Last month, we covered how Tripwire Configuration Manager can audit your cloud service provider accounts like AWS, Azure, GCP, and other cloud-based services such as Salesforce. In this blog, we will continue our dive into cloud services and show how Tripwire Configuration Manager can monitor your Zoom environments. Zoom is a popular video telecommunications platform that has seen tremendous growth in the past few years.

Tuesday, November 30th, is National Computer Security Day. Although this special day has been around since 1988, many people are not only unaware of it, but are still also unaware of some of the basic security required for protecting their computing devices. The rise of remote work has stretched the security perimeters of all corporations, and fortunately, there are products, such as Tripwire Enterprise that can help them to protect the organization, from the full computing systems, to data storage.

In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data.

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by the same malware this year, in what appear to be targeted attacks.

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points.

We’re getting into the end-of-year holiday season. In addition to our busy end-of-year business schedule, we need to plan for family visits, develop menus for special meals, and possibly do a little shopping while the deals are good. It’s a lot to keep track of. Just remember it’s when you are distracted that you tend to put your digital security most at risk. Digital criminals don’t take holidays.

When the Biden Administration released its Cybersecurity Executive Order in May 2021, it was clear that Zero Trust would be a central component of the government’s security approach moving forward. Agencies and their partners scrambled to assess their existing Zero Trust investments and the gaps that would need to be filled in order to quickly ramp up implementation.

As cybersecurity professionals, we are always impressing the importance of patch management as one of the best ways to protect systems against vulnerabilities. Sometimes, the vulnerabilities are never fully exploited. Regardless of the threat possibility, patching is one of the easiest ways to ensure the minimum level of security in an organization.

Currently, ransomware is the most prominent cyber threat to businesses and individuals. Ransomware attacks are growing more prevalent as cybercriminals find new ways to profit from them. According to CyberEdge’s 2021 Cyberthreat Defense Report, 62% of organizations were victimized by ransomware in 2019—up from 56% in 2018 and 55% in 2017. This rise is arguably fueled by the dramatic increase in ransomware payments.

If the UK Government gets its way, IT service vendors and other cloud-based service providers may soon be required to adopt new measures to strengthen their cybersecurity, amid rising concerns about supply chain risks. The Department for Digital, Culture, Media and Sport (DCMS) has floated plans to make mandatory compliance with the National Cyber Security Centre’s Cyber Assessment Framework, which provides guidance for organisations responsible for vitally important services and activities.

The growing value of business data, the vulnerability of networked systems, and the importance of fuel infrastructure have made oil and gas companies major targets for malicious hackers. Already, the industry has been the victim of several high-profile attacks. The Colonial Pipeline hack compromised the business’s networks, shut down its operations, and deprived the East Coast of a pipeline that supplies nearly half the region’s fuel.

The COVID-19 pandemic changed many aspects of how businesses operate, remote work being one of the most significant. At the outbreak’s peak, 71% of American workers telecommuted at least part-time, 62% of whom rarely worked remotely before. This shift has impacted many industries, but the legal sector faces more disruption than most. Legal work rarely happened over telecommunication services before the COVID-19 pandemic.

A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats.

Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy is concerned.

Cyber insurance has great potentials in improving cybersecurity practices and protecting organizations against the impact of security incidents, but these potentials “have yet to fully materialize.” This is the key highlight of a recent report developed by the Royal United Services Institute for Defence and Security Studies (RUSI) and the University of Kent in the UK. The report provides a comprehensive list of recommendations for both governments and organizations.

In my previous post, I discussed some of the most common types of services offered by managed service providers (MSPs). This brings us to what organizations need to do to prepare to work with an MSP. Here are some considerations to keep in mind.

Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in exchange for the ransom-held information.

As you’ll recall, the White House published an Executive Order (EO) on Improving the Nation’s Cybersecurity back in May 2021. The EO issued several commands such as creating a Cyber Safety Review Board to lead post-incident analysis of significant security events and requiring software developers to make data about their solutions publicly known.

Operating in hybrid environments can get really tricky at times. As more and more organizations are moving their sensitive data to the public cloud, the need to keep this data secure and private has increased significantly over time. While handling their valuable datasets within their respective environments, companies need to ensure utmost data security and compliance to meet the regulations set by various governments.

As the world increasingly moves to a digital format, cybersecurity is becoming more important than ever. It’s especially significant since, according to a recent survey by Sophos, 51% of businesses in America experienced a ransomware attack in 2020. That’s a staggering number of security vulnerabilities that truly shouldn’t exist in the modern day and age. Yet, it’s relatively understandable.

Have you ever taken a personal device to work and connected it to the work network? Maybe you connected to the Wi-Fi with a mobile device. Perhaps you brought in a personal laptop and plugged into an open port to connect to the internet. These may seem like harmless activities, and some companies even allow non-corporate devices on their guest network as a way to enable visitors to operate in their environment. In shared office environments, open networks are seen as business enablers.

Anyone who works in technology in the United Kingdom (UK) is familiar with the Public Services Network (PSN). This organization was established back in 2008 to help public service organizations to work together to share resources and reduce duplication. Over time, the Internet has become suitable for most of the work that was previously managed by the PSN, and the PSN is now considered a legacy network.

The U.S. Department of Justice charged a British man for his alleged role in stealing $784,000 worth of cryptocurrency using SIM swap attacks. According to the unsealed indictment, Joseph James O’Connor – also known as “PlugWalkJoe” – conspired with others to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company.

Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data.

Burnout happens when job demands such as workload, time-pressure, and difficult clients are high as well as when job resources including quality leadership, autonomy and decision authority, recognition, and strong relationships are lacking. The field of cybersecurity is particularly difficult, but that doesn’t mean burnout is inevitable, and it doesn’t mean you can’t recover after experiencing burnout.

Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers.

What is it like to not only be a CISO but to also be one in a large, global organization? I recently had the pleasure of speaking with Mark Ruchie, CISO of Entrust, a global tech firm securing data, payments and identities.

Risks are a part of everyday life. No matter what decision we take, we always weigh the pros and cons. This core element of our daily lives is risk assessment. When it comes to cybersecurity, risks are omnipresent. Whether it is a bank dealing with financial transactions or medical providers handling the personal data of patients, cybersecurity threats are unavoidable. The only way to efficiently combat these threats is to understand them.