Existing and new challenges, from supply chain hacks to 5G rollouts, will continue to test the expanded role of security teams. CISOs faced a number of challenges in 2020, not the least of which was COVID-19 and the mass migration from onsite to remote work. Maybe for the first time, corporate leadership saw just how vital the security team is to ensuring the company runs, and runs smoothly, thus making 2020 the year when the...

It’s finally 2021 and towards the end of 2020 the world experienced one of the largest cyber breaches in history.  A commonly used security software company by the name of Solarwinds was breached. This caused thousands of businesses globally to be affected with potential malware, mimicking our own global cyber pandemic. Trust in security tools is important, but an overreliance on one solution leaves us more vulnerable than ever before. One tool is not going...

From ransomware schemes to supply chain attacks, this year melded classic hacks with extraordinary circumstances WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you’ve come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse,...

Written by Stu Sjouerman Scamming incidents have increased by 519% in 2020 compared to last year, according to researchers at Baltimore-based ZeroFOX. The researchers compared their own data to a recent report from the Federal Trade Commission, which found that scams on social media have skyrocketed since the start of the pandemic earlier this year. ZeroFOX says their data aligns with the findings in the FTC’s report, and they’ve observed a significant year-over-year increase in...

Written by David Puzas The adoption of the cloud has fundamentally changed the game when it comes to how businesses go to market and develop modern applications. Today’s application lifecycle places a premium on speed to market, requiring cloud teams to build cloud-native applications supported by a programmable infrastructure that enables businesses to change and reconfigure cloud infrastructure on the fly. According to industry analysts, most successful attacks on cloud services are the result of customer...

Insider Risk is defined as  “The risk an insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems”. A lot of organizations struggle with insider risk because the very nature of the risk comes from those who you trust with your systems and authorizations. From disgruntled employ to espionage, a gamete of actors, factors, and situations can lead to insider risk. An often-overlooked example of...

Cybersecurity compliance isn’t something you can accomplish easily. There are an overwhelming number of acronyms, controls, and laws that leave many scratching their head. Compliance requirements vary and can be imposed by law, non-government regulatory bodies, and even private industry groups. Cybersecurity Compliance involves meeting various “conditionals” or controls to protect the confidentiality, integrity, and access of data. Compliance requirements vary by business type, sector, or industry. They typically involve using an array of specific...

Abstract – This article discusses the importance of understanding and level of effort required for mitigating risks that third-party cloud services (software-as-a-service, infrastructure-as-a-service, and platform-as-a-service) represent to an organization. Depending on the service, it may not be possible to conduct a thorough, direct assessment of the services, which is necessary to ensure securing the organization’s data. To overcome this lack of ability, organizations can default to developing a technology survey that asks questions that are...

An incident response plan is a“set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.” Generally, an Incident Response plan is created before any incidents occur. Although, most companies have taken a reactionary approach to Incident Response, looking into making one only after a breach has occurred. Knowing what to do, how...

According to Gartner, Software Defined – Wide Area Network (SD-WAN) does the following:  “SD-WAN solutions provide a replacement for traditional WAN routers and are agnostic to WAN transport technologies. SD-WAN provides dynamic, policy-based, application path selection across multiple WAN connections and supports service chaining for additional services such as WAN optimization and firewalls.” Software Defined – Wide Area Netowork addresses the challenging task of ensuring appropriate, quick access to company networks across increasingly diverse technology environments...