Even before the fiasco at Silicon Valley Bank, financial institutions were under tremendous scrutiny from regulators. How could they not be? Banks are among the oldest known targets for theft, and in a digital age, the best way to extract money is going to be either straight cyber-theft from existing accounts or ransomware. IT systems that house customers’ financial data can be architected with the right security controls in place to protect that data to the highest standard.

ChatGPT has been taking the World by storm, but it’s bringing with it issues around cybersecurity, data protection, and data privacy. IT leaders and business leaders are looking to create policies that will help protect their people and corporate assets, but so few people really understand the technology well enough to grasp and weigh the benefits, the concerns, and implications for the cybersecurity industry, in general.

The Cybersecurity Maturity Model Certification (CMMC) has been around for a few years. And, in its short tenure, it has, itself, matured. The current version of the CMMC is 2.0, released in November 2021. In the latest version of the model, the original five-level model hierarchy was collapsed into three distinct levels: Foundational, Advanced, and Expert.

While a number of organizations have moved back to an in-person work model, some employees are pushing back and leaving for jobs that will allow them to work from home (WFH). Having become accustomed to the advantages of a WFH model, employees have a lower tolerance for inconveniences like time and money spent on commutes, being away from loved ones for long hours, packing lunches, and having to dress for an office environment.

In the ongoing battle to protect corporate data, you can’t afford to miss a step. I’ve seen, first-hand, what can happen when organizations do miss steps. We are always happy to help them remediate going forward, but there’s a lingering wish that we’d met them sooner.

Over the last two years, digital transformation has accelerated at breakneck speed, opening new lines of business that meet user demand. Reality is, online banking, order-ahead meals, telehealth appointments, and online grocery shopping are no longer optional. Users expect these to be available 24/7, so any business that wants to compete and values customer loyalty needs to digitize its services as much as possible.

Being a cybersecurity practitioner 15-20 years ago sometimes made me the unpopular guy in the room. People are always excited about financial gain – opening new lines of business, developing creative and sustainable revenue streams – you know, the fun stuff. But nobody wanted to talk about cybersecurity-related financial losses at that time – especially not potential losses due to risks that very few people understood yet.

The terms “readiness” and “resiliency” complement each other, but they’re different.

In last week’s discussion around readiness and resilience, I introduced the concept of what it means to have “threat-informed” cybersecurity. This week, I want to show you what that looks like in the real world – how it should drive you to challenge more assumptions, reduce your attack surface, and game out real-world scenarios.