As cybercriminals continue to revel in the surge of employees using weak or vulnerable methods to remotely access workplace systems, organizations are increasingly looking to boost overall security by eliminating passwords, and instead opting for passwordless authentication. Here, we talk to Shimrit Tzur-David, CTO of Secret Double Octopus, about recent developments in this technology.
There are numerous solutions organizations can implement to mitigate risks associated with employee use of corporate connected devices in the execution of personal business. In this article, we will delve a bit deeper to explain the pros and cons of implementing a few of the more common solutions. It is important to note, that regardless of the solution, an effective awareness and training program for employees is the number one most effective safeguard for your organization.
If the experiences of 2020 taught us anything, it’s that risk in the modern world cannot be understood or sufficiently mitigated with a siloed approach. Individual threats, such as regulatory risk and IT security, converge. Lacking a high-level view, it’s difficult to see the web of cause and effect – making it more difficult to anticipate, prepare, or mitigate the biggest risks. 2020 may be over, but the challenges remain in 2021. Compliance and risk management will need a shared umbrella of information and communication to tackle the complex, integrated risks of today’s landscape.
Listen to Ian Thornton-Trump, CISO of Cyjax, and his talking partner Tristan de Souza as they ruminate on some of the biggest issues in cybersecurity and geopolitics each and every month in this highly informative and entertaining video podcast. This month's episode looks at whether U.S. President Joe Biden has committed sufficient resources to cybersecurity; discusses ‘the Putin problem’; ponders about phishing in a pandemic; and talks about the GameStop blow-up.
A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.
Approximately a year after the COVID-19 pandemic pushed organizations around the world to remote and hybrid work, this new way of working will be a mainstay for professional life in some form. Learn how security leaders are navigating their jobs remotely as they pivot to protect facilities, assets, employees and data.
With the shift to remote work increased due to the COVID-19 pandemic, security teams working remotely poses its own set of challenges. Learn how security leaders are navigating remote work challenges in their workplaces.
We talk to Alan Duric, co-founder and CTO/COO of Wire, a secure collaboration platform, about the various threats facing enterprises today, as well as how organizations can protect their employees and assets, and why organizations (and vendors) need to make a fundamental change to how they operate by implementing better security, technology, and approaches to build a security-first infrastructure.
The 10th Allianz Risk Barometer 2021 survey reports potential disruption and loss scenarios companies are facing; this year's top three business risks all relate to the coronavirus pandemic: business interruption (#1 with 41% responses); pandemic outbreak (#2 with 40%) and cyber incidents (#3 with 40%).
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.