It is becoming clear that enterprise security depends not only on implemented solutions, but also on how well-tuned internal processes are in terms of communication between departments, hiring, training of personnel and budgeting.
If you’re in business today, no matter what your “core” product or service is, you are almost certainly a software company. It is nearly impossible to run a business without it. That means you should know about the Building Security In Maturity Model—better, and more conveniently, known as the BSIMM.
While organizations of all sizes have benefited from the efficiencies and conveniences of taking their business digital, it’s not without risks. Cybersecurity in today’s hyperconnected world is a necessity for large, medium and small businesses alike. Smaller businesses may be more prone to cyberattacks as they typically have fewer resources dedicated to cybersecurity.
In a prior article, we analyzed Articles 1 through 4 of the California Attorney General’s proposed California Consumer Privacy Act (“CCPA”) regulations. This article discusses Article 5 (Special Rules Regarding Minors) and Article 6 (Non-Discrimination). The CCPA went into effect on January 1, 2020, which means that businesses should, at a minimum, be updating their online privacy policies and accepting and responding to consumer requests.
Late last year, it was announced that the major aluminum manufacturing firm, Norsk Hydro AS, received a $3.6 million cyberinsurance payout – the first around highly publicized, extensive cyber breach of March 2019. The large ransomware attack struck the company’s U.S. facilities – before spreading throughout the company, resulting in millions of dollars lost – destabilizing Norsk Hydro’s operations until the summer months. The payout covered merely six percent of the multi-million-dollar costs created by the incident and its aftermath.
Apparently, we are getting in our own way when it comes to advancing cybersecurity. According to a leading 2018 study by the Ponemon Institute LLC (sponsored by IBM), the three primary causes of data breaches were malicious or criminal attack, system glitch and human error. While the study reports that the length of time to identify and contain, and the cost, were lower for data breaches caused by human error as opposed to the other categories, it is an issue that nearly 27 percent of data breaches are caused by human error.
Artificial Intelligence (AI) rests on the verge of transforming both business and society. Financial firm UBS forecasts that next year, the AI market will be worth $12.5 billion due to huge improvements and broader adoption of the technology. And BCG Henderson Institute found that though most leaders have not yet seen significant impact from their AI initiatives, they firmly expect to within the next five years.
Lots of security vendors talk about integrating innovative techniques using Artificial Intelligence. In cybersecurity, this often boils down to supervised or unsupervised anomaly detection of measures attributes. However, in many cases there is a big gap between the identification of anomalies and transforming them into actionable data.
There are lots of buzzwords floating around cybersecurity: machine learning, artificial intelligence, supervised and unsupervised learning … In many cases these advanced technologies are based on anomaly detection.