 17% compared to Q1 2020, and compared to Q4 2020, the increase was 1.2%, with 77% being targeted attacks, according to a new Positive Technologies Cybersecurity Threatscape Q1 2021 report. Incidents involving individuals accounted for 12% of the total.

from Cyber Security News https://ift.tt/3z5PD2K

Attackers exploit zero-day flaws in Chrome, Safari and Internet Explorer

Google’s Threat Analysis Group (TAG) has discovered four in-the-wild 0-day campaigns targeting four separate vulnerabilities this year, all which can be particularly dangerous when exploited and have a high rate of success: Google’s Threat Analysis Group (TAG) has discovered four in-the-wild 0-day campaigns targeting four separate vulnerabilities this year, all which can be particularly dangerous when exploited and have a high rate of success:

from Cyber Security News https://ift.tt/2Umvl69

Myth busting the cybersecurity maturity model certification

While this is a step in the right direction, there are some confusion, speculation and rumors related to CMMC accreditation. The following are three common misconceptions around CMMC certification, with clarification to help organizations requiring CMMC certification to stay well-informed on the necessary guidelines and procedures.

from Cyber Security News https://ift.tt/3ijaeto

The big problem with bad cyber analogies

Because cybersecurity events are complicated, we rely on analogies to understand how they work. Analogies are useful, but certain oversimplifications are perpetuating inaccurate narratives. These inaccuracies misdirect productive discussion and as a result, proposed policy and solutions are being based on faulty assumptions. A faulty premise can only yield flawed results…and cyber national security is not an area in which the United States has margin for error.

from Cyber Security News https://ift.tt/3hFpTV0

Threat group is running active cryptojacking campaign

Bitdefender security researchers have discovered a threat group likely based in Romania that's been active since at least 2020. They've been targeting Linux-based machines with weak SSH credentials, mainly to deploy Monero mining malware, but their toolbox allows for other kinds of attacks.

from Cyber Security News https://ift.tt/3igGeOO

REvil ransomware sites are down

REvil ransomware gang’s website and infrastructure has gone offline, about a week and a half after the news of the group’s cyberattack on IT software vendor Kaseya.

from Cyber Security News https://ift.tt/3hFHThP

Imminent ransomware campaign targeting older appliances

SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

from Cyber Security News https://ift.tt/3kgCPlT

Getting started in cybersecurity – 6 essential skills to consider

Capable cybersecurity professionals can expect to be spoiled for choice in the job market today and well compensated for their in-demand skillsets. For those considering entering the field, I’d like to lay out the state of security today, explore potential career paths, and provide some guidance on the steps you can take, including skills you can develop to make it happen.

from Cyber Security News https://ift.tt/3wGXP83

Detailed financial records exposed on financial services platform

Salt Labs researchers investigated a large financial institution’s online platform that provides API services to thousands of partner banks and financial advisors. As a result of multiple API vulnerabilities, researchers were able to launch attacks where:

from Cyber Security News https://ift.tt/3elRbNV

Women in security: A guiding force

How often do you consider gravity? And the power of this invisible force to move oceans, hold planets in orbit, and quite literally, keep us all grounded. Now, how about women in technology? Another force of nature that, I think, deserves more visibility and recognition. Men haven’t cornered the market on technological genius, innovation, and invention. But too often, women have had to work all the harder not only to prove that fact, but also to be equally recognized for their extraordinary contributions.

from Cyber Security News https://ift.tt/3knNzix

Cloud security should never be a developer issue

I dare to say this: “companies need to stop playing the game of pin the blame on the developer whenever a security vulnerability is discovered or exploited in applications.” Rather than pointing fingers at developers, organizations need to empower these professionals to help them build and expand their cloud-based initiatives without having to worry about security.

from Cyber Security News https://ift.tt/3Ba27Z5

Fashion retailer Guess announces data breach

Fashion retailer Guess recently announced a data breach, compromising 1,300 people and their information, including account numbers, debit and credit card numbers, social security numbers, access codes and personal identification numbers. 

from Cyber Security News https://ift.tt/3idEZAe

Average company faces 1000+ spoofed domain threats per year

Digital Shadows published new research revealing that in the last four months, each of its clients experienced on average 360 domains impersonating their company and brand name – nearly 1,100 per year, on average.

from Cyber Security News https://ift.tt/3i7s8z9

Morgan State University to offer 24 cybersecurity scholarships

Morgan State University’s (MSU) Cybersecurity Assurance and Policy (CAP) Center has been awarded a $3.2 million National Science Foundation (NSF) grant to implement the agency’s novel CyberCorps Scholarship for Service (SFS) program at Morgan, providing 24 cybersecurity scholarships to undergraduate and graduate students.

from Cyber Security News https://ift.tt/3ARQSUZ

Lack of visibility is the biggest challenge for security leaders when safeguarding digital communications

Lack of visibility (39%) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications, according to a new SafeGuard Cyber study.

from Cyber Security News https://ift.tt/3yShFym

Outdated cybersecurity training erodes trust, hurts more than it helps

Traditional cybersecurity training can be individual or LMS-based and generally hinges on a 30- to 60-minute session of basic training once a year. There will be some visual reminders taking the form of emails or posters during the year. But regardless of the minor variations, traditional training doesn’t work.

from Cyber Security News https://ift.tt/2TYCnOp

Why cybersecurity frameworks are crucial for the future of open banking

In this article, we’ll look at what the existing cybersecurity threats are around open banking, and how individuals, companies, institutions, and regulators can proactively address those risks.

from Cyber Security News https://ift.tt/3ifBdGz

CISA publishes malware analysis report and updates alert on DarkSide ransomware

CISA has published a new Malware Analysis Report (MAR) on DarkSide Ransomware and updated Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, originally released May 11, 2021.

from Cyber Security News https://ift.tt/3yLDqQF

The first 90 days of a Chief Security Officer

The first 90 days of a Chief Security Officer in an organization are critical for his/her success or failure in the new position. Successful individuals will be the ones who establish trusting relationships, learn the organizational culture, and lay the ground foundation for a security program.

from Cyber Security News https://ift.tt/3AKvVLt

Reza Zaheri joins Quantum Metric as Chief Information Security Officer

Reza Zaheri joins Quantum Metrics as Chief Information Security Officer (CISO). Bringing over 18 years of experience in cybersecurity, digital forensics and incident response, Reza will be responsible for maintaining Quantum Metric's data privacy and security.

from Cyber Security News https://ift.tt/3e1YNVJ

How to build a better corporate social media policy

In today’s digital world, personal security is directly tied to corporate security. Therefore, it is critical for organizations to implement employee security guidelines and best practices to improve not only the employees’ digital hygiene and personal security but also the company’s security.

from Cyber Security News https://ift.tt/36qzUz0

GOP allegedly hacked by APT29, known as Cozy Bear

APT29, known as Cozy Bear, has allegedly breached the computer systems of the Republican National Committee (RNC), according to reports.

from Cyber Security News https://ift.tt/3ADAcAi

Data breaches from insiders can cost as much as 20% of annual revenue

According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. Perhaps just as important, the study showcased that at least one in three reported data breaches involve an insider. 

from Cyber Security News https://ift.tt/3yAaBpY

File security violations within organizations have spiked 134%

Well-meaning but negligent users are the biggest data loss risk: More than 70 percent of organizations say the biggest data loss risk is the well-meaning but negligent employee.

from Cyber Security News https://ift.tt/3wpIlF2

Building a culture of cybersecurity: 3 key takeaways from the 2021 SANS report

Let’s face it, cybersecurity isn’t the responsibility of a single person, team or department -- it’s a shared responsibility of the entire organization, along with its extended network of technology partners, vendors and suppliers. Since humans are the biggest cybersecurity risk, the concept of a security culture is even more relevant and significant in today’s times.

from Cyber Security News https://ift.tt/3dVMmux

Is cyber insurance costing you 30% more?

A new report shows that the cost of global cyber insurance increased by more than 30% in 2021.

from Cyber Security News https://ift.tt/2TNTBhf

Crypto mining scams targeting tens of thousands of victims using hundreds of android apps

Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps. In total, security researchers at the Lookout Threat Lab identified more than 170 apps that are estimated to have scammed more than 93,000 victims.

from Cyber Security News https://ift.tt/3hkTjHG

US Secret Service hosts cybersecurity incident response exercise with public and private sector partners

The U.S. Secret Service hosted a virtual Cyber Incident Response Simulation with business leaders, law enforcement and other private sector partners focused on ransomware and cryptocurrency attacks and mitigation strategies.

from Cyber Security News https://ift.tt/36h9W0D

Infrastructure shifts to cloud due to remote work expose enterprises to new security threats; Security teams absorb responsibility

In a new era of hybrid workspaces, many sectors are making the shift to the cloud and adopting cloud-based SaaS applications at an accelerated pace for agility and scalability - but this practice and the efficiencies that are gained come at a cost. Business leaders are realizing that they must allot more of their resources and budgets to address new security concerns surrounding these transitions to keep their environment safe and prevent breaches.

from Cyber Security News https://ift.tt/3dLnyFF

Up to 1500 businesses affected by Kaseya supply chain ransomware attack

Kaseya’s VSA product has been the victim of a sophisticated ransomware attack, affecting 60 Kaseya customers and an estimated 1,500 downstream businesses.  Attackers are allegedly demanding $70 million in return for a universal decryptor software key that would unscramble all affected machines.

from Cyber Security News https://ift.tt/2TEnW1P

DHS announces most successful cybersecurity hiring initiative in DHS history

Secretary of Homeland Security Alejandro N. Mayorkas announced the Department’s largest cybersecurity hiring initiative in its history with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers. 

from Cyber Security News https://ift.tt/3wfJQWx

Security leadership: 2021 Women in Security

In this year’s Security Leadership: 2021 Women in Security report, we take you through the professional journeys of 13 enterprise security leaders that have risen the ranks during their careers with their skills, forward-thinking mindsets, and a passion for the job they do.

from Cyber Security News https://ift.tt/3dNpVHM

Good-bye, trust-based security – WFH may usher in the age of zero trust

The massive shift to remote work and a continually expanding attack surface has made the concept of trust-based security a naïve one at best, dangerous at worst. But the upshot is that everything we’ve seen and experienced in the past year has helped seed the need for a zero-trust based approach. Let’s look at some of the major trends and factors of the past year and how these risks can be mitigated using a zero trust approach.

from Cyber Security News https://ift.tt/2V5VQNb

CASB, CWPP, CSPM, and CNAPP: Which one is right for securing your cloud environment?

As organizations shift IT spending to cloud services, it’s important to prepare for more regulations, a high rate of data loss, and a likely increase in attacks on cloud apps. To plan for these challenges, organizations need visibility and security for software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) clouds. Here are four categories to consider to secure your cloud environments.

from Cyber Security News https://ift.tt/3xePitU

Top 5 security threats for power plants and how to proactively avoid them

Back when threats were only of a physical nature, power plants created and conducted drills to prepare. While a physical attack is still a concern, we must now also consider a digital protection system. Because of the rapid rate of development in this sector, it is imperative that power plant technicians understand both the physical and digital threats they may face.

from Cyber Security News https://ift.tt/3jJKUPR

Cybercriminals are starting to target lower-hanging fruit rather than C-level executives

 Avanan announced the release of the company's 1H 2021 Global Phish Cyber Attack Report, which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top industries being targeted by hackers in the first half of the year.

from Cyber Security News https://ift.tt/3hwNkOK

New cybersecurity executive order: The devil is in the detail

The Biden cybersecurity executive order maps out how the U.S. government will implement cybersecurity requirements and standards – but it is just the beginning. The federal government won’t be the last entity demanding more security transparency from software vendors and this is likely a sign of what’s to come for any organization creating software in any industry.

from Cyber Security News https://ift.tt/2UkvOFw

Federal agencies release cybersecurity advisory on Russian GRU Brute Force campaign

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations, starting from mid-2019 and likely ongoing.

from Cyber Security News https://ift.tt/3huY1kW

Is data security blocking your digital innovation? Data-centric protection can remove the obstacles

A data security platform can provide a holistic approach by providing key data-centric capabilities that keep data secure from first touch—during data acquisition—through the activities such as data curation and analysis and ultimately to archiving and data destruction. 

from Cyber Security News https://ift.tt/3ykVgK5

4 things to know to secure your new kubernetes environment

In a Security magazine webinar, Fairwinds President Kendall Miller and Solutions’ Architect, Ivan Fetch, discuss what you need to know about Kubernetes security.

from Cyber Security News https://ift.tt/3xcidP7

McAfee sees surge in mobile malware targeting COVID-19 vaccines

With most of the world still anxious about COVID-19 and demand for vaccines high, new McAfee research sheds light on how hackers are targeting these fears with bogus apps, text messages, and social media invitations.

from Cyber Security News https://ift.tt/3y9EOMz

When privacy and security converge: A CSO’s perspective on how security organizations can thrive

Privacy and security become further inextricably linked as consumers’ expectations rise. With this understanding, how should businesses organize to fulfill the privacy and security promises that today’s customers expect? Dell's Chief Security Officer, John Scimone, believes that a converged operational model is the most effective and efficient approach for the majority of organizations to achieve these outcomes. 

---

 

from Cyber Security News https://ift.tt/3dAUkJk

Defending against insider threats in a remote world

The insider threat is not a new risk for security teams. And, in the wake of COVID-19 and the newly remote workforce, there has never been a greater need for organizations to better balance their efforts to defend against both external and internal threats.

from Cyber Security News https://ift.tt/3duzriT

Improve supply chain security with intelligence from surface, deep & dark web

Threat intelligence is only one piece of the puzzle when it comes to improving supply chain security. As part of protecting the supply chain and reducing third-party risk, here's how your organization should get started.

from Cyber Security News https://ift.tt/3dvqS7O