The cybersecurity industry has embraced MITRE ATT&CK for good reason: it provides security leaders and practitioners an objective, third-party standard with which to evaluate their own detection coverage and EDR solutions. But even while they recognize the value, many organizations are unsure about what specific steps they should take to fully benefit from MITRE ATT&CK.
As Joe Biden takes office, Justin Crump – CEO of the global risk and intelligence consultancy Sibylline, takes stock of the challenges the new administration will face
As Joe Biden takes office, Justin Crump – CEO of the global risk and intelligence consultancy Sibylline, takes stock of the challenges the new administration will face and a reminder that we all need to think widely and openly about possibilities in a volatile, uncertain, complex, and ambiguous world.
In the past year, COVID-19 has had a larger impact on work habits and security environments than any other health emergency in memory. That combined with technological advances such as 5G has led to several trends we expect to see in this New Year. Here then are our top ten:
As the headlines showed, ransomware continued to be the weapon of choice in 2020, and extortionware is on the rise. While ransomware has become a tried and true method at this point, extortionware tactics are raising the stakes by threatening to expose sensitive information if the ransom is not paid.
Companies hold more data on us today than ever before, and many of us are left in the dark on just where our personal, often sensitive, information lives. The daily headlines on data breaches and the mainstream attention in the form of documentaries like Netflix’s “The Great Hack” and “The Social Dilemma” have made clear to the public: it’s time we all do a data detox.
Cybercriminals can take advantage of human weaknesses in one place and use them in other places where they can get financial or other gains. Email addresses, real names, real addresses, phone numbers, date of birth, etc., all are valuable information for cybercriminals. They can build their database with this personal information and use them in future attacks. This is why practicing good cybersecurity habits as users and as administrators is critical for all of us for all systems we use.
A new whitepaper report from Dataminr and Forrester Consulting has found that 40% of global risk and compliance decision-makers are improvising risk management. Titled Risk In A Real-Time World, the study surveyed 410 global risk and compliance decision-makers across the U.S., U.K., Australia and New Zealand to evaluate current risk management priorities and practices, and how real-time information is used in risk management and crisis response.
Virginia becomes the first state in the U.S. to permanently enact COVID-19 workplace safety and health standards. In addition to requiring all public-facing employees to wear masks, the standards ensure ready access to hand sanitizer and the regular cleaning of common work spaces. Employers must train employees on COVID-19 safety and to develop infectious disease and preparedness response plans. The new permanent regulations include guidelines for returning to work and communicating about employees who test positive and potential exposures.
In spite of the fact that mobile apps live on IoT-enabled devices, collect user data, and continuously loop communication between Internet, cloud services and companies (even when not “in use”), there is a limited view that they are different entities altogether. We see this particularly when it comes to security – or lack-there-of – regarding security standards in place to continuously protect users from detrimental application hacks.