By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware. Edge Computing Edge Computing is a distributed computing... Read more →
49 posts categorized "Ransomware"
12 February 2021
Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 2)
Posted by (ISC)² Management on 12 February 2021 at 07:45 AM in Cloud Security, Cybersecurity Workforce, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
28 December 2020
Security Predictions for 2021 from the (ISC)² Community of Security Professionals (PART 1)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, and Richard Nealon, CISSP-ISSMP, CISSP, SSCP, SCF, CISM, CISA 2020 was a year of change. It changed the way that folks work and how they interact with each other. Wondering what 2021 might look like for information security professionals? This is the first in a series of posts where we will discuss what we believe 2021 may have in store for information security professionals. Some of the issues faced by security professionals in 2021/2022 will include (but are not limited to) the evolving landscape of privacy, and the ongoing necessity... Read more →
Posted by (ISC)² Management on 28 December 2020 at 08:00 AM in Cybersecurity Workforce, Insider Risk, Privacy, Ransomware | Permalink
|
Comments (0)
23 July 2020
RETHINKING SECURITY PREDICTIONS FOR 2020 FROM THE (ISC)² COMMUNITY OF SECURITY PROFESSIONALS
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe... Read more →
Posted by (ISC)² Management on 23 July 2020 at 12:02 PM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (0)
02 March 2020
Healthcare is the Preferred Target of Cyber Attackers
U.S. healthcare institutions are under constant attack from cybercriminals, and unless hospitals take concrete steps to protect themselves, the situation won’t get any better. In 2019, the healthcare industry was the number one target for cyber attackers, with the cost of breaches totaling $4 billion, according to a new report. 2020 Vision: A Review of Major IT & Cybersecurity Issues Affecting Healthcare, published by security intelligence firm CyberMDX, provides an in-depth look at the causes and types of cybersecurity threats affecting the industry, as well as recommendations for healthcare institutions to fortify their cyber defenses. Attacks on healthcare are prevalent,... Read more →
Posted by (ISC)² Management on 02 March 2020 at 08:30 AM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (1)
20 February 2020
UNDER ATT&CK: How MITRE’s methodology to find threats and embed counter-measures might work in your organization
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA... Read more →
Posted by (ISC)² Management on 20 February 2020 at 08:45 AM in Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
13 February 2020
Breaches Increased in 2019, but the Number of Exposed Records Declined
The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report. These statistics are a complete reversal of what happened in 2018, when the number of exposed consumer records soared by 126% and breaches declined by 23%, according to the Identity Theft Resource Center’s (ITRC) End-of-Year Data Breach Report for 2019 Data breaches tracked in 2019 in the United States jumped to 1,473, from 1,257 in the previous year, the report revealed. Meanwhile, 164,683,455 sensitive records were... Read more →
Posted by (ISC)² Management on 13 February 2020 at 08:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, Malware, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
11 February 2020
Ransomware and Your Business
By Diana Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP Ransomware is in the news lately with attacks on Norsk Hydro, multiple cities in Florida, Baltimore and Atlanta, not to mention the numerous hospitals that have been hit. These attacks have cost companies like Norsk an estimated $45 million due to lost revenues and the cost to restore and recover their IT department. The cost to the two cities in Florida is estimated to be $1.1 million and the tally continues to grow. Ransomware is short for ransom malware and has been around since the late 1980s, but is now gaining in popularity... Read more →
Posted by (ISC)² Management on 11 February 2020 at 08:45 AM in Ransomware | Permalink
|
Comments (1)
05 December 2019
Cyber Threats to Healthcare on the Rise
Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018.... Read more →
Posted by (ISC)² Management on 05 December 2019 at 09:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Workforce, Malware, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
23 October 2019
Filling the Need of Healthcare Cybersecurity Professionals Requires Collaboration
It is widely known within the cybersecurity field that there is a severe talent shortage. Organizations across all industries are facing major challenges in staffing their security teams to protect themselves from cyber threats. Healthcare, along with finance and retail, is one of the most commonly-targeted industries by cybercriminals. As the (ISC)2 Cybersecurity Workforce Study revealed, the deficit of cybersecurity professionals has reached critical levels, at nearly 3 million worldwide. According to the March 2018 McAfee Labs Threat Report, healthcare is the most targeted of any sector for cybersecurity attacks. Ransomware attacks, specifically in the healthcare sector, increased by 210... Read more →
Posted by (ISC)² Management on 23 October 2019 at 09:32 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, Privacy, Ransomware | Permalink
|
Comments (0)
13 August 2019
SSCP vs. CISSP Exams: How are they different?
You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the... Read more →
Posted by (ISC)² Management on 13 August 2019 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (6)
03 July 2018
Don't be a sitting duck in the next OT cyberattack
By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
26 January 2018
(ISC)² Secure Summit UK Insights: The Future Impact of AI in Cybercrime
(ISC)²’s two-day Secure Summits bring multi-subject sessions from hands on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community with regional events, the Summits offer a wealth of educational value, networking opportunities, and a community forum for like-minded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions... You’re the CEO of an international oil and gas company. Business risk and risk management planning is... Read more →
Posted by (ISC)² Management on 26 January 2018 at 04:00 AM in (ISC)² Events, Cybersecurity Training, Insider Risk, Malware, Ransomware | Permalink
|
Comments (0)
02 January 2018
Do You Feel What I Feel? Cybersecurity’s Impact of Humans and Machines
Organizations, individuals feel pain of breaches, critics silenced, and China outraged. As analysts and cybersecurity experts make predictions about the future of cyber and the advancements we can expect to see in artificial intelligence (AI), it’s worth taking a moment to think about the power of machines and their impact on human emotions. AI holds the promise that someday computers will possess emotional intelligence, but will computers ever really be able to mimic our natural human emotions? Everything from mere words, names, and numbers evokes strong feelings in people, and few names elicit the strong emotional response as that of... Read more →
Posted by (ISC)² Management on 02 January 2018 at 03:00 PM in Government , Malware, Ransomware | Permalink
|
Comments (1)
21 December 2017
Happy New (Security) Year!
By Lorna Trayan, Associate Partner Security at IBM Security Services As I realized that the year is almost over, I had a thought: wouldn’t it be great if we could get a crystal ball and see what the future holds for us? Although I would love to know about my personal life, it’s the cybersecurity world I’m referring to here! Alas, since that’s not possible, we will all have to settle on reading the reports coming out and talking about future “predictions” of the security realm. Predictions, even if sometimes don’t come exactly true, would still assist us in taking... Read more →
Posted by (ISC)² Management on 21 December 2017 at 04:30 AM in Cloud Security, Ransomware | Permalink
|
Comments (0)
10 November 2017
Weekly Security Headlines: Hearings, guidelines and news
New guidelines, increased government oversight, and mounting stress in cybersecurity With the 4th quarter underway, we are starting to see lots of predictions about what the cybersecurity industry can expect to see come 2018. Thinking about the future makes it easy to forget about what is happening right now, though. Let’s take a look back at the news that happened this week to remind us of where we are, before we focus too much on where we’re going. Arguably the biggest industry-wide news of the week was the Senate Commerce Committee hearing, “Protecting Consumers in the Era of Major Breaches.... Read more →
Posted by (ISC)² Management on 10 November 2017 at 02:10 PM in Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
27 October 2017
Security Headlines: Hopping Around
This week’s National Cybersecurity Awareness campaign focused on feeding the pipeline to narrow the skills gap in the cybersecurity workforce. While StaySafeOnline declared “The Internet Wants You: Consider a Career in Cybersecurity,” Ransomware hopped to the headlines. Rabbit on the run ‘Bad Rabbit’, the third global outbreak of the year with similarities to NotPetya, struck companies throughout Russia and Eastern Europe with file-encrypting malware. This strand of ransomware metaphorically knocks on the user’s door by way of a malicious pop-up offering a Flash update. Though the outbreak was first reported, it’s suspected that the group behind the attack has been... Read more →
Posted by (ISC)² Management on 27 October 2017 at 11:10 AM in Malware, Network Security, Ransomware | Permalink
|
Comments (0)
29 September 2017
Security Headlines: Congress Edition
Fresh from Austin, here are the top headlines from (ISC)2's 2017 Security Congress: Let's talk about risk, baby. That's the language c-level executives and board members want to hear from the security team. Keynote speaker and Deputy Assistant Director of the FBI, Donald Freese, spoke about a non-emotional approach to security. CSO Online quotes Dylan Thomas, who was probably talking about cybersecurity practitioners when he said "Do not go gently into that good night." Garfield loves lasagna and hates cyberbullying. Infosecurity Magazine was with us in Austin and spoke to the CISO of the state of Missouri, Michael Roling, CIO... Read more →
Posted by (ISC)² Management on 29 September 2017 at 04:59 PM in (ISC)² Events, Cybersecurity Certifications, Cybersecurity Training, Ransomware, Risk | Permalink
|
Comments (0)
01 September 2017
Security Headlines: Spying & Stealing
Spying, stealing, defacing. It’s been a busy week. These are the top security headlines for the week of August 28, 2017: The U.S. Navy says there’s no evidence of a cyber attack in the crash of the USS John S. McCain – but hypothetically, this is how it would work. Reuters reports cyber spies are using malware to target India and Pakistan – including decoy clickbait with Reuters reports. Yes, you read that right. Hurricane Harvey is a once in a 1,000 years disaster, but be careful before you donate. Scammers are registering domains to collect “donations” for bogus organizations.... Read more →
Posted by (ISC)² Management on 01 September 2017 at 11:14 AM in Ethics, Government , Malware, Ransomware | Permalink
|
Comments (0)
18 August 2017
Security Headlines: Pseudo-ransomware and security budgets
Pseudo-ransomware and struggling security budgets. Here are the top security headlines for the week of August 14, 2017: Who would have thought we would long for the days when ransomware was ransomware. Now it’s all too complicated. Bitcoin is going mainstream, but does that mean it’s a bad investment? In a case of the cobbler’s children have no shoes, data brokers seem to be lacking basic security. Raise the roof! It looks like cybersecurity might be hitting a ceiling when it comes to spending. No spoilers, but HBO has been hacked again and OurMine is taking over their social accounts.... Read more →
Posted by (ISC)² Management on 18 August 2017 at 10:41 AM in Ransomware | Permalink
|
Comments (0)
11 August 2017
Security Headlines: Payouts and Panic
WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds... Read more →
Posted by (ISC)² Management on 11 August 2017 at 11:28 AM in Government , Insider Risk, IT Security, Malware, Network Security, Operations Security, Ransomware | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (20)
- (ISC)² Events (124)
- Center for Cyber Safety and Education (50)
- Cloud Security (119)
- Cybersecurity Certifications (344)
- Cybersecurity Training (293)
- Cybersecurity Workforce (183)
- Digital Forensics (27)
- Ethics (49)
- Government (94)
- Insider Risk (54)
- IT Security (352)
- Legal (41)
- Malware (95)
- Network Security (157)
- Operations Security (125)
- Privacy (96)
- Ransomware (49)
- Risk (162)
- Software Development (41)
- Spotlight (65)