Meet Ian Thornton-Trump. He is the Chief Information Security Officer at Cyjax, and an ITIL certified IT professional with 25 years of experience in IT security and information technology. As CISO Cyjax, Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cybersecurity consultant specializing in cyber threat intelligence programs for small, medium and enterprise organizations. In his spare time, he teaches cybersecurity and IT business courses for CompTIA as part of their global faculty and is the lead architect for Cyber Titan, Canada's efforts to encourage the next generation of cyber professionals.
Content-centric solutions that evaluate each message based on how likely it is to be bad create a gap through which identity-based email attacks can slip. A zero-trust email security model is vital to closing that gap. Zero-trust may also be characterized as zero-assumption.
For organizations experiencing data breaches, the consequences are considerable, especially for security operations. IBM reports that over 25,000 data records are stolen with the average data breach, and costing the targeted company as much as $8.64M per breach in the United States. And it takes on average a staggering 280 days between identifying and containing a data breach (known as the breach cycle). So why is it so hard to fight this digital war, and why is the breach cycle so long?
Stories about cyberattacks and security breaches are popping up more and more frequently in the news and it seems as though no company is immune to the sophisticated strategies hackers use to obtain high value confidential data. These data hacks result in bad PR, lost customer trust, possible fines, and potentially ruined reputations. Needless to say, it should have you questioning whether or not your data is properly protected, and the answer is — it’s probably not.
Among the top threats to businesses are theft of property, theft of data and workplace violence. When it comes to preventing these commonplace scenarios, a fence can be the first step to designing an effective access control program. By starting at the perimeter, entities can create a physical barrier that deters infiltration and denies entry. So, what kind of fencing offers an uncompromising solution? An astute option is a fence classified as high-security. Several factors determine whether a fence is considered high-security, including the material it’s made from, how it’s constructed and the features that the construction enables.
The bottom line: The pandemic and other issues have put security weaknesses and new requirements into sharp relief. Travel limitations and other obstacles are hampering efforts to address these. To adapt and reopen, security managers have heightened expectations of their integrators to be more informed, transparent, and digitally advanced.
Few cybersecurity components are as familiar as the next-generation firewall (NGFW) for enterprise protection. Despite this ubiquity, it is common for security teams to operate their NGFW in a suboptimal manner. The TAG Cyber team has observed, for example, that many enterprise teams operate their NGFW more like a traditional firewall. This can result in a reduction of traffic visibility, which in turn degrades prevention, detection, and response.
There is an opportunity here for IT teams to stabilize their work-from-home situations while also preparing for the future back in the office, or for many, supporting a hybrid model. Long term solutions are needed for organizational success. There are many steps that can be taken to ensure infrastructure is properly cared for and ready to be used when teams are able to return to the office.
Open-source intelligence (OSINT) is having a moment. Just a few years ago, presentations on OSINT began with a quote from one of a few different senior intelligence community officials who reportedly said that somewhere between 80-90% of valuable information comes from public sources. Many presentations today start similarly, but OSINT no longer needs the validation of government greats. Films like Searching and Don’t f**ck with Cats have introduced the discipline to a wider audience, organizations such as Trace Labs host popular OSINT competitions for the common good, and the investigators associated with the website Bellingcat are now media fixtures.
This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.