The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology.” The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.
U.S. Rep. Bill Pascrell, Jr. (D-NJ) and John Katko (R-NY) lead 143 House colleagues requesting a significant increase in Nonprofit Security Grant Program (NSGP) funding for Fiscal Year 2022.
Zoom has joined the CVE Program as a CVE Numbering Authority (CNA). The CVE Program’s overall mission is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities that require third-party notification or coordination to fully remediate. Cybersecurity and IT professionals use CVE records to ensure they are discussing the same security issue, coordinate their efforts, and prioritize and address vulnerabilities. The program is an international, community-based effort and relies on the industry norms of the responsible and coordinated security community to discover vulnerabilities.
Human error contributes to almost 95% of security breaches. Most security approaches still fail at making a desired impact. Let’s analyze the two main reasons why businesses fail to develop a robust, human-centric security approach.
The Security Executive Council (SEC) has welcomed Tom Bello, Coral Gehring, Matthew Giese, Bill King, and Tom Mahlik to its faculty of esteemed security experts. SEC subject matter experts and emeritus faculty (former CSOs and CISOs) have excelled in their careers and are eager to transfer their knowledge and competencies to other security leaders.
More than 60 experts from industry, government, law enforcement, civil society and international organizations have worked together to develop a comprehensive framework, breaking down siloed approaches and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
The 81-page report, "A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force," includes 48 recommendations that together form a comprehensive framework to address ransomware. The report was delivered to the Biden administration this week. Among those, these priority recommendations are the most foundational and urgent, and many of the other recommendations were developed to facilitate or strengthen these core actions.
Experian fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.
Click Studios has advised customers to stay vigilant and ensure the validity of any email sent to them, as a bad actor has commenced a phishing attack with a "small number of customers having received emails requesting urgent action."
While the flexibility granted to remote workers is game changing, employers have new concerns about the security of a hybrid setup. COVID-19 vaccinations are now within reach for a majority of Americans, meaning enterprises need to re-examine the remote office model many were forced to adopt over the past year. Experts anticipate that a hybrid work model with an equal number of workers in office and remote to be the new model of choice.
If you’d like to learn how your enterprise can re-tool security strategies and ensure security for both remote and in-office employees, keep reading on for a conversation with cybersecurity expert Brent Johnson, CISO at Bluefin, on how leadership can address security challenges specific to a hybrid work model.
Supply Chain Risk is more pertinent now that digital transformation initiatives are the norm. In a recent Ponemon study, 82% of respondents believe their organization experienced at least one data breach due to digital transformation. At the same time, 55% said with certainty that at least one of the three breaches was caused by a third party. Reporting on SCRM and gaining visibility into the cyber risk across third parties is critical to the security of both small and large organizations, especially in the digital age we live in.
RSS
