The increase in cyber insurance adoption and premium prices coincides with a changing — and more challenging — threat landscape, this according to a new GAO report on cyber insurance. The report describes key trends in the current market for cyber insurance, and identified challenges faced by the cyber insurance market and options to address them. To conduct the study, GAO analyzed industry data on cyber insurance policies; reviewed reports on cyber risk and cyber insurance from researchers, think tanks, and the insurance industry; and interviewed Treasury officials.
Nuspire, managed security services provider (MSSP), announced the appointment of industry veteran, J.R. Cunningham, as Chief Security Officer. In this role, Cunningham will oversee Nuspire’s security strategy, oversight of policies and compliance, and the new Nuspire Security Program, which is a step-by-step program designed to help Nuspire’s customers build customizable security programs. Cunningham joins Nuspire with over 25 years of experience, building and maintaining security programs, security strategy consulting, cyber practitioner leadership and creating successful long-term client relationships through strategic consulting. I
Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced.
Xpanse research found 79% of observed exposures occurred in the cloud.
In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84% of respondents believe ransomware attacks will become more prevalent in the second half of 2021. The Colonial Pipeline attack caused massive disruptions to gasoline distribution in parts of the US this month, resurfacing preparedness for ransomware attacks as a front-burner topic for enterprises around the world. Colonial reportedly authorized a ransom payment of US $4.4 million. In the ISACA survey, four out of five survey respondents say they do not think their organization would pay the ransom if a ransomware attack hit their organization. Only 22% say a critical infrastructure organization should pay the ransom if attacked.
One thing is clear: the hybrid model will be permanent. Occupier requirements are constantly evolving and they are driving new considerations for landlords and workspace providers. Let’s review the core considerations and components required to create a secure tech operating layer that reassures the integrity of the workspace, operation and infrastructure while delivering a great occupier experience.
Distributed denial of service (DDOS) attacks - when an attacker attempts to make it impossible for a service to be deliverable - are increasing in size, frequency and duration. Kaspersky Lab reported a doubling of DDoS attacks in the first quarter of 2020 compared with the fourth quarter of 2019, plus an 80% jump compared with the same quarter last year. To learn more about how these attacks have evolved over the years, we talk to Roy Horev, Co-Founder and CTO at Vulcan Cyber, a vulnerability remediation orchestration provider.
Researchers at Check Point Research analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to more than 100 million users.
In a report published recently, the firm discusses how the misuse of real-time database, notification managers, and storage exposed over 100 million users’ personal data (email, passwords, names, etc.) and left corporate resources vulnerable to malicious actors.
The traditional approach to securing cloud access goes against everything that DevOps is about. Regardless of what providers of legacy IAM, PAM, and other security solutions claim about their ability to scale with cloud application dev cycles, they’re concealing the extensive time, effort, and resources required to manage their solutions – three things that are in short supply in DevOps teams. So, the challenge becomes: how can enterprises integrate world class technologies for securing identities and access to cloud environments without bringing DevOps to a grinding halt?
Constella Intelligence research reveals that one in four cybersecurity leaders use the same passwords for both work and personal use; more than half experience account takeover first-hand
May 21, 2021
Constella Intelligence (“Constella”), Digital Risk Protection leader, released the results of “Cyber Risk in Today’s Hyperconnected World,” a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge.
COVID-19 brought with it a massive influx of data, most of it moving from a centralized location to the cloud (and other environments). Now, these businesses are trying to understand how to re-engineer their environment for the next 10+ years, in the advent of Zero Trust, SASE and more. How has COVID-19 impacted the need for cybersecurity consulting, specifically new trends, and Zero Trust? Here, we speak with Todd Waskelis, AVP of AT&T Cybersecurity, who leads AT&T’s cybersecurity consulting services.