The cybersecurity market offers excellent solutions and services to combat the threats that are exploited by cybercriminals. However, are these tools enough to fully protect an organization? It is clear that human error is a strong attack vector for many popular cybercrimes, so the best way to augment any security program is to create a cyber-aware workforce. After all, with the correct training and education, the front-line staff can become one of the most effective allies in preventing an attack.

This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers. Please take care of yourself when reading this and break off from reading if you feel the need to.

Europol, the European Union’s law enforcement agency, recently published the 2021 Internet Organized Crime Threat Assessment (IOCTA) report. The report, which is Europol’s flagship strategic product that provides a law enforcement focused assessment of evolving threats and key developments in the area of cybercrime, highlights the expansion of the cyber threat landscape due to the impact of the COVID-19 pandemic and accelerated digitization.

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they were most concerned about ransomware, for instance.

The CISO’s role is never static. Over the last two decades, it has evolved beyond technical IT security. CISOs are now central to their organization when it comes to risk, compliance and governance. And this comes at a time when businesses are undergoing rapid change in the face of changing threats. In the past, the CISO or head of IT security has been an inward-facing role, ensuring compliance and keeping data secure. But that has changed, with cybersecurity teams more business oriented.

In a previous blog post, I discussed the different applications of integrity for Zero Trust and provided four use cases highlighting integrity in action. The reality is that many organizations can’t realize any of this on their own. But they don’t need to. They can work with a company like Tripwire as a partner on their Zero Trust journey. Let’s explore how they can do this below.

It’s that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it’s worth knowing that Gartner’s predictions come from Gartner IT Symposium/Xpo Americas, which ran virtually in October 2021.

The United States Department of Defense (DoD) views securing the supply chain and the Defense Industrial Base (DIB) as one critical pillar in protecting national security. Dedicated security requirements exist for the protection of federal information systems as well as classified information based on the NIST 800-53 standard. However, several years ago, a gap was identified in the security requirements for the protection of non-federal systems and controlled unclassified information (CUI).

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity.

The role of the modern CISO is more than understanding the technical side of the business. In fact, the role consists of even more than understanding the business side of the business. When I spoke with Ian Thornton-Trump, he was able to shed light on how important effective communication and team-building are to the overall success of a modern CISO. His insights can be valuable to any person currently in a CISO position and also to anyone looking to embark on the path to becoming a successful CISO.