July 18, 2018
In the 2018 Cloud Security Report, cloud misconfiguration was identified as the single biggest threat to cloud security. In this white paper, our experts outline best practices for overcoming cloud configuration risk factors impacting SaaS, infrastructure, and DevOps environments.
Stephanie Ewing, deltarisk.com, July 13, 2018
In my previous blog, I wrote about security awareness programs and provided some high-level recommendations for how you can improve their effectiveness. In this article, I’d like to share some thoughts on how to test and measure how well those programs are doing. How do you know if you are making an impact? What can you actually measure? In answering these questions, you need to first establish your goals and metrics and determine if there is a baseline. For instance, let’s start with a key component that should be covered in every security awareness program – anti-phishing.
Macy Bayern, techrepublic.com, July 17, 2018
In the midst of businesses becoming GDPR compliant, cybersecurity measures have moved from purely technical, to political, according to a Tuesday report from AlienVault. The company surveyed 900 security professionals at the Infosecurity Europe 2018 conference to gain insight into the current state of cybersecurity threats.
John Biggs, techcrunch.com, July 12, 2018
A few folks have reported a new ransomware technique that preys upon corporate inability to keep passwords safe. The notes – which are usually aimed at instilling fear – are simple: the hacker says “I know that your password is X. Give me a bitcoin and I won’t blackmail you.”
Martin Rues, infosecurity-magazine.com, July 13, 2018
Everyone in the cybersecurity space can agree that we are in the midst of an enormous skills shortage. ISACA predicts that we will be short two million cybersecurity professionals by 2019. Nearly 72% of firms say they are finding it difficult to identify and hire high caliber cybersecurity professionals, according to a survey by Booz Allen Hamilton. With no clear options and a massive talent need, security and IT leaders need to create the desired security skill set within their existing employees.
Tim Bandos, threatpost.com, July 13, 2018
In this InfoSec Insider, Tim Bandos looks at why network admins will want to keep a close watch on network traffic within the enterprise. Conventional wisdom has shown there’s a short line between a company’s highest point of risk – its employees and a compromise. Unsanctioned, or shadow applications, are apps that haven’t been cleared by a company’s information security team. These apps, on employee machines, have long been a popular attack vector for saboteurs and employees looking to leak data.
Theodore P. Augustinos and Molly McGinnis Stine, cpomagazine.com, June 16, 2018
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial services and insurance industries. The Empire State’s work has already formed the basis for the National Association of Insurance Commissioners’ model cybersecurity law, several states’ insurance laws, and similar laws for other industries in other states. With “imitation being the sincerest form of flattery,” other states and industries are expected to flatter the DFS by adopting similar requirements.
Help Net Security, helpnetsecurity.com, July 16, 2018
Based on a global survey of 727 cloud technology decision makers at businesses with more than 1,000 employees, Forrester Consulting found how shifting business priorities are driving enterprises to adopt multi-cloud strategies. According to the study, a vast majority (86 percent) of respondents describe their current cloud strategy as multi-cloud, with performance and innovation rising above cost savings as the top measures of success. In addition, 60 percent of enterprises are now moving or have already moved mission-critical applications to the public cloud.
Chase Gunter, fcw.com, July 16, 2018
With approaches to election security still up in the air, a group of former cybersecurity officials are concerned about the cybersecurity of another democratic foundation: the decennial census. In a July 16 letter to acting Director of the Census Bureau Ron Jarmin and Commerce Department Secretary Wilbur Ross, the former officials stressed the importance of the security of data collected by the bureau’s first-ever electronically based survey and pushed the bureau to publicly share plans for how it plans to protect that information.
Carolina, hackread.com, July 17, 2018
In the modern world, threats to security are no longer just physical. In fact, cybersecurity has now become one of the most important parts to keep a business and its employees safe. Without it, many businesses can find themselves in trouble when they least expect. Unfortunately, it can be a tricky area to understand, especially if your business is not one that specializes in this area. This can make it a difficult topic to get across to employees, where awareness is key to cybersecurity working. Luckily, there are a few ways you can teach your employees about cybersecurity, all of which are more accessible than the last.