Security & Business Resilience

RSS

Some opportunistic cybercriminals have taken advantage of the pandemic environment to breach both consumer and organizations’ data. These cybercriminals are using COVID-19-themed emails as an opportunity to unleash ransomware attacks on organizations and consumers. Here, we focus on Remote Workforce and Remote Learning as areas that cybercriminals will continue targeting in 2021 and beyond, and explore mitigation strategies that may help reduce cybersecurity risks related to these areas.

According to the U.S. Department of Justice’s Office of Victims of Crime, workplace homicides declined between 1995 and 2015. Yet workplace homicides are not the most common form of workplace violence — simple assault is. Simple assault is defined by the National Crime Victimization Survey (NCVS) as an attack without a weapon that results in no injuries or minor injuries (e.g., cuts, scratches, black eyes), or any injury requiring fewer than two days in the hospital.

Galvanize announced new findings from a national survey of governance, risk, and compliance (GRC) professionals that position the 2020s as the decade when the GRC industry embraces advanced technology. The data uncovered a strong post-pandemic push toward the adoption of cloud-based technology and revealed the critical value GRC professionals bring to the C-suite, as well as the top concerns from, and the evolving role of, GRC professionals. 

Help us recognize the unsung heroes of the security industry by nominating a security leader to be named one of Security magazine's 2021 Most Influential People in Security!  We are looking to highlight enterprise security executives, who through their own organizations and externally, have made significant and influential contributions to the enterprise security profession, continue to push security forward both inside their own organizations and in the industry as a whole.

Anyone with access to your organization — employee, contractor, former employee, etc. — poses a potential risk to the enterprise. So, what is insider threat; who should own an insider risk mitigation program within the enterprise; and most importantly, how can security leaders assess and mitigate the risk?

Security professionals seeking to advance their careers often ask me whether certifications are worth it, and, if so, which ones they should pursue. The answer, of course, depends on the person and his or her goals. Plenty of people excel without a credential.

Job titles in the security profession are not always a good indicator of where you are in your career. We have conducted a wide variety of recruitment projects around the world for our clients. One consistency is that there is no consistency. At least insofar as security job titles are concerned.