As a former systems and network administrator, I understand the demands that are placed on today’s IT professionals. It’s true that skills gap continues to hamper IT and security personnel, for example. In early 2020, Tripwire revealed the results of a survey in which 83% of security professionals noted that they felt more overworked going into that year than they did at the start of 2019.
Global supply chains are bearing the brunt of ransomware attacks, according to a new report that finds manufacturing was the most targeted industry during 2021. Knocking financial services and insurance off the top of the heap after a long reign, the manufacturing industry was found by IBM to be the most attacked sector – accounting for 23% of reports of ransomware.
Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important.
I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts.
In the early years of cybersecurity, it was often said that people are the weakest link. This did nothing to encourage support, as it was insulting and demeaning. The new and better way to inspire people towards a cybersecurity mindset is to engage with and treat them as a valuable part of an organization’s overall cybersecurity initiative.
Part of operating an effective security program is the ability to never rest upon any previous success. When guarding against an adversary, yesterday’s success is quickly eclipsed by the dynamic shift in the attacker’s tactics. Just as a doctor “rules out” a particular diagnosis, an effective attacker first searches for well-known vulnerabilities using catalogs of offensive exploits. These are part of the attacker’s playbook.
Cybersecurity is never static, and that’s especially true today. After widespread and frequent disruptions in the past few years, the cyber defense landscape is shifting. Favored attack vectors are changing, new threats are emerging, and organizations are rethinking their cybersecurity focus. Staying safe in the next few years requires an understanding of these developments. With that in mind, here are five data-backed predictions for how the state of cybersecurity will change.
Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.
The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data.
No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making cybersecurity a priority throughout every development sprint cycle is necessary to combat the tide of digital attacks threatening the modern web. But how can you ensure your focus on cybersecurity throughout development?
One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again.
Hosting the Olympics is always a source of national pride for any nation chosen to do so. Whether in winter or summer, the prestige of the world’s eyes being on an event that transcends political differences and has sport at the fore is a prize many countries and regions aspire to achieve. This all sounds fantastic and at one level is exactly what is happening at the 2022 Winter Olympics.
A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and organisations.
The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact, assessments show this is rarely done even where required by policy.
If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is proficient in this regard, that doesn’t mean it can’t be improved in other capacities such as ease of use.
When was the last time you purchased a product that was in a container? If you are a typical consumer, you probably have done so in the last few days. There is an entire industry that focuses on these containers. Consumer Packaged Goods (CPG) is an industry term for merchandise that is used and replaced on a frequent basis.
We all want a safer Internet, but we often put a lot of trust and hope in technology to deliver on that promise. The Internet is really made up of people, though. And people can make the biggest impact in creating a safer Internet. While everyone is impacted by Internet safety, children and youth are disproportionately at risk. The concept of a Safer Internet Day was born out of the desire to create a safer experience for young people.
Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in conversation.
Tripwire Configuration Manager allows for user created configuration and compliance management content via a new Policy Management capability. Custom user content can be used alongside existing cloud service provider and third-party SaaS policies, providing multiple new use cases for data gathering and expanding policy compliance support into new services. This blog will describe some of the features and use cases for the Policy Management capability.
BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide.
With two new U.S. State privacy laws, new Standard Contractual Clauses out of the EU, more GDPR-style laws passed around the globe, and record data protection fines, 2021 provided plenty of fodder for an end-of-year review.
As the competitive online gaming and eSports industries gain legitimacy by becoming more popular and attracting mainstream attention, the question of competitive integrity lingers in the back of my mind. Can the game’s developers, community, and users maintain and uphold competitive integrity? Or will they fold under the pressure of greed and complacency?
Water and wastewater treatment may not be at the top of most people’s list of discussion topics, but the more you think about it, the more clear it becomes that this particular subsegment of the utilities market is a vital part of our critical infrastructure. We rely on the ability to turn on the tap and get clean, safe water every day. And we’ve seen what havoc losing that ability can wreak from the crisis in Flint, MI.
