With the inception of privacy regulatory laws and associated penalties, it has become mandatory for organizations to take necessary steps in establishing and implementing a strong privacy risk management framework. Inadequate, or the lack of, a risk management framework may present numerous organizational risks.
Education is particularly attractive to criminals because of the vast amount of valuable data it holds: student and staff information, supplier information, alumni databases, and research data - so, as security experts, what’s to be done to help schools secure their endpoint devices?
Now more than ever before, the small business sector is beginning to prioritize cybersecurity and cyber liability insurance to mitigate potential crippling financial risk, which is setting the stage for a major trend moving forward: the merging of cybersecurity technology and insurance to mitigate insurer’s risk and provide the best overall coverage for small businesses.
Ransomware – a cyberattack in which attackers hijack computer systems and demand payment to release them – has skyrocketed from a relative rarity a few years ago to the single biggest type of cybercrime today. And there is no end in sight to its growth trajectory. Last year, 2,354 American government entities, healthcare organizations and schools were the victims of ransomware attacks. The average ransomware payout swelled to $178,000 in the first half of 2020, up from $112,000 a year ago, according to ransomware incident response firm Coveware, and few clandestine culprits were caught.
CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network.
Humor is tricky business in the security world, however. Briefing staff on warning signs of workplace violence, precursors of terrorist attacks, contingency plans for natural disasters, and methods of corporate espionage doesn’t exactly lend themselves to one-liners. Dealing with most security incidents isn’t a laughing matter.
Unfortunately, diversity is still underrepresented in security. Our profession continues to struggle to attract and/or advance diverse candidates into leadership ranks in numbers that accurately represent a cross section of the working population.
Left attempting to optimize security teams while struggling to cope with multiple crises simultaneously, security leaders feel as if almost 75% of the workday is spent battling internal bureaucracy, while 25% is spent dedicated to the issues that require attention. But you’re not alone. To start, have some real conversations with your staff, and don’t forget to focus on yourself and your own well-being.
Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.