Security brings this monthly Cybersecurity and Geopolitical vodcast to our readers as a discussion on the latest news and issues affecting countries, industries, security and risk professionals, and their enterprises around the globe. This month takes a look at the exploitation of Microsoft Exchange Server vulnerabilities by Chinese threat actors, explores the SolarWinds debacle, analyzes cybercrime’s effect on the American recovery, and talks about the need for continued education against fake news.
It comes as no surprise that the number of deaths attributed to gun violence in 2020 far surpassed years prior and the trend is now continuing into 2021. Gun violence has been weighing heavily on law enforcement officials, especially after the recent riots and presidential inauguration threats. Organizations, institutions, government agencies, and public venues have the responsibility to take a more proactive approach in protecting their people. Now is the time for serious conversations around upgrading and modernizing security technologies.
Video conferencing platforms have become an essential communication tool over the past year. In addition to increasing team collaboration, video conferencing can help prevent miscommunication among teams, increase engagement, and allow for face-to-face communication to help build relationships among teams, particularly for remote teams. Though the benefits are many, there are growing concerns about the security shortcomings of video conferencing, according to George Waller, EVP and Co-Founder of StrikeForce Technologies. To get more insight on this topic, we spoke to Waller about key challenges with securing video conferencing platforms, as well as why these services are so susceptible to hacking.
You can’t effectively create a risk program if you don’t have a full picture of just how large the risks are for your organization. “You can’t secure what you can’t see” so to speak. Risks don’t necessarily arise from lack of technology – oftentimes they are hidden in faulty business practices. We are well beyond the days of IT and security being segmented off in their own little world away from the business.
Although small businesses may not have the financial resources of larger enterprises, they do possess a trove of business and customer information that can net attackers a tidy profit either via ransomware or sale on the dark web. Understanding today’s threats—and how to defend against them—has grown increasingly critical for small businesses. Here are a few of the most common attack vectors that they should be prepared to face.
Disaster recovery as a service can potentially save organizations money and resources while ensuring they’re prepared for an incident that could potentially put them out of business. But what is DraaS, how can it be implemented at your organization and what are the benefits?
The recent attack on SolarWind's Orion product demonstrated how vital it is for Chief Information Security Officers (CISOs) and their teams manage supply chain risks and understand all the products in their environment and how they are being used. Here we talk to Michael Lines, CISO and Head of Security Product Management at Cleanshelf, about why the IT and information security community should be concerned after the SolarWinds hack.
Ransomware can be delivered via several mechanisms, the most popular of which is often phishing. However, a new category called “Human-Operated“ Ransomware is now being used to execute multi-level attacks against company networks. Here’s how it works:
While the jury’s out on whether these applications will be an effective tool for contact tracers, or if the majority of citizens will fully embrace these applications, it’s clear that contact tracing will likely become a part of our daily lives. To keep these technologies on the right track, developers, policymakers and stakeholders must ask questions to measure effectiveness, while addressing key issues to prevent abuse and secure consumer data.
ASIS International’s Certified Protection Professional (CPP) certification is highly beneficial for security professionals seeking leadership roles. It has its flaws but, anecdotally, I have seen it mentioned in job ads more often than any other designation. When I passed the requisite exam in early February and promised to offer my thoughts, the reaction from future test-takers was welcoming. So here they are. To paraphrase the Law & Order TV franchise, “this is my story. DUN DUN.”