Articles Tagged with ''risk management''

The talent war is real, the strength in numbers favors our opponent, we now have the original digital transformations we were planning pre-COVID, and now we have additional transformations that we have to take on to enable a distributed workforce that was previously never a consideration. There simply are not enough properly equipped resources to meet global demand, and even then, an organization is only as strong as its weakest analyst.  The adversary knows that and, leverages the vulnerabilities in human behavior to advance their position in the “infinite game” of cyber warfare.

If you were in an IT-related field 10 years ago, the term “Shadow IT” might strike fear into your heart. In case you missed it – or blocked out the bad memory – that’s when business SaaS emerged, enabling lines-of-business (LOB) teams to buy their own turnkey software solutions for the first time. Why was it called “Shadow” IT? Because IT security teams typically weren’t involved in the analysis or deployment of these Saas applications. IT security often didn’t find out about the apps until something went wrong and they were called in to help – and by that point, data, apps and accounts had sprawled across the cloud.

Nearly two-thirds of workers who have been working remotely during the pandemic would like to continue to do so. While working from home, the boundaries between work and life can decrease or disappear altogether, as employees are using their corporate devices for personal use more than ever before. As we enter the holiday season, IT teams can expect this work/life blend to translate into increased online shopping on corporate devices, which in turn exposes the network to additional cybersecurity threats.

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an annual report on its progress to advance meaningful partnerships and analysis around supply chain security and resilience.

The World Economic Forum today launched a new report that outlines how organizational leaders can influence their companies and encourage the responsible use of technology and build ethical capacity. “Ethics by Design” – An Organizational Approach to Responsible Use of Technology integrates psychology and behavioral economics findings from interviews and surveys with international business leaders. It aims to shape decisions to prompt better and more ethical behaviors. The report promotes an approach that focuses less on individual “bad apples” and more on the “barrel”, the environments that can lead people to engage in behaviors contrary to their moral compass. The report outlines steps and makes recommendations that have proven more effective than conventional incentives such as compliance training, financial compensation or penalties.

The future of business has changed drastically due to the rapid advancement of the remote work era from the pandemic. Here are three key CIAM market trends that security professionals should be aware of as they finalize their 2021 plans.

Positive Technologies has published its “5G standalone core security assessment”. The report discusses vulnerabilities and threats for subscribers and mobile network operators, which stem from the use of new standalone 5G network cores. The vulnerabilities in protocols HTTP/2 and PFCP, used by standalone 5G networks, include the theft of subscriber profile data, impersonation attacks and faking subscriber authentication.

The coronavirus pandemic has sparked a new round of digital transformation. But in many cases, the rapid pace of digital acceleration has enlarged the digital footprint of both businesses and consumers beyond the capacity of our cybersecurity infrastructure to keep up. The scary reality is that the business impact of COVID-19 may be creating the perfect storm for a cybercrime pandemic; digital citizens will have to act aggressively to secure their data before it’s too late.

Mobile devices are part and parcel of today’s increasingly distributed workforce. Laptops, smartphones, and tablets are provisioned by enterprises to increase employee productivity, while providing flexibility to work remotely. But when the pandemic struck, security teams across industries were challenged by the unprecedented speed and scale of the shift. This disruption created great strain for IT security teams. Pair that with the increase in employee BYOD devices, already-overworked IT teams raced to ensure only authorized devices could connect to corporate assets. 

One Identity released global survey results that revealed that 37% of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team. Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.