Management

RSS

FEMA and the U.S. Department of Labor (DOL) signed a Memorandum of Understanding (MOU) creating the Job Corps Emergency Management Advance Training Program (EMATP) recently.  This program consists of approximately 12 weeks of advanced emergency management training for Job Corps students to become mission-ready emergency management specialists. The MOU establishes a framework for emergency management capacity building between the two agencies.

The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.

As companies think about how to navigate this new landscape of privacy laws and cybersecurity threats, here are a few major trends and predictions to consider:

CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.

Risk management firm Crisis24, a GardaWorld company, released its annual Global Forecast report and Risk Maps that provide expert insight and analysis of various threats for 2021 for businesses and organizations seeking to protect their people and operations, no matter their location or circumstances.

In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory “Detecting Abuse of Authentication Mechanisms.” The advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud.

The talent war is real, the strength in numbers favors our opponent, we now have the original digital transformations we were planning pre-COVID, and now we have additional transformations that we have to take on to enable a distributed workforce that was previously never a consideration. There simply are not enough properly equipped resources to meet global demand, and even then, an organization is only as strong as its weakest analyst.  The adversary knows that and, leverages the vulnerabilities in human behavior to advance their position in the “infinite game” of cyber warfare.

If you were in an IT-related field 10 years ago, the term “Shadow IT” might strike fear into your heart. In case you missed it – or blocked out the bad memory – that’s when business SaaS emerged, enabling lines-of-business (LOB) teams to buy their own turnkey software solutions for the first time. Why was it called “Shadow” IT? Because IT security teams typically weren’t involved in the analysis or deployment of these Saas applications. IT security often didn’t find out about the apps until something went wrong and they were called in to help – and by that point, data, apps and accounts had sprawled across the cloud.

Despite their preference for remote work, Millennials and Gen Zers experience more technological issues, struggle more with password management, and are far more reckless in their online activity than older demographics. Not only do these younger employees create more work for IT teams and service desk personnel, but they also pose as significant cybersecurity liabilities for corporations.