Collaborate Disseminate
Security advisor John Shier shares findings from a security report that show wide gaps in security preparedness to defend against ransomware threats across the education sector.
The post Education sees the highest ransomware recovery cost compared to other sectors appeared first on CyberScoop.
Continue reading Education sees the highest ransomware recovery cost compared to other sectors
As enterprises invest in digital transformation, industrial cybersecurity will increasingly serve as the critical enabler for safely and securely advancing business goals through technological innovation. While this transformation of operational technology (OT) provides significant benefits, they can be diminished by increased cyber security risk. A new report, “An Executive’s Guide to Industrial Cybersecurity,” produced by Dragos, breaks down how organizations can better secure operational technology systems. The report looks at: How digital transformation and connectivity increase risk and exposure How the OT threat landscape is growing rapidly and increasing in sophistication Why remediating OT vulnerabilities requires a different approach than IT vulnerabilities Next steps executives should take to assess and address the unique challenges of OT cybersecurity Learn more about the key components to keep your operational technology secure. This article was produced by CyberScoop for, and sponsored by, Dragos.
The post The benefits of understanding industrial technology appeared first on CyberScoop.
Continue reading The benefits of understanding industrial technology
Ransomware attacks are a growing concern across both public and private sectors with recent research [Link to asset] indicating that by 2031 attacks will cost its victims more than $265 billion annually. With new operating system vulnerabilities continually being discovered — and variants of malicious code regularly being developed — keeping up a frontline defense against cyberthreats is an overwhelming task. That is why security leaders recommend that integrating data backup and recovery solutions as a part of any organization’s multi-layered cybersecurity strategy. A recent white paper from Veritas Technologies leans on recommendations from the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework to lay out best practices for a comprehensive data backup strategy. That includes adding capabilities like vision management, identity and access management, immutable storage and data encryption. When looking for the best data backup and recovery solution, the report recommends that leaders ask themselves some key questions about […]
The post Increase cyber resiliency with modern data backup and recovery solutions appeared first on CyberScoop.
Continue reading Increase cyber resiliency with modern data backup and recovery solutions
Tim Li is a principal at Deloitte Risk & Financial Advisory and Deloitte Touche LLP and leads Deloitte’s Strategic Growth Cyber portfolio for federal, state and local governments and higher education institutions. Cybersecurity incidents continue to make headlines, challenging public agencies in the US to modernize cybersecurity defenses to protect citizens and the country. The recent Executive Order (EO) on Improving the Nation’s Cybersecurity calls for the federal government to “improve its efforts to identify, deter, protect against, detect and respond to these actions and actors.” As cyber challenges evolve in complexity and scale, they create multi-faceted challenges for government. So, while the EO lays out a solid foundation of recommendations, organizations should also take heed of the following considerations as they evolve their future cyber thinking: Enable trust as the foundation for collaboration. The EO calls for the private sector to share information with government to improve overall cyber […]
The post How trust, connection and understanding can shape the future of cyber appeared first on CyberScoop.
Continue reading How trust, connection and understanding can shape the future of cyber
This past year’s seismic shift in how and where people access corporate resources has heightened the urgent need for organizations to upgrade the identity and authentication systems they rely on. That urgency isn’t likely to diminish anytime soon, according to a 2021 Gartner CIO survey. The survey found that 64% of employees at CIOs’ organizations are now able to work from home, and two-fifths are actually doing so, suggesting the landscape for authenticating users has clearly taken on new and more dynamic contours. But it’s not just people accessing enterprise resources. The transition to cloud-based services and the underlying automation supporting digital workloads have led to dramatic increases in the volume of non-human entities — virtual machines, mobile devices, applications, containers, and IoT/OT devices — all seeking their own access to enterprise resources independent of the end user’s identity. As a result, managing machine identities has also become part of […]
The post Why combining FIDO2 and PKI provides broader enterprise-wide security appeared first on CyberScoop.
Continue reading Why combining FIDO2 and PKI provides broader enterprise-wide security
Steve Caimi is a security specialist Cisco with nearly 25 years’ experience in cybersecurity. Ransomware had a banner year in 2020, taking advantage of pandemic-related shifts in network access for remote work, distance learning and telehealth. For critical infrastructure sectors, the threat of seeing data locked up or having systems knocked offline is a risk that these organizations simply can’t afford. While cyber defenders are improving their cyber defenses, hackers are upping their game too. They’re getting better at getting inside, they’re affecting more systems and they’re doing more with the data they steal. That is why organizations need a security strategy that can adapt to the changing threat environment. For ransomware, financial gain is the endgame. We are seeing a growing trend in “big game hunting” — or targeting big-revenue organizations — because attackers know these organizations can, and will, pay up. Two of the top attack vectors should […]
The post Aiming for the right defense strategy against ransomware threats appeared first on CyberScoop.
Continue reading Aiming for the right defense strategy against ransomware threats
Now that federal agencies have shifted to mass telework and sorted through many of the related hardware and software needs, they’re able to take a closer look all the pieces necessary to implement zero-trust security architecture, a cybersecurity expert says. In particular, agencies have greatly embraced the use of different kinds of authenticators to help identify users and control their network access, said Brian Rosensteel, Cybersecurity Architect at Duo Security, during an SNG Live virtual discussion panel hosted by Scoop News Group on Oct. 20. Federal IT leaders are seeing that for telework, old forms of proving identity don’t translate, and they’re looking for other solutions. “That’s where we’ve seen zero trust really starting to take place,” he said. The zero-trust model assumes that the network is penetrable, so it forces users to verify themselves for each set of data or applications they want to access once they’re on the […]
The post Government learns that authenticators are key part of modernization appeared first on CyberScoop.
Continue reading Government learns that authenticators are key part of modernization
Shifts in the way that enterprises and government organizations implement identity management technologies already were underway before the coronavirus pandemic struck. The sudden influx of remote work, however, has forced security personnel throughout the U.S., and the world, to accelerate plans to mitigate cyber risk. “When billions of people formed the largest remote workforce ever, overnight, pretty much we knew security, compliance and identity would not be small issues for folks,” said Ann Johnson, Corporate Vice President of Security, Compliance and Identity Business Development at Microsoft during a virtual presentation Oct. 21 at CyberTalks, the annual summit of security leaders from the government and private sector presented by Scoop News Group. Johnson went on to provide insights on how chief information security officers have adapted to a world where telecommuting is now the norm. Now, she said, more people are starting to look ahead, too. One such organization that was […]
The post How Microsoft is future proofing against cyber risk appeared first on CyberScoop.
Continue reading How Microsoft is future proofing against cyber risk
When it comes to an effective transition away from legacy technology systems to more modern, efficient security tools, organizations stand to gain the greatest benefits if they communicate the value of digital transformation in advance and implement the right changes. Jeanette Manfra, Director of Government Security and Compliance at Google Cloud, which specializes in services ranging from data centers to backup technologies, said that a proactive mindset can help organizational leaders overcome obstacles that arise during a digital transformation. During a keynote session at CyberTalks, the annual summit of security leaders from the government and private sector hosted by Scoop News Group, Manfra explained that effective buy-in from throughout a company, or government agency, can streamline both technology and other operations. “Security practitioners in particular, whether real or perceived, can be blockers and not enablers,” she said. “And so one of the things that both working with customers and in […]
The post Security transformation is about more than technology appeared first on CyberScoop.
Continue reading Security transformation is about more than technology
Trust the process. That’s the message from a group of election security experts who, during a virtual panel discussion at CyberTalks, said they are working to safeguard the 2020 election from an array of cybersecurity threats. Benjamin Hovland, a commissioner on the U.S. Election Assistance Commission, Jack Cable, an election security technical adviser at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Matt Masterson, a senior cybersecurity adviser at CISA, explained that the goal isn’t only to protect the Nov. 3 election, but also to ensure that the American people can trust the results. The CyberTalks panel was led by John DeSimone, vice president of cybersecurity, training and services at Raytheon Intelligence and Space. In a series of questions, DeSimone, probed the election security experts on the ways that U.S. government entities and the defense industrial base are working together “from a mission assurance perspective” to protect […]
The post Election security pros focus on effective partnerships appeared first on CyberScoop.
Continue reading Election security pros focus on effective partnerships