The security industry is changing, as is the profile of a successful security executive. Maintaining the status quo is no longer an option, and ignorance of risks is no longer an excuse for not mitigating them. This topic in Security features game-changing security directors or industry leaders in different sectors. So who is breaking new ground in the security industry, making great strides forward in risk management while better supporting the enterprise as a whole? If you know someone (or are someone) who fits this bill – let us know! Send your recommendations and suggestions for future Profiles in Excellence to Security Associate Editor Maria Henriquez at email@example.com.
The COVID-19 pandemic revealed the weakness of many organizations’ business continuity plans. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.
The nature of IIoT devices and infrastructure makes them high-value cyber targets. This is because they are relatively easy to compromise and are often connected to internal networks with high-value content with links to other networks. Moreover, IIoT devices rarely have direct user interaction, and this unattended nature means that many types of device compromise are likely to go unnoticed and undetected – particularly when the malware does not disrupt the device’s primary functionality. Here are a dozen reasons why intelligent IIoT devices are attractive targets for hackers.
My favorite definition of the (public) cloud is “It’s someone else’s computer.” That is really what any external cloud service is. And if your services, data and other assets are located on someone else’s equipment, you are at their mercy on whether you can access those assets and data at any time. It isn’t up to you. It’s solely determined by them, and any service level agreement you agreed to. And you can lose everything stored there permanently. You should have multiple backups of your data no matter where it is stored, especially including if it is stored using a cloud service.
Obstacles including budget concerns, time constraints, stubborn company culture, or a lack of cybersecurity best practices can seem overwhelming, especially to a smaller organization with limited resources. Fortunately, there are reasonable solutions to each of these roadblocks that can help all organizations be more secure.
The Lookout Threat Intelligence team has discovered four Android surveillanceware tools, which they named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. These four interconnected malware tools are elements of much larger mAPT (mobile advanced persistent threat) campaigns originating in China, and primarily targeting the Uyghur ethnic minority, says the team.
Identity and access management (IAM) protects the business while keeping employees securely connected, but were organizations prepared for their employees to work from anywhere? LastPass ran a study with IT decision makers, in partnership with IDG, to discover the impacts of remote work to IAM and found that IAM is critical to securing a remote workforce, but almost all organizations have had to adjust their IAM strategy to securely enable employees to work from anywhere.
ON DEMAND:A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.
ON DEMAND: From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
ON DEMAND: The current novel coronavirus (2019nCov) outbreak has been spreading across the globe infecting thousands of people in dozens of countries. This has created anxiety around the globe, affected company supply chains and caused The World Health Organization to enact the Public Health Emergency of International Concern (PHEIC) designation for only the sixth time since 2005.
This month in Security magazine, meet 13 female executives who are succeeding in security leadership roles. How are they contributing to the safety and success of their enterprise and to the industry? Also, experts discuss radio frequency threats, mental health during the global pandemic, the future of security networking, zero trust, AI and more.