The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.
The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.
As companies think about how to navigate this new landscape of privacy laws and cybersecurity threats, here are a few major trends and predictions to consider:
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.
Meet Issak Davidovich, Vice President of Research and Development at C2A Security. According to Davidovich, the implementation of driver assistance technologies and cybersecurity goes hand-in-hand, and the auto industry is taking its first steps on creating in-vehicle security standards. Here, we talk to him about what this means for automotive cybersecurity.
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory “Detecting Abuse of Authentication Mechanisms.” The advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud.
The talent war is real, the strength in numbers favors our opponent, we now have the original digital transformations we were planning pre-COVID, and now we have additional transformations that we have to take on to enable a distributed workforce that was previously never a consideration. There simply are not enough properly equipped resources to meet global demand, and even then, an organization is only as strong as its weakest analyst. The adversary knows that and, leverages the vulnerabilities in human behavior to advance their position in the “infinite game” of cyber warfare.
If you were in an IT-related field 10 years ago, the term “Shadow IT” might strike fear into your heart. In case you missed it – or blocked out the bad memory – that’s when business SaaS emerged, enabling lines-of-business (LOB) teams to buy their own turnkey software solutions for the first time. Why was it called “Shadow” IT? Because IT security teams typically weren’t involved in the analysis or deployment of these Saas applications. IT security often didn’t find out about the apps until something went wrong and they were called in to help – and by that point, data, apps and accounts had sprawled across the cloud.
Despite their preference for remote work, Millennials and Gen Zers experience more technological issues, struggle more with password management, and are far more reckless in their online activity than older demographics. Not only do these younger employees create more work for IT teams and service desk personnel, but they also pose as significant cybersecurity liabilities for corporations.
Nearly two-thirds of workers who have been working remotely during the pandemic would like to continue to do so. While working from home, the boundaries between work and life can decrease or disappear altogether, as employees are using their corporate devices for personal use more than ever before. As we enter the holiday season, IT teams can expect this work/life blend to translate into increased online shopping on corporate devices, which in turn exposes the network to additional cybersecurity threats.
RSS
