A company’s in-house chief information security officer (CISO) is a key component to making sure the risk of a cyberattack or security breach is greatly reduced. The responsibilities of this position are critical for businesses working to protect themselves against cyberthreats, but the reality is, some companies can’t afford to add another member to the c-suite with an average salary of up to $250K. However, there’s another option: a virtual CISO or vCISO.
While the rough seas may be behind businesses, now is not the time to rest. It’s important for security leaders to remain diligent about their company’s security posture and adapt to the latest state of the world. Focusing on people, processes, and technology is not only the foundation to a solid cybersecurity strategy, but also absolutely critical at a time where workers have never been further from security teams’ protection.
CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), NASCAR, the Daytona International Speedway, state and local first responders, law enforcement officials, and local businesses held a tabletop exercise today to test response plans around hypothetical public safety incidents on the day of the DAYTONA 500.
Fortified Health Security, Healthcare’s Cybersecurity Partner released the 2021 Horizon Report, which details findings that illustrate how, as healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients.
Synopsys, Inc.'s The Cost of Poor Software Quality In the US: A 2020 Report's findings reflect that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08 trillion. This includes poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.
The National Security Agency released a cybersecurity product detailing how to detect and fix out-of-date encryption protocol implementations. Networks and systems that use deprecated forms of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for traffic sessions are at risk of sensitive data exposure and decryption.
FBI, ODNI, CISA & NSA issued a joint statement saying their investigation indicates an APT actor "likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."
Security budgets are tighter than ever, and security professionals need to leverage existing investments smartly, and use innovative security solutions that maximize ROI. Here are seven safety and security solutions that security and loss prevention leaders should consider:
As global tensions continue to escalate, the Internet may find itself used as a weapon, something we are already starting to see happen, by nations attempting to exert their influence and enforce greater internal control over digital commerce and communication. Nations must recognize the threat of escalation beyond the point of no return and take steps to ensure that the interconnectivity of the open Internet remains intact long-term. This will prevent a “cyber dark age” in which governments implement national Internet protocols and stop the free flow of data across borders.