Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods. Instead of relaunching the same tried-and-true attacks that have generated their handsome profits, ransomware groups are using the money to invest in R&D, an approach resembling series A financing rounds. As reported by SC Magazine, larger ransomware groups are becoming more professionalized, even holding conferences, hiring web design teams and placing want ads to build their businesses. “Ransomware, like any business, is a complex economy,” SC Magazine reported.... Read more →
17 September 2021
Ransomware Groups Reinvest Capital to Improve Attack Methods
Posted by (ISC)² Management on 17 September 2021 at 08:00 AM in Ransomware | Permalink
|
Comments (0)
16 September 2021
Is There Really a Shortage in Cloud Security Skills?
Is there a cloud security skills shortage? It depends on who you ask. Prior to the pandemic, the world was immersed in cloud technology – everyone, it seemed, had a migration strategy. Then the global lockdown happened. We collectively added a layer of priority to the cloud as tens of millions of people started to rely on it for work and communications in ways we hadn’t before. Cloud is a highly complex and continually evolving set of technologies and protocols. Finding team members with the right background is a challenge, making it seem like there’s a substantial shortage of skilled... Read more →
Posted by (ISC)² Management on 16 September 2021 at 08:00 AM in Cloud Security | Permalink
|
Comments (0)
15 September 2021
CISSP - Tales of the Unexpected
We have all heard the old adage how big surprises can come in small packages. If you are a candidate who is studying for the CISSP exam, or if you are in the early stages of considering studying for the exam, you may be surprised that at all the opportunities that are available from a single certification. However, when taken in context with the benefits of the CISSP credential, very few other certifications carry the same respect and career-boosting potential as the CISSP. It is understandable why one might hesitate at reaching for what is often referred to as the... Read more →
Posted by (ISC)² Management on 15 September 2021 at 08:00 AM in Cybersecurity Certifications | Permalink
|
Comments (0)
14 September 2021
National Small Business Week: 10 Best Practices for Small Business Cybersecurity
A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. This does not bode well for their longevity, as other industry data shows that 60% of small businesses that suffer a data breach will be out of business within six months. The high cost of remediation and the potential for reputational damage can be more than most small businesses can withstand. Many times, the... Read more →
Posted by (ISC)² Management on 14 September 2021 at 03:00 PM in Cloud Security, Cybersecurity Training, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (0)
Poll: Cyber Pros Say White House Cybersecurity Summit Is a Step in the Right Direction
The Biden Administration held a summit on August 25 with technology, finance, energy and education leaders to discuss ways to bolster cybersecurity, both for individual companies and the nation as a whole. Companies represented included some of technology’s biggest names such as Apple, Amazon, Google, IBM and Microsoft. Some organizations announced commitments to improve security controls and practices across the supply chain and to invest in education. Apple committed to working with suppliers to drive the adoption of measures such as multifactor authentication and event logging. Google plans to invest $10 billion on zero-trust programs, software supply chain security and... Read more →
Posted by (ISC)² Management on 14 September 2021 at 08:00 AM in Government | Permalink
|
Comments (0)
13 September 2021
What is the impact of software supply chain security challenges?
Digital innovation creates competitive advantage and value for every type of business. Three things are common among corporate software engineering teams: They seek faster innovation They seek improved security They utilize a massive volume of open source libraries Faster innovation does not mean that developers need to reinvent the wheel. Instead, faster innovation demands efficient reuse of code, which has led to a growing dependence on open source and third-party software libraries. Developers are using artifacts into public software repositories (npm, Maven Central, PyPI, NuGet Gallery, RubyGems, etc.) as reusable building blocks. This is the definition of the modern software... Read more →
Posted by (ISC)² Management on 13 September 2021 at 08:00 AM in Network Security, Software Development | Permalink
|
Comments (0)
10 September 2021
Are You the Keymaster?
By Juan Asenjo, Ph.D., CISSP If you grew up in the 80s, you will remember the line: “Are you the keymaster?” from the original Ghostbusters movie. In the film, a malevolent force takes hold of Louis Tully - played by none other than Rick Moranis - to turn him into the keymaster that enables evil spirits to overtake numerous sites in New York. Fast-forward to the real world in 2021, and while we have not seen ghosts overrun our cities, what we have seen is a rapid proliferation of bad actors trying to besiege the defenses of virtual machines (VMs)... Read more →
Posted by (ISC)² Management on 10 September 2021 at 08:00 AM in Cloud Security, Network Security | Permalink
|
Comments (0)
09 September 2021
Mastering Identity and Access Management in the Cloud
The migration of business services, apps and data in the cloud has blurred traditional corporate perimeter. Legacy security solutions, based on securing the perimeter, are no longer adequate to address cloud security challenges and risks. Businesses need to evolve their traditional identity and access management (IAM) program to safeguard the access to their cloud-based assets and data. Digital identities are the foundation of modern IAM and organizations need to establish strong authentication methods to protect these identities. Weak IAM policies result in identities and credentials being vulnerable and compromised. Attackers are leveraging these stolen and compromised credentials to infiltrate corporate... Read more →
Posted by (ISC)² Management on 09 September 2021 at 08:00 AM in Cloud Security, Cybersecurity Certifications | Permalink
|
Comments (0)
08 September 2021
Want a Cybersecurity Job? Keep Up with Industry Developments
Hardly a day goes by without some sort of cybersecurity news. Often, it’s bad news – an organization somewhere has been breached and the information of thousands of users has been compromised. For those who work in cybersecurity, keeping current on cybersecurity news and developments is essential. You can learn something from each new threat and attack. Threat intelligence is collected and disseminated continuously to help cybersecurity teams manage risk and prepare incident response strategies. If you’re trying to break into the industry, the requirement to stay up to date on cybersecurity developments starts now. You need to be aware... Read more →
Posted by (ISC)² Management on 08 September 2021 at 02:00 PM | Permalink
|
Comments (0)
CISSPs from Around the Globe: An Interview with James Wright
The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. In our last interview, we met Jason Lau. In this installment, we meet James Wright. He is a cybersecurity technologist with The Walt Disney Company. He is... Read more →
Posted by (ISC)² Management on 08 September 2021 at 08:00 AM in Cybersecurity Certifications, Spotlight | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (16)
- (ISC)² Events (105)
- Center for Cyber Safety and Education (45)
- Cloud Security (98)
- Cybersecurity Certifications (299)
- Cybersecurity Training (277)
- Cybersecurity Workforce (153)
- Digital Forensics (27)
- Ethics (48)
- Government (86)
- Insider Risk (52)
- IT Security (348)
- Legal (41)
- Malware (95)
- Network Security (152)
- Operations Security (117)
- Privacy (93)
- Ransomware (42)
- Risk (157)
- Software Development (40)
- Spotlight (56)