China has had a tough 2020. Intellectual property rights infringement, stealing university and U.S. government-funded research, spys routed out in public, Hong-Kong takeover, Human-right abuses, Coronavirus cover-ups, supply-chain bog downs, and the list goes on. The conclusion is that China has lost its luster with businesses in the United States and abroad. These issues are not new; instead, they have reached a boiling point where the international business community is getting leary of putting too many eggs in China’s basket. The U.S. government has certainly done its share to bring many of these things to light. And while this is happening, and companies look elsewhere to move, the possibilities of increasing North America manufacturing has become more attractive than ever.
Rather than be caught off-guard and left to play catch-up, security and IT professionals should begin planning now for the many new and updated regulations, standards and proposed pieces of legislation that will be sweeping over the financial services industry and other sectors in the near future.
Deepfakes –mostly falsified videos and images combining the terms “deep learning” and “fake” – weren’t limited in 2019 to the Nixon presentation and were not uncommon before that. But today they are more numerous and realistic-looking and, most important, increasingly dangerous. And there is no better example of that than the warning this month (March 2021) by the FBI that nation-states are virtually certain to use deepfakes to help propagate increasingly misleading campaigns in the U.S. in coming weeks.
The recent SolarWinds breach has brought vendor risk management into the spotlight. With 59% of data breaches being traced to third-party vendors and the average enterprise having 67 vendors with privileged access, managing third party risk is no longer optional, says Tony Howlett, Chief Information Security Officer (CISO) of SecureLink. Here, we speak to Howlett about why security and risk professionals need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability.
When it comes to most digital initiatives, user experience is a primary focal point. Not only is user experience a critical element in the design process, it also remains pertinent as product evolution keeps pace with business scale. As online interactions have exponentially grown during the pandemic, it has become startlingly clear that seamless and secure user experiences (UX) are necessary for success.
One of many consequences of the COVID-19 pandemic is an increase in cybersecurity risks and in the complexity of implementing effective security to protect organizational information and computing infrastructure. As with pre-COVID security threats, well-proven cybersecurity strategies based on user and device authentication remain effective, and they now are more important than ever.
Has the pandemic and remote working created an environment of heightened risk of insider data breaches? Here, Darren Cooper, Chief Technology Officer (CTO) for Egress, speaks to Security magazine about what organizations can do to prevent data loss.
Another challenge is the new home office, where spouses may be working remotely, often alongside their children attending school online. Home networks lack typical protections and bifurcations of the corporate office and may be prone to attacks using lateral movement techniques. In these scenarios, after gaining initial access through an insufficiently protected device, such as a family computer, attackers move deeper into a network, searching for other devices to compromise or obtain increased privileges. This continued probing could eventually lead to the exfiltration of sensitive corporate data or high-value intellectual property.
As economic uncertainty continues alongside the ongoing pandemic, IT and Security budgets are likely to see modest - if any – growth this year. Therefore, it will fall to CIOs to focus on maximizing existing investments, getting back to the basics, and doing more with the same (or less).
There are some core principles I believe are important to keep top of mind when it comes to minimizing risk and maximizing budgets.