Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you are a fan of superhero movies like me, the assembling of the Avengers or Justice League at a pivotal moment to take on the villains is one exhilarating experience. That the collective strength, rather than individual brilliance, saves the day is a common them in most films of this genre. And the same can be applied to any organization that comes face to face with a major cybersecurity incident such as an enterprise-wide ransomware attack or a massive DDOS attack: the teams save the day.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 is a US federal law that requires all critical infrastructure entities to report any cybersecurity incidents or ransomware attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within a specified timeframe.

SOC 2 and ISO 27001 are compliance frameworks commonly required of organizations that house data or store sensitive information. Both standards focus on information security management, but they have some key differences in their approach and scope. Let’s take a closer look at the differences between SOC 2 and ISO 27001, and see if one or both are right for your organization.

Out of his 29 years of cloud and security experience, Mick has been with Robin for 6, leading their internal compliance operations and making sure that their customers’ data is secure. Robin needed to get SOC 2. They also wanted a way to answer security questionnaires faster. Continue on to see how Mick was able accomplish both.

As the world fitfully rebounds from the recent Covid-19 pandemic, both our personal and professional lives will be altered. A recent survey by Gartner revealed that 74% of CFOs and Finance leaders said they will move at least 5% of their previously on-site workforce to permanently remote positions post Covid-19. Organizations will evaluate rent costs, health risks, and productivity benefits in the new environment. Some office space will be released.

The term ransomware word perfectly captures the idea behind it, i.e. holding a computer system or software captive until a ransom is paid. Traditionally, attackers use ransomware to target individuals but things are different now.

The C-Suite and other senior executives are frequently the targets of cyberattacks. As the most visible members of an organization, executives have access to sensitive information, influence inside the organization and a public platform, making them valuable targets for cybercriminals. Organizations of all sizes need to actively reduce risk for senior management.

Currently, it is possible to offer managed detection and response services from a SOC that are implemented in different ways. All implementation alternatives have their advantages and disadvantages, which must be carefully evaluated before deciding to adopt one or another deployment model. The most common deployment models include.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. NameCheap last week, and it appears GoDaddy has discovered something too.