By Chris Green With cybersecurity policies and regulations developing at speed globally, the call for greater standardization and collaboration is necessary to ensure cybersecurity resilience and shared learning. The increasing frequency and severity of cyber-attacks have prompted governments and regulatory bodies worldwide to take collaborative action to better protect individuals and organizations from threats. This is among the findings of a new report from (ISC)2 and the Royal United Services Institute (RUSI) looking at the rapid evolution of global cybersecurity policy and legislation. The report, launched at an event held at the Houses of Parliament in London, examines cybersecurity legislation... Read more →
« March 2023 | Main | May 2023 »
Posts from April 2023
29 April 2023
RUSI and (ISC)2 Report: Rapid Evolution of Cybersecurity Policy Raises Need for Cross-Border Standardization
Posted by ISC2 Management on 29 April 2023 at 08:30 AM | Permalink
|
Comments (0)
28 April 2023
RSA Conference Day Four: Threat to Public Key Encryption From Quantum Computers Overstated
Quantum computers won’t put PKE in peril imminently, but its potential has altered the course of crypto development, says a panel of experts including Whitfield Diffie, Adi Shamir, Radia Perlman, Anne Dames, and Clifford Cocks. By John E. Dunn General quantum computers don’t yet exist as usable tools and yet the mere possibility that they will in future is already transforming how people understand encryption security, a panel of some of the world’s best-known cryptographers has agreed during a session at the RSA Conference in San Francisco. The panel included famous cryptographers Adi Shamir (RSA co-inventor), Whitfield Diffie (of Diffie-Hellman... Read more →
Posted by ISC2 Management on 28 April 2023 at 09:30 AM in ISC2 Events | Permalink
|
Comments (0)
LATEST CYBERTHREATS AND ADVISORIES - APRIL 28, 2023
CISA ramps up security for the 2024 presidential election, climate change could amplify cyberthreats and breaches hit the American Bar Association and Yellow Pages Canada. Here are the latest threats and advisories for the week of April 28, 2023. By John Weiler Threat Advisories and Alerts NCSC, FBI and Other Security Agencies Publish Smart City Guidance As smart city initiatives become more popular, The U.K. National Cyber Security Centre (NCSC), the U.S. Federal Bureau of Investigation (FBI) and other international security agencies have published a Cybersecurity Best Practices for Smart Cities guide. It emphasizes that while smart cities may be... Read more →
Posted by ISC2 Management on 28 April 2023 at 07:00 AM | Permalink
|
Comments (0)
27 April 2023
RSA Conference Day Three: U.S. Ambassador Tells RSA Conference “We’re In A Deterrence Hole” On Cyberwar
Nathaniel Fick issues stark warning during discussion on cyber diplomacy. By: Joe Fay The U.S. and its allies are in a “deterrence” hole when it comes to cyber adversaries, the U.S. ambassador at large for cyberspace and digital policy told an audience at the RSA Conference in San Francisco. Nathaniel Fick was speaking on a panel considering “The Role of Partnerships in Advancing Cyber Diplomacy”, which inevitably focused on the results of a breakdown in conventional diplomacy in the shape of the war in Ukraine. Fick said that 20 years of diplomacy had resulted in the United Nations’ (U.N.) “norms”... Read more →
Posted by ISC2 Management on 27 April 2023 at 02:00 PM in ISC2 Events | Permalink
|
Comments (0)
26 April 2023
RSA Conference Day Two: Democracy Needs Urgent Rethink to Cope with Technology Like AI, Argues Bruce Schneier
Technology has amplified disinformation, polarization and zero-sum politics, Bruce Schneier told RSA conference goers. Addressing this will require new thinking on the nature of democracy. By John E. Dunn The technologies of the 21st Century are being used to “hack” democracy and the system needs to change rapidly if it is to survive this onslaught, Bruce Schneier has told delegates at San Francisco’s RSA Conference. Schneier painted a dystopian picture of the current relationship between technology and democracy in countries such as the U.S. Disinformation was often as or more powerful than information. Knowingly or not, powerful tech platforms exploit... Read more →
Posted by ISC2 Management on 26 April 2023 at 12:14 PM in ISC2 Events | Permalink
|
Comments (0)
25 April 2023
RSA Conference Day One: Disruption Key to Keeping Bad Actors At Bay
Day One of the RSA Conference opened with keynotes diagnosing a security identity crisis, while offering AI, platforms, and big dose of disruption as the cure for what ails the cybersecurity world. By Joe Fay The 2023 RSA Conference kicked off in San Francisco this week, with human delegates being confronted with speaker after speaker declaring that AI is taking over much of their jobs. Opening the conference, RSA CEO Rohit Ghai said that over the years, the core purpose of security platforms has evolved, but “in the AI era, it is security first, followed by convenience and compliance.” “AI... Read more →
Posted by ISC2 Management on 25 April 2023 at 01:37 PM in Government , IT Security, Malware, Network Security, Risk | Permalink
|
Comments (0)
Cybersecurity Industry News Review - April 25, 2023
Europe’s Air Traffic Control (ATC) agency under DDoS attack. Eavesdropping police in the U.K. spared massive fine. Numbers emerge after NCR ransomware attack. Hackers hit gold in secondhand routers. By Joe Fay “Pro-Russian” Hackers Dive Bomb European Air Traffic Control Agency Europe’s air traffic control agency, Eurocontrol, has been fighting off a cyberattack by pro-Russian hackers since April 19. The attack appears to have been a DDoS targeting the agency’s website. Pro-Russian group Killnet claimed to have launched a “100 hour” marathon against Eurocontrol. The agency declined to detail the nature of the attack but said its safety operations had... Read more →
Posted by ISC2 Management on 25 April 2023 at 06:00 AM in Government , IT Security, Malware, Network Security, Ransomware, Risk | Permalink
|
Comments (0)
24 April 2023
UK’s Mobile Emergency Alert Test Started Early for Some, Never for Others
The first public test of the U.K. Mobile Emergency Alert System took place on Sunday, encountering issues including complaints from various stakeholder groups, an early start and widespread reports of people not getting the alert at all. By Joe Fay The U.K. government ran its first country-wide mobile phone emergency alert test on Sunday, surprising large numbers of U.K. mobile users with early alerts but leaving customers of one major operator in the dark entirely. The system, very similar to what is used in the U.S., is designed to warn residents of “danger to life nearby”, such as severe flooding,... Read more →
Posted by ISC2 Management on 24 April 2023 at 10:44 AM in Government | Permalink
|
Comments (0)
21 April 2023
CYBERUK Day 2: AI Developments Could Democratize Advanced Cyber-Capabilities, Says Security Minister
Nation state attacks, the rapid evolution of cybersecurity attacks and the technology behind them pose a sustained risk to the U.K. and its allies unless new defensive capabilities are brought to the fore. By John E. Dunn The U.K. must rapidly develop cybersecurity capabilities if it is to hold back cybercriminals energized by nation state programs, new business models in ransomware, and the rapid evolution of artificial general intelligence (AGI), minister of state for security Tom Tugendhat, MP told the CYBERUK conference in Belfast. Opening the second day of the National Cyber Security Centre (NCSC) annual industry conference, Tugendhat painted... Read more →
Posted by ISC2 Management on 21 April 2023 at 12:00 PM in Cybersecurity Workforce, Government | Permalink
|
Comments (0)
LATEST CYBERTHREATS AND ADVISORIES - APRIL 21, 2023
By John Weiler Australia’s deepening cybercrime crisis, an alarming surge in ransomware attacks and a multi-agency warning to organizations about their network infrastructure. Here are the stories that rocked the cybersecurity world the week of April 21, 2023. Threat Advisories and Alerts Russian State-Sponsored Actors Exploit Cisco Routers The U.K. National Cyber Security Centre (NCSC), the U.S. National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning for the malware "Jaguar Tooth." The custom malware is reportedly being used by Russian state-sponsored APT28 actors to compromise... Read more →
Posted by ISC2 Management on 21 April 2023 at 08:00 AM in Ransomware | Permalink
|
Comments (0)
20 April 2023
Maximizing the Advantages of Multicloud
Rain or shine, the cloud is here to stay. As today's digital-native generation fills more roles in the workforce, technology adoption is rising to meet them. Just when we thought our lives couldn’t be more deeply entwined with tech, the pandemic brought a whole new level of digitization. Cloud is now the standard Operating in the cloud is a mainstay for modern organizations. A majority (93%) use cloud services, and more than half (67%) of enterprise infrastructure is cloud-based. What’s more, nearly half of all organizations store their critical data in the cloud, favoring offsite, redundant, reliable storage to old-school... Read more →
Posted by ISC2 Management on 20 April 2023 at 07:00 AM | Permalink
|
Comments (0)
CYBERUK Day 1: UK Government Calls Out Russian Groups Probing Critical National Infrastructure, (ISC)2 Invites Industry Collaboration to Address Skills Gap
By: John E. Dunn Russian cybercriminals with little sense of restraint are probing the U.K.’s critical infrastructure (CNI) for future large-scale cyberattacks, the government has warned. In a keynote address on the first day of the CYBERUK conference in Belfast, U.K. Cabinet Office Secretary of State Oliver Dowden laid out the scale of the threat posed principally by four countries - Russia, China, Iran and North Korea. While general warnings about nation states are nothing new, Dowden stressed that the conflict in Ukraine had transformed the risk level from largely theoretical to something which could at any moment be activated... Read more →
Posted by ISC2 Management on 20 April 2023 at 02:00 AM | Permalink
|
Comments (0)
19 April 2023
Western Security Agencies Offer Software Devs Guidance on Security ‘by Design’
CISA, NSA, NCSC, the rest of the Five Eyes nations, Germany and Holland look to spark an ‘international conversation’ in unprecedented collaboration to improve proactive security-centric development. By Joe Fay The U.S. Cybersecurity and Infrastructure Security Agency (CISA), U.K. National Cyber Security Centre (NCSC) and a raft of other national security agencies have issued a “guide” to help software and technology vendors build products that are “secure by design”. The NCSC said the aim of the document - Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default – was to encourage developers to embed secure-by-design and... Read more →
Posted by ISC2 Management on 19 April 2023 at 08:00 AM in Government | Permalink
|
Comments (0)
18 April 2023
CYBERSECURITY INDUSTRY NEWS REVIEW - APRIL 18, 2023
OpenAI implements a new bug bounty program to tighten up security within ChatGPT, Google opens up over security metadata, Gartner advises – think of the humans – and are you using protection when you charge over USB? Someone is! By Joe Fay Google Opens Up About Dependency Issues Google has served up a treasure trove of security metadata spanning over 50 million open source package versions. The deps.dev API spans dependencies, licenses, advisories and other critical health and security signals, Google said, and is used by its own teams to secure its products. Opening it up will give the broader... Read more →
Posted by ISC2 Management on 18 April 2023 at 02:00 PM | Permalink
|
Comments (0)
Remote Work and Opportunities for Neurodivergent Workers in Cybersecurity
Around the world, April is recognized as Autism Acceptance Month, a time to promote awareness and acceptance of Autism Spectrum Disorder (ASD). A developmental disorder, ASD impacts how people communicate, learn, behave, and interact with others. At (ISC)2, we celebrate April as Autism and Neurodiversity Acceptance Month to recognize all those who are neurodiverse, a term used to describe autism and other alternative thinking styles such as Dyslexia, DCD (Dyspraxia), Dyscalculia, and ADHD. Neurodivergent people often have difficulty securing employment, not because they are unqualified but because they find traditional working environments challenging to navigate. In the U.S., a mere... Read more →
Posted by ISC2 Management on 18 April 2023 at 06:00 AM | Permalink
|
Comments (1)
17 April 2023
Certified in Cybersecurity Earns ANAB Accreditation
The newest certification from (ISC)², Certified in Cybersecurity, has earned accreditation by the ANSI National Accreditation Board – known as ANAB – for meeting ANSI/ISO/IEC Standard 17024. It’s a notable milestone that lends further recognition to the certification, which was introduced last September for entry-level cybersecurity practitioners. The accreditation increases the value of the Certified in Cybersecurity for current and future holders, who now have further assurances that the certification meets the same rigorous standards as all other (ISC)² certifications. (ISC)² was the first cybersecurity certifying body to meet the requirements of ANSI/ISO/IEC Standard 17024, which is a global benchmark... Read more →
Posted by ISC2 Management on 17 April 2023 at 01:00 PM | Permalink
|
Comments (0)
Healthcare is one of the most targeted industries for cyberattacks due to the large amount of sensitive data it manages
Medical records and personal identifying information have high value on the black market. Criminals know this, and, as a result, healthcare has seen an alarming increase in cyberattacks in recent years. Ransomware attacks, where hackers encrypt hospital systems and demand payment to restore access, are a common type of cyberattack on healthcare organizations. According to research published in JAMA Health Forum, the annual number of ransomware attacks against healthcare entities more than doubled to 91 reported cases in 2021 from 43 cases in 2016. The stakes to regain access from ransomware attacks are alarmingly high — it’s not just data... Read more →
Posted by ISC2 Management on 17 April 2023 at 07:00 AM in Cybersecurity Training | Permalink
|
Comments (0)
14 April 2023
SEC Cybersecurity Proposals Survey Exposes Need for Board-Level Cyber Skills
Respondents highlight the need for appointing and developing more board-level cybersecurity expertise, while some are concerned that disclosure regulations unintentionally risk helping criminals alongside improving investor transparency. By Joe Fay U.S. Securities and Exchange Commission (SEC) proposals to boost cybersecurity reporting requirements for publicly traded firms have not resonated with (ISC)² members in a survey, with over half unaware of the proposals and a fifth suggesting they could benefit threat actors inadvertently through providing investors with enhanced disclosure. In 2022, the SEC proposed new rules on cybersecurity that impact publicly traded companies, with standards for disclosures around cyber security risk... Read more →
Posted by ISC2 Management on 14 April 2023 at 02:00 PM in Government , IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
LATEST CYBERTHREATS AND ADVISORIES - APRIL 14, 2023
Companies target sextortion victims, Google Play malware is hawked on dark marketplaces and zero-click spyware infects iPhones. Here are the latest threats and advisories for the week of April 14, 2023. By John Weiler Threat Advisories and Alerts Predatory Companies Target Sextortion Victims The U.S. Federal Bureau of Investigation (FBI) has issued a warning that for-profit companies are exploiting sextortion victims, charging them exorbitant fees for their services. The companies coerce victims into buying goods and services using threats, false claims and manipulation—taking advantage of their feelings of shame and desperation. Non-profit agencies and law enforcement provide sextortion victims support... Read more →
Posted by ISC2 Management on 14 April 2023 at 07:00 AM | Permalink
|
Comments (0)
13 April 2023
(ISC)² Security Congress in Nashville – See Y’all There!
We are less than 200 days away from the 2023 (ISC)² Security Congress conference. Our team is hard at work reviewing the presentations many of you submitted for breakout sessions this year. This year’s event will feature more than 100 educational sessions, compelling keynotes and peer-to-peer knowledge exchanges over two and a half days. Stay tuned for keynote announcements, as well as the full conference agenda, which will be released this summer. The theme for this year is Lead with Confidence and the following tracks will be featured: Governance, Risk and Compliance Cyber Leadership Cloud Security Security Operations Software Security... Read more →
Posted by ISC2 Management on 13 April 2023 at 08:05 AM in ISC2 Events | Permalink
|
Comments (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)