Machines are better at speed and scale than humans. But humans have the edge over machines at thinking outside of the box, using their curiosity and creativity to come up with solutions, and reasoning that machines cannot define or replicate. When it comes to security operations, humans and automation are the duo that’s stronger and more effective in partnership than when they’re apart. Using extended detection and response (XDR) can bring these skills to the forefront of the Security Operations Center (SOC), leaving the repeatable, boring tasks to the machines and allowing for these human traits to shine.
No matter how much you spend on your security infrastructure, it won’t do a bit of good if the people you employ aren’t using it correctly. For example, you could install the best antivirus in the world, but if an employee falls for a spear-phishing scam and inadvertently gives their password to a hacker, it’s all for nothing. That’s why it’s more critical than ever to have a culture of security.
Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).
In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.
In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.
On November 19 and 20, more than 200 industry and government officials exercised the energy sector’s response and recovery to a Wasatch earthquake during CESER’s Clear Path VIII. This year’s scenario impacted critical energy infrastructure within Utah and the surrounding states with cascading impacts across the Western United States. The regional, all hazards Clear Path Exercise series brings together energy sector partners on an annual basis to update policies and procedures, identify areas for collective improvement, and strengthen relationships and cooperation.
With cyber resilience, it is the same kind of philosophy: reducing your cyber incident risk and not just relying on one line of defense or one capability you think will be the one that finally stops the bad actors. Looking at the standards for cyber resilience in federal agencies will help businesses understand both the essentials and the additional steps they need to take to fully safeguard their assets.
SailPoint Technologies Holdings, Inc. released an international study uncovered several security threats with every worker whose access was freely granted without proper security controls in place, including phishing attempts, using personal devices for work and vice versa, and sharing passwords with friends and family.
Today's cyber environment is one of rapid and constant change. Stepping up in technological savvy, threat actors are using an arsenal of new and sophisticated techniques that make recognizing their attacks harder than ever. There are several thousand products and thousand different threats and risks. Cybersecurity seems as elusive and probably as impossible as the “happiness problem.”
The FBI released Hate Crime Statistics, 2019, the Uniform Crime Reporting (UCR) Program’s latest compilation about bias-motivated incidents throughout the nation. The 2019 data, submitted by 15,588 law enforcement agencies, provide information about the offenses, victims, offenders, and locations of hate crimes.
The Standoff, an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city, has concluded.
The event took place Nov. 12-17, 2020, pitting information security veterans against skilled hackers in a battle to hack mock banks, utilities, airports, downtown hubs, IoT systems, cargo and public transportation, telecoms systems and more.