The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data.
These are the terrible uncertainties and costs organizations like yours face as ransomware rages around the cybersphere. As you deliberate on the best strategy and tactics for defending your organization from ransomware, understand that the total cost of recovering from such an attack more than outweighs the cost of being prepared to defend against it.
Though filling the cybersecurity talent pipeline has often been thought of as a longer-term goal for the United States, there is renewed urgency to address the tremendous workforce shortage – and quickly. Recent cyberattacks on U.S. infrastructure continue to serve as warning signs that the cadence of threats has increased tremendously and requires immediate action by both industry and government partners. Solving the cybersecurity workforce and talent shortage requires taking action, starting with the youngest learners in the K-12 educational system.
The SolarWinds supply chain attack has, to date, impacted nine government agencies and as many as 100 private sector companies, according to some reports. By the time the full extent of the hack is known, it may be the most widespread security breach on record. But what does this mean for the organizations impacted and is it potentially insurable? In light of the massive cyberattack, we spoke to Seth Rachlin, Executive Vice President and Insurance Lead at Capgemini, to discuss the implications of this attack and the fast-growing cyber insurance market.
It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.
Nearly daily we see new stories of cybercriminals breaching security walls, stealing valuable data, and then holding it hostage in return for money. Companies risk exposing valued customer data as well as their own reputations, placing their credibility in disarray.
It’s all too common to see “fear appeals” used to motivate users to keep their guards up against the vast amount of cybercriminal activity that occurs online daily. The term FUD (Fear, Uncertainty, and Doubt) was originally coined in the 1970s in reference to IBM’s marketing technique of spreading scary rumors about a competitor’s new product. Ever since, it’s been a mainstay used by security practitioners to try to win budget and to scare employees into following the rules laid down by IT. As cybersecurity research Karen Renaud put it in a recent Wall Street Journal piece, “Companies often turn to a powerful emotion to get employees to be vigilant about cybersecurity. They scare them.”
The education space has become a major target for cybercriminals. In fact, CISA and the FBI recently issued a joint statement warning K-12 schools of worsening dangers in 2021 after a recent 57% spike ransomware attacks in the sector. So, how can teachers and students stay safe? Here, we speak with Kelvin Coleman, Executive Director, National Cyber Security Alliance (NCSA) about how educators and K-12 cybersecurity leaders can better protect students’ privacy during distance learning sessions.
Security teams need an ally that can help them make meaningful progress, no matter where they are in their maturity. In other words, you need vendors who support your mission—an Alfred Pennyworth to your Batman, if you will. While your organization is out serving society, you need to have someone watching your back, making sure operations run like clockwork.
Meet Kevin Bocek, who is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders, including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, NCipher, and Xcert. Most recently, Bocek led the investigation that identified Secretary Hillary Clinton’s email server did not use digital certificates and encryption for the first three months of term. Here, we talk to Bocek about a topic he is passionate about: machine identity management.