At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX.

By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new cloud native offerings. We’ll use the analogies of Lincoln Logs and Legos to describe these deployment models.

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at one of its partners, Canon Business Process Services.

Whether you are reading this from somewhere in the United States or overseas, chances are you are doing it from the comfort of your home. Not because you chose to but because you were asked to do so in order to prevent Coronavirus disease 2019 (COVID-19) from spreading any further. If you are a parent, working remotely with your kids at home, you are probably facing additional challenges.

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom’s national fraud reporting center collected 38 reports alone. Those 105 reports represented a collective total of £970,000 in losses.

In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to make sure they hold onto their existing workforce. That’s easier said than done. Cybersecurity Ventures forecasted that a total of 3.5 million infosec-positions will be unfilled in 2021.

A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking. Countless websites were hijacked, and injected with cryptocurrency-mining code designed to exploit the resources of visiting computers. Victims included the likes of the LA Times, and political fact-checking website Politifact.

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused because applying patches is one of the many tools that’s available in our arsenal for mitigating cyber risks.

We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when these systems fail. How much effort are we putting into planning and maintaining our security solutions to ensure they’re available when issues occur?

There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to the business. This allows CISOs and other similar titles with leadership responsibilities to have a larger budget for people, process improvements, and supporting technologies.