With the Colonial Pipeline ransomware attacks that caused widespread East Coast fuel shortages still fresh in our minds, new WhiteHat Security research has found that application specific attacks are equally, if not more, likely than ransomware attacks.
ThycoticCentrify announced new research that reveals more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months. In 85% of the privileged credential theft instances, cybercriminals were able to access critical systems and/or data. In addition, two-thirds (66%) of insider threats led to abuse of administrative privileges to illegitimately access critical systems and/or data.
As a former Marine with expertise in counterintelligence, Human Intelligence (HUMINT) and Technical Surveillance Counter-Measures (TSCM), Jason Passwaters leveraged his international war fighting experience and built uniquely qualified teams at iSIGHT Partners, and then in co-founding Intel 471. His military service taught him to emphasize three areas that can make threat intelligence more targeted and actionable for organizations.
As the light at the end of the tunnel becomes brighter, rethinking the hiring and onboarding process for security talent can be the difference between recovering out-of-work employees, getting them up to speed, and enduring unnecessary difficulties.
The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cybersecurity incidents to federal authorities. The directive comes two weeks after Colonial Pipeline, which operates the biggest gasoline conduit to the East Coast, was forced to shut down its 5,500-mile pipeline after a devastating ransomware attack.
In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that in early March 2021, the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."
What the COVID-19 crisis is ultimately doing to the cybersecurity industry is shining a spotlight on the cybersecurity talent shortage. What is one of the only benefits of the critical issue, it's that it has allowed many in Northern Virginia to elevate and extend a slew of innovative measures that companies and region are implementing to combat the problem. As they set out to solve the industry talent shortage, Northern Virginia found the following strategies to be impactful steps in tandem toward a solution.
While authentication and authorization might sound similar, they are two distinct security processes in the identity and access management (IAM) space. Authentication is the security practice of confirming that someone is who they claim to be, while authorization is the process of establishing the rights and privileges of a user. Here, we talk to Tehila Shneider about authorization, authentication, and why authorizations remains a problem that is mostly unsolved.
The focus of cybersecurity protection shouldn’t always be about trying to anticipate the latest means or technology that could impact a business, but instead, focusing on the same tactics and how these can specifically adapt.
RSS
