ASIS International’s Certified Protection Professional (CPP) certification is highly beneficial for security professionals seeking leadership roles. It has its flaws but, anecdotally, I have seen it mentioned in job ads more often than any other designation. When I passed the requisite exam in early February and promised to offer my thoughts, the reaction from future test-takers was welcoming. So here they are. To paraphrase the Law & Order TV franchise, “this is my story. DUN DUN.”
New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
The World Economic Forum's Global Risk Report for 2021 placed cybersecurity failure among the greatest threats facing humanity within the next ten years. Clearly, in this climate, and since many jumped into the world of cyber operations without adequate preparation, cybersecurity is now a critical priority.
Identity management has become a focal point for enterprise security. With the 2020 COVID-19 pandemic and the scramble to support work-from-home employees, the real threat to business data assets, whether in the enterprise or the cloud, has become unsecured remote access.
Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.
Hybrid work is emerging as a norm, especially for companies who have a mix of workers whose job requires coming into the office, and those who are able to accomplish their work at home. This hybrid workforce is expected to become more prevalent as 75% of workers want to retain flexibility over their schedule beyond the pandemic. To get some insight into how security executives executives can implement consistent security practices for the new hybrid workforce environment, we spoke to Michael Borromeo, Vice President, Data Protection at Stericycle, the provider of Shred-it information security services.
Veritas Technologies revealed new research that highlights the dangers of mis-using instant messaging (IM) and business collaboration tools: 71% of office workers globally – including 68% in the US – admitted to sharing sensitive and business-critical company data using these tools, the survey found.
The new year is upon us, and as such, it is a time to reflect on what worked over the past 12 months, and more importantly, what didn’t work. Organizations all over the world are utilizing applications, operating systems, and IoT devices while their data, and their customer’s data, increasingly lives in the cloud. Organizations should take the beginning of the year as a housekeeping opportunity to assess their systems to set themselves up for success in the new year.
At least 30,000 organizations in the U.S. have been hacked by a Chinese cyber espionage unit, known as "Hafnium." The group is targeting and exploiting security vulnerabilities in Microsoft Exchange Server email software.
There has been no shortage of ransomware reports and data breaches affecting companies from all sectors all over the world, accelerated, in part, during 2020 as the COVID-19 pandemic caused a mass move to remote work and many organizations raced to accommodate the new normal.