IT is a thrilling world, full of unpredictable cybersecurity threats. Databases in particular are a place where you always need to watch out for perils and pitfalls. With Halloween fast approaching, we offer some hair-raising database stories to make you feel the terrifying spirit of the holiday.
Are our systems secure? Is our valuable content safe? These are tough questions to tackle when news headlines regularly bombard us with messages of cyberattacks and security breaches. Centrify, a zero-trust and privileged access management provider, reported that 71 percent of business decision-makers are concerned that the move to remote working creates a significant increase in the risk of cyberattacks.
The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times. With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are required by regulations to isolate their most sensitive systems to avoid any type of security breach.
A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts allowing remote code execution. More recently, the Capital One breach last year stemmed from a misconfigured web application firewall. Verizon’s 2020 DBIR reported that only hacking was more prevalent than misconfiguration errors as the culprit of data breaches.
One of the most common questions that businesses operating under GDPR, LGPD or other similar data regulations have is how long should you keep data? As answers to this question typically seem to vary widely to clear up confusion, we’ve gathered insights from business leaders & specialists across a variety of industries to try and answer this question and shed light on what are reasonable timeframes to keep hold of data, whether that may be financial, employee or other potentially sensitive data.
If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn! The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day.
The goal of ISO SAE 21434 is to build upon functional safety standard ISO 26262 and provide a framework similar to it for the entire life cycle of road vehicles. The major components of this new standard include security management, project-dependent cyber security management, continuous cyber security activities, associated risk assessment methods, and cyber security within the concept product development and post development stages of road vehicles.
As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making the threat of attacks increasingly difficult to both prepare for and defend against.
Information Security leaders have to demonstrate the value and purpose for each solution that’s purchased and prove the solution that was chosen is doing the job it was procured to do. Executives are therefore requiring Information Security leaders to prove the value of the solutions in ways they understand. They need to see the value not in security metrics but in dollars and cents.
