CyberScoop Staff – Page 2 – WindowsTechs.com

How to demonstrate trust in cybersecurity practices with organization leaders

Posted on June 4, 2019 by CyberScoop Staff

Chief information security officers working at high-profile enterprises know their jobs are as much about guarding their organization’s brand reputation and trust as they are about IT security. But to ensure that trust, CISOs need to know whether their security investments are actually working, and that calls for having metrics that matter to senior management, according to a new report. “It’s all about measurement,” says Home Depot CISO Stephen Ward, in remarks quoted in “The 2019 Trust Report,” released by Synack. “CISOs need a way to present security to their executive team and board in a way that clearly demonstrates and measures business risk to the organization. The executive team doesn’t want to talk about security — they want to talk about risk.” The report provides CISOs with a framework for using data from their security programs to gain a clearer sense of their organization’s ability to withstand damaging cyberattacks […]

The post How to demonstrate trust in cybersecurity practices with organization leaders appeared first on CyberScoop.

Continue reading How to demonstrate trust in cybersecurity practices with organization leaders→

Security controls that verify users and devices protect agencies from insider threats

Posted on October 29, 2018 by CyberScoop Staff

Zero-trust security models are helping large organizations to protect against malicious users, including those who have already infiltrated their networks, a new report says. Government agencies will benefit from stricter security controls if they shift to a zero-trust approach, according to experts from Duo Security. Zero trust assumes from the outset that all users and data traffic are operating in an open and unsecured environment. The focus on security then shifts to giving authorized users access to designated applications and data based on their identity and to devices based on their level of trustworthiness. “Achieving Zero-Trust Security in Federal Agencies” breaks down the methods to build zero-trust practices, including continuous authentication, device assessment, user controls and application access. Continuous authentication is a user-specific approach that doesn’t rely on privacy-protected information. The security environment protects from threats by taking note of typical behaviors and then denying access when it senses off-pattern […]

The post Security controls that verify users and devices protect agencies from insider threats appeared first on Cyberscoop.

Continue reading Security controls that verify users and devices protect agencies from insider threats→

DHS partnership with service providers gives high-risk industries more visibility of cyberthreats

Posted on October 15, 2018 by CyberScoop Staff

Staying ahead of malicious actors is challenging, but organizations can take advantage of advanced threat intelligence through partnerships the Department of Homeland Security created with accredited communications service providers. A new report explains that critical infrastructure operators, businesses and government agencies can gain unique access to threat signatures, network traffic patterns and emerging cyberthreats by working with Enhanced Cybersecurity Services (ECS) providers that have unique access to DHS’s wealth of threat intelligence. The tech brief, produced by CyberScoop and underwritten by CenturyLink, highlights how the DHS-ECS partnership can provide top executives in industry and government powerful insights gleaned from active monitoring both by DHS and global network carriers like CenturyLink. A global communications provider like CenturyLink monitors about 114 billion NetFlow sessions and 1.3 billion security events per day, the report says. By combining real-time insights from that volume of network activity with DHS’s cyberthreat intelligence, ECS providers are able […]

The post DHS partnership with service providers gives high-risk industries more visibility of cyberthreats appeared first on Cyberscoop.

Continue reading DHS partnership with service providers gives high-risk industries more visibility of cyberthreats→

Meet the 2018 Leet List

Posted on October 10, 2018 by CyberScoop Staff

So much of cybersecurity goes beyond the ones and zeros. Be it through government policy, private sector innovation, technology startups or security research, people from all walks of life are pushing the industry to keep up with technology’s growing impact in every facet of our lives. The all-encompassing, ever-changing facets of cybersecurity have inspired CyberScoop to create the Leet List. We have selected individuals from all walks of the security industry to speak about the impact they are having on how society protects itself in the digital realm. We decided to name this feature the “Leet List” as a play on the internet slang known as “leetspeak.” Originally used to describe the technical skills of early hackers, “leet” (or 1337) has since become shorthand for elite. This “leet” group of experts offered CyberScoop a look at how they approach their jobs, the ups and downs of the current state of affairs […]

The post Meet the 2018 Leet List appeared first on Cyberscoop.

Continue reading Meet the 2018 Leet List→

Why cyberthreat intelligence offers the best defense against agency cyberattacks

Posted on September 6, 2018 by CyberScoop Staff

For agency officials looking to build greater resiliency into their IT operations, security experts stress the growing importance of adopting sound cyberthreat intelligence practices to get out ahead of security risks, according to a new report. Federal agencies face a wide range of challenges addressing cybersecurity concerns. However, utilizing advanced intelligence about the adversaries likely targeting your agency, and the tactics they’re most likely to use, can be instrumental in shrinking the time between incident and response, according to the report from FireEye. The new briefing document gives IT security teams and leaders recommendations on how to shift from a reactive posture to a proactive approach by incorporating cyber threat intelligence into the daily IT operations. “At the end of the day, organizations are not in business to defend themselves. They have a different mission. For cyber, every organization needs to mitigate the right amount of risk in the most […]

The post Why cyberthreat intelligence offers the best defense against agency cyberattacks appeared first on Cyberscoop.

Continue reading Why cyberthreat intelligence offers the best defense against agency cyberattacks→

Leading transformation by cultivating data catalysts in your agency

Posted on August 23, 2018 by CyberScoop Staff

Government agencies looking to make better decisions from the data they collect have more resources within reach than they might suspect. But senior leaders need to take steps to identify the hidden data champions in their midst and encourage them to become catalysts in their organizations, according to a new report. “Data and analytics catalysts,” are those who have a “natural ability to drive change,” and are given the necessary foothold to help an organization understand the value of a “data-driven enterprise,” the report says. The report, released by Booz Allen Hamilton, suggests the most promising candidates are those who have instinctive leadership skills, have a flair for making sense of data, know how to engage stakeholders and are able to nurture talented individuals to join in their initiative. Agencies don’t need to create new positions or add staff, the report says, but focus instead on developing the talent and […]

The post Leading transformation by cultivating data catalysts in your agency appeared first on Cyberscoop.

Continue reading Leading transformation by cultivating data catalysts in your agency→

New study highlights demand for proactive cyberthreat hunting expertise

Posted on July 26, 2018 by CyberScoop Staff

IT officials from leading industries and government have strong concerns about finding and retaining the necessary talent to respond to cybersecurity threats quickly enough, and how to adapt to changing threats, a new survey finds. The study points to a shift in priorities among IT leaders in the public and private sectors. They say the individuals they’re looking for most possess proactive threat hunting expertise and can think like a hacker. The survey, produced by CyberScoop and underwritten by Raytheon, suggests that to meet the demand for qualified expertise, IT leaders are exploring a larger role for artificial intelligence (AI) on the cyber battlefield and turning to outsourcing as a solution. About two-thirds of industry executives surveyed (64 percent) reported their organizations are investing 10 percent or more of their 2018 cybersecurity budget on AI technology. Government is lagging behind with only 34 percent of respondents indicating their agencies are […]

The post New study highlights demand for proactive cyberthreat hunting expertise appeared first on Cyberscoop.

Continue reading New study highlights demand for proactive cyberthreat hunting expertise→

Why agencies are shifting from cyberdefense to digital resilience

Posted on June 27, 2018 by CyberScoop Staff

A growing cadre of federal IT leaders recognize that fortifying their defenses is no longer enough to protect their agencies amid the rising tide of cyberthreats. The reality is that cybersecurity threats are evolving quicker than most agencies can respond. Nearly 7 in 10 federal civilian agency IT leaders — and more than half (55 percent) of their defense and intelligence agency counterparts — say their agencies aren’t keeping pace with evolving threats, according to a recent study from CyberScoop and underwritten by RedSeal. That statistic is leading agencies, including the U.S. Army’s Program Executive Office for Enterprise Information Systems, to look for more effective ways to contain breaches, improve resilience and sustain critical operations unimpaired during attacks, according to a separate report released by RedSeal. According to the report, the agency is in the process of acquiring automated network mapping and modeling tools to improve cyber resilience, including tools […]

The post Why agencies are shifting from cyberdefense to digital resilience appeared first on Cyberscoop.

Continue reading Why agencies are shifting from cyberdefense to digital resilience→

Closing the gaps in cybersecurity resilience at U.S. government agencies

Posted on May 1, 2018 by CyberScoop Staff

While about 2 in 3 federal IT officials claim their agency can detect cybersecurity incidents within 12 hours, they also stress the need for more skilled cybersecurity help to confirm that there aren’t deeper, undiscovered threats lurking in networks, according to a new study. Federal IT executives are relatively confident that their agencies can absorb a cyberattack and continue to function, but a number of gaps in cybersecurity resilience remain. More than half of IT leaders at civilian agencies — and 6 in 10 at defense or intelligence agencies — say their agencies don’t have the tools and resources needed to meet their security objectives. Moreover, the majority of IT executives believe the threat landscape is evolving quicker than their agencies can respond, pointing to increasing urgency to automate systems and enhance network visibility, the study found. The findings are part of survey of federal IT leaders, released this week by CyberScoop […]

The post Closing the gaps in cybersecurity resilience at U.S. government agencies appeared first on Cyberscoop.

Continue reading Closing the gaps in cybersecurity resilience at U.S. government agencies→

The ‘right’ security conference in the making

Posted on April 27, 2018 by CyberScoop Staff

As conferences like RSA grow to host thousands of different vendors, it can be extremely tough for a CIO or CISO to come away with any actionable information that can support their organization. Philippe Courtot recognizes that and wants to remedy it with an event of his own. Courtot has launched the CIO/CISO interchange, an event series aimed at cutting through the noise and getting to the heart of what security leaders should be discussing if they are to embrace the digital transformation happening at organizations all over the world. Courtot, CEO of Qualys, looks at the event as something that can cut through marketing overload and bring people together to discuss cutting-edge ideas. “These conferences have become a cacophony of vendors,” Courtot said. “It’s absolutely deafening. We can really create a different type of conference where effectively, people can come there and get real information without the cacophony of […]

The post The ‘right’ security conference in the making appeared first on Cyberscoop.

Continue reading The ‘right’ security conference in the making→