With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused $44 million in losses. It is crucial to employ defenses to protect against these attacks.

A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure. The offer comes from the US State Department which is understandably eager to disrupt the activities of hacking gangs linked to foreign governments who may have engaged in espionage, cryptocurrency theft, and other malicious activities.

Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 million to ransomware gangs in 2021.

I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite. “We don’t accept any risk. We’re risk-averse” said the CEO. But, is this achievable?

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though the controls have been developed with traditional data centers and process in mind, there is no reason they can’t be adapted to DevOps practices.

In the two years proceeding from the beginning of the COVID-19 pandemic, the business world has been transformed on a grand scale. Organizations have created more data than ever before, data is now spread across a wider attack surface, putting it at a heightened risk of becoming a compromised risk. The manner and location of data storage and correspondence has had to shift to meet the needs of remote and hybrid workers, with companies being forced to take a more rigorous approach to data security.

When most people speak of any city government, they often mention words like “Bureaucratic”,“Behind the times”, and “Slow.” This is especially true when considering cybersecurity initiatives. However, a small town in Texas is changing that view. Seguin, Texas, which was once the smallest Texas city to have a full-time cybersecurity employee, was the only government entity to be named in the CSO50 2022 Awards.

Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. French security researcher Maxime Ingrao described last week on Twitter how he had discovered the new malware, named “Autolycos”, and how it signs up users to premium services.

When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an organization’s statement of intent, principles and approaches to ensure effective management of cybersecurity risks in pursuit of its strategic objectives.”

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated.

In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but today, marketing is a lot more competitive than simply creating a post and hoping it goes viral.

Among the many challenges businesses contend with in the global marketplace today, the 11th Allianz Risk Barometer 2022 ranks cybersecurity threats as the most important business risk. This proves beyond any doubt that enterprises are experiencing increasing threats and full-on attacks to their information technology systems.

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the general gradual rise in cyber-attacks in the wake of the COVID-19 pandemic. Ransomware accounted for roughly 65.4% of global cyber incidents in 2021.

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex cloud and containerized environments.

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for most HR functions. But something is different in 2022. More people are leaving organisations quicker than they did previously.

DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop application security with fewer bottlenecks and setbacks. Some critical aspects of the DevSecOps approach and best practices can help organizations get started implementing this development strategy.

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have fully adopted NIST security standards.

Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. “Lockdown Mode” is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It’s an optional feature for users who believe their computers and smartphones face a real risk of being targeted by sophisticated state-sponsored spyware.

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of cyberattacks.

There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to calculate the cost of a breach based on those metrics. However, it would seem that these hard numbers are not detailed enough to placate many security professionals.

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).

The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They need results, and they expect them quickly. At a large university, the responsibility of a CISO is dizzying.

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as credentialed privacy lawyers. Privacy certifications can boost income streams and growth potential while increasing job stability and sustainability.