Today's challenging reality presents an opportunity for CISO’s to reevaluate the economics and efficiencies of their current infosec program. To do so, CISO’s must narrow their focus on maximizing their return on investments and shift to a risk-based prioritization strategy. No matter the situation, CISO’s are always expected to meet goals and drive results. Even though security professionals cannot reduce risk to zero, they can reduce risk significantly by first eliminating the most impactful risks facing their organization. Below, I discuss the four critical steps of leading an economical and efficient information security program while following a risk-based approach.
Before COVID, cybersecurity was a concern for businesses everywhere. In fact, in Microsoft’s 2019 Global Risk Perception Survey, 57 percent of companies ranked cybersecurity as a higher risk than economic uncertainty and brand reputation or damage. Looking ahead, what does all of this mean for the role of the Chief Information Security Officer (CISO)? Not only is it more important than ever before, but the role has shifted since the start of COVID.
COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer.
As the head of information security for a technology company with more than a thousand (now mostly-remote) employees, the COVID-19 pandemic has been — among other adjectives — an educational experience. And while it hasn’t been completely smooth sailing, I believe one of the reasons we were able to transition so quickly to remote work with relatively few hiccups is that we established practices to withstand precisely this type of scenario long before the virus swept through our community.
Counterfeiters do not take time off. At its core, counterfeiting preys upon our vulnerabilities and takes advantage of the average customer at any cost. This is particularly true right now during the coronavirus pandemic, the most inconvenient and vulnerable moment in generations. In the midst of mass shortages and colossal demands for certain products, especially in the health field, the counterfeit community has seen a golden opportunity. Over the past few months, tens of millions of new counterfeit products have been seized or identified on the web. These include fraudulent face masks, ventilators, disinfectants and testing kits.
As consumers increasingly turn to online shopping for essential and non-essential goods while at home, fraudsters have adapted their technique to use more sophisticated tactics against consumers, banks and merchants.
With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.
The U.S. Department of Health and Human Services (HHS) and the Department of Defense (DoD) announced an agreement with U.S.-based Pfizer Inc. for large-scale production and nationwide delivery of 100 million doses of a COVID-19 vaccine in the US following the vaccine’s successful manufacture and approval.
The United States Department of Justice charged two Chinese hackers with global computer intrusion campaign to target intellectual property and confidential business information, including COVID-19 research.