The SolarWinds supply chain attack has, to date, impacted nine government agencies and as many as 100 private sector companies, according to some reports. By the time the full extent of the hack is known, it may be the most widespread security breach on record. But what does this mean for the organizations impacted and is it potentially insurable? In light of the massive cyberattack, we spoke to Seth Rachlin, Executive Vice President and Insurance Lead at Capgemini, to discuss the implications of this attack and the fast-growing cyber insurance market.
It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.
Nearly daily we see new stories of cybercriminals breaching security walls, stealing valuable data, and then holding it hostage in return for money. Companies risk exposing valued customer data as well as their own reputations, placing their credibility in disarray.
It’s all too common to see “fear appeals” used to motivate users to keep their guards up against the vast amount of cybercriminal activity that occurs online daily. The term FUD (Fear, Uncertainty, and Doubt) was originally coined in the 1970s in reference to IBM’s marketing technique of spreading scary rumors about a competitor’s new product. Ever since, it’s been a mainstay used by security practitioners to try to win budget and to scare employees into following the rules laid down by IT. As cybersecurity research Karen Renaud put it in a recent Wall Street Journal piece, “Companies often turn to a powerful emotion to get employees to be vigilant about cybersecurity. They scare them.”
The education space has become a major target for cybercriminals. In fact, CISA and the FBI recently issued a joint statement warning K-12 schools of worsening dangers in 2021 after a recent 57% spike ransomware attacks in the sector. So, how can teachers and students stay safe? Here, we speak with Kelvin Coleman, Executive Director, National Cyber Security Alliance (NCSA) about how educators and K-12 cybersecurity leaders can better protect students’ privacy during distance learning sessions.
Security teams need an ally that can help them make meaningful progress, no matter where they are in their maturity. In other words, you need vendors who support your mission—an Alfred Pennyworth to your Batman, if you will. While your organization is out serving society, you need to have someone watching your back, making sure operations run like clockwork.
Meet Kevin Bocek, who is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders, including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, NCipher, and Xcert. Most recently, Bocek led the investigation that identified Secretary Hillary Clinton’s email server did not use digital certificates and encryption for the first three months of term. Here, we talk to Bocek about a topic he is passionate about: machine identity management.
Learn how to give healthcare security staff the tools they need to perform their varied job functions to the best of their ability, while maintaining safety and security for staff and patients, and encouraging a solid, trustworthy, honest and long-term security team.
Videoconferencing has been around for a surprisingly long time. In fact, the first call involving both audio and video links has been traced all the way back to 1927 in a call that took place between officials in Washington, DC and the president of AT&T in New York. Although it was laughably primitive by current standards, electronic conferencing technology has never stopped growing in either refinement or use.
Security brings this monthly Cybersecurity and Geopolitical vodcast to our readers as a discussion on the latest news and issues affecting countries, industries, security and risk professionals, and their enterprises around the globe. This month takes a look at the exploitation of Microsoft Exchange Server vulnerabilities by Chinese threat actors, explores the SolarWinds debacle, analyzes cybercrime’s effect on the American recovery, and talks about the need for continued education against fake news.