Trends that emerged in 2020, along with some new predictions, will have a huge impact on 2021 as these technologies continue to evolve and deploy even more quickly. Adoption of emerging tech will be even faster next year and securing data in these environments must finally move to the top of the priority list because more depends on security than ever before.
The ongoing cyber skills gap affects organizations worldwide and ultimately affects the entire digital economy. And cybersecurity changes and evolves at break-neck speed, which makes it harder to keep up with training and learning. On top of this, as remote work increasingly becomes the norm, and infrastructures become more distributed, the need for IT pros with up-to-date security skills and knowledge will continue to grow.
A new automated data feed that helps defend state and local government computer systems from cyberattacks and rapidly blocks threats across state lines reduced cyber defense time from some three days to less than three minutes in a successful pilot program across four states.
While the transformation of software development has progressed, the management of information security and risk organization in such environment is not defined and adapted to support such an environment. Based on SAFe Agile Principles by Scaled Agile, this article will suggest 4 culture shift in IT Security organization may consider in order to adapt to the recent trend of Agile Software development.
The Cybersecurity and Infrastructure Security Agency (CISA) released a draft of the Trusted Internet Connections (TIC) 3.0 Remote User Use Case and the draft National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture (NCIRA): Volume 2.
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory “Detecting Abuse of Authentication Mechanisms.” The advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud.
The talent war is real, the strength in numbers favors our opponent, we now have the original digital transformations we were planning pre-COVID, and now we have additional transformations that we have to take on to enable a distributed workforce that was previously never a consideration. There simply are not enough properly equipped resources to meet global demand, and even then, an organization is only as strong as its weakest analyst. The adversary knows that and, leverages the vulnerabilities in human behavior to advance their position in the “infinite game” of cyber warfare.
If you were in an IT-related field 10 years ago, the term “Shadow IT” might strike fear into your heart. In case you missed it – or blocked out the bad memory – that’s when business SaaS emerged, enabling lines-of-business (LOB) teams to buy their own turnkey software solutions for the first time. Why was it called “Shadow” IT? Because IT security teams typically weren’t involved in the analysis or deployment of these Saas applications. IT security often didn’t find out about the apps until something went wrong and they were called in to help – and by that point, data, apps and accounts had sprawled across the cloud.
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
It’s a typical day in the Global Security Operations Center (GSOC). The anticipated chatter on the phones, radio communication, and sounds of the software giving audible alerts are all what you’ve come to expect in this busy hub of the security program.
