Like many businesses today, the construction industry is in a state of transition. In recent years, construction workflows have become information-driven, just as workflows have in other industries. Many industries have risen to the challenge and made full use of digital technologies to transform themselves. However, for reasons that have a lot to do with how construction operates, the digital transformation of construction has lagged.

Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.

Third-party vendor data breaches are becoming an epidemic for organizations that themselves have solid information security programs. The Ponemon Institute has proven year over year in its survey that the cost of third-party data breaches increases with each survey. Many struggle with how exactly to hold third-party vendors accountable and enforce the same rigid standards and controls that they consume internally. The big question is: how do organizations prevent third-party vendor data breaches?

I’m very fortunate in the COVID-19 situation. My job as editor of the AT&T Cybersecurity blog lends itself well to working from home. In fact, even before the virus I had the privilege to work from home some of the time – of course with a VPN and other security measures, on company equipment. The biggest impact has been personal for me. I miss my colleagues at work. I miss the in-person laughs and socializing.

PowerShell had its beginnings as a way to enable administrators to perform their tasks both locally and remotely with unprecedented access to underlying Windows components, such as COM objects and WMI. Since being included in every major Windows Operating System since Windows 7, PowerShell based tooling is well proliferated for both legitimate and malicious use and includes common tooling such as SharpSploit, PowerSploit, PowerShell Empire, Nishang and Invoke-Obfuscation.

The average cost of a data breach is now nearly $4 million and the unfortunate truth is third-parties are a significant source of cyber risk. This is why cybersecurity vendor risk management (VRM) has become a top priority for CISOs, Vice Presidents of Security, and other members of senior management, even at the Board level. In addition to financial costs, there are increased regulatory and reputational costs.

Every day third-party data breaches and data leaks inundated our news cycle. And for good reason, the average cost of a data breach is nearly $4 million globally. This has led to organizations looking for ways to reduce cyber risk and prevent data breaches. Vendor risk management (VRM) is now a top priority for CISOs and other members of senior management, even at the Board level.

Every day the news is filled with third-party data breaches and data leaks. And for a good reason, they often expose the protected health information and personally identifiable information of thousands or even hundreds of millions of people. For context, the Ponemon Institute estimates that the average cost of a data breach is nearly $4 million globally.

Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims more than $15 million in damages at the time of writing. Unfortunately, both of those figures are likely to grow as time goes on.

Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge.