As a security practitioner, perhaps you have found yourself in meetings about Risk Management. Or, perhaps, you are part of the incident response team, where you are responsible for everything from preparation, through post-incident reporting. The common thread that runs through risk management and incident response are the “what if this happens” scenarios. Whatever your involvement in these preparatory exercises, the overarching concern of all involved is: When will the business be up and running normally again? When confronted with such dire circumstances, the realization of the need for Business Continuity and Disaster Recovery becomes as important as the business... Read more →
53 posts categorized "Ransomware"
21 June 2021
Business Continuity – The Light in a Time of Darkness
Posted by (ISC)² Management on 21 June 2021 at 08:00 AM in Cybersecurity Certifications, Ransomware | Permalink
|
Comments (0)
22 April 2021
Cyber Threats: The Financial System’s Top Risk
With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. “But the world changes, the world evolves, and the risks change as well. The risk we keep our eyes on the most is cyber risk.” If... Read more →
Posted by (ISC)² Management on 22 April 2021 at 07:30 AM in Cybersecurity Training, Cybersecurity Workforce, Malware, Ransomware, Risk | Permalink
|
Comments (0)
15 April 2021
IBM X-Force: Ransomware Was the Preferred Attack Method in 2020
In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access. Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up... Read more →
Posted by (ISC)² Management on 15 April 2021 at 03:50 PM in Ransomware | Permalink
|
Comments (0)
30 March 2021
FBI: Cybercrime Shot Up in 2020 Amidst Pandemic
In 2020, as the world grappled with a fast-spreading global pandemic, the FBI received more than 2,000 complaints each day, totaling 791,790 for the year. This represents a 69% increase from the previous year and a total of U.S. $4.2 billion in losses, according to data collected by the FBI’s The Internet Complaint Center (IC3). Cybercriminals employed all manner of schemes to target businesses and individuals, including phishing, spoofing and tech support fraud, the FBI reported. The costliest cybercrimes were against businesses, involving Business E-mail Compromise (BEC) schemes that added up to U.S. $1.8 billion in losses from 19,369 reported... Read more →
Posted by (ISC)² Management on 30 March 2021 at 09:44 AM in Digital Forensics, Government , Ransomware | Permalink
|
Comments (1)
12 February 2021
Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 2)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware. Edge Computing Edge Computing is a distributed computing... Read more →
Posted by (ISC)² Management on 12 February 2021 at 07:45 AM in Cloud Security, Cybersecurity Workforce, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
28 December 2020
Security Predictions for 2021 from the (ISC)² Community of Security Professionals (PART 1)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, and Richard Nealon, CISSP-ISSMP, CISSP, SSCP, SCF, CISM, CISA 2020 was a year of change. It changed the way that folks work and how they interact with each other. Wondering what 2021 might look like for information security professionals? This is the first in a series of posts where we will discuss what we believe 2021 may have in store for information security professionals. Some of the issues faced by security professionals in 2021/2022 will include (but are not limited to) the evolving landscape of privacy, and the ongoing necessity... Read more →
Posted by (ISC)² Management on 28 December 2020 at 08:00 AM in Cybersecurity Workforce, Insider Risk, Privacy, Ransomware | Permalink
|
Comments (0)
23 July 2020
RETHINKING SECURITY PREDICTIONS FOR 2020 FROM THE (ISC)² COMMUNITY OF SECURITY PROFESSIONALS
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe... Read more →
Posted by (ISC)² Management on 23 July 2020 at 12:02 PM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (0)
02 March 2020
Healthcare is the Preferred Target of Cyber Attackers
U.S. healthcare institutions are under constant attack from cybercriminals, and unless hospitals take concrete steps to protect themselves, the situation won’t get any better. In 2019, the healthcare industry was the number one target for cyber attackers, with the cost of breaches totaling $4 billion, according to a new report. 2020 Vision: A Review of Major IT & Cybersecurity Issues Affecting Healthcare, published by security intelligence firm CyberMDX, provides an in-depth look at the causes and types of cybersecurity threats affecting the industry, as well as recommendations for healthcare institutions to fortify their cyber defenses. Attacks on healthcare are prevalent,... Read more →
Posted by (ISC)² Management on 02 March 2020 at 08:30 AM in Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (1)
20 February 2020
UNDER ATT&CK: How MITRE’s methodology to find threats and embed counter-measures might work in your organization
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA... Read more →
Posted by (ISC)² Management on 20 February 2020 at 08:45 AM in Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
13 February 2020
Breaches Increased in 2019, but the Number of Exposed Records Declined
The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report. These statistics are a complete reversal of what happened in 2018, when the number of exposed consumer records soared by 126% and breaches declined by 23%, according to the Identity Theft Resource Center’s (ITRC) End-of-Year Data Breach Report for 2019 Data breaches tracked in 2019 in the United States jumped to 1,473, from 1,257 in the previous year, the report revealed. Meanwhile, 164,683,455 sensitive records were... Read more →
Posted by (ISC)² Management on 13 February 2020 at 08:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, Malware, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
11 February 2020
Ransomware and Your Business
By Diana Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP Ransomware is in the news lately with attacks on Norsk Hydro, multiple cities in Florida, Baltimore and Atlanta, not to mention the numerous hospitals that have been hit. These attacks have cost companies like Norsk an estimated $45 million due to lost revenues and the cost to restore and recover their IT department. The cost to the two cities in Florida is estimated to be $1.1 million and the tally continues to grow. Ransomware is short for ransom malware and has been around since the late 1980s, but is now gaining in popularity... Read more →
Posted by (ISC)² Management on 11 February 2020 at 08:45 AM in Ransomware | Permalink
|
Comments (1)
05 December 2019
Cyber Threats to Healthcare on the Rise
Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018.... Read more →
Posted by (ISC)² Management on 05 December 2019 at 09:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Workforce, Malware, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
23 October 2019
Filling the Need of Healthcare Cybersecurity Professionals Requires Collaboration
It is widely known within the cybersecurity field that there is a severe talent shortage. Organizations across all industries are facing major challenges in staffing their security teams to protect themselves from cyber threats. Healthcare, along with finance and retail, is one of the most commonly-targeted industries by cybercriminals. As the (ISC)2 Cybersecurity Workforce Study revealed, the deficit of cybersecurity professionals has reached critical levels, at nearly 3 million worldwide. According to the March 2018 McAfee Labs Threat Report, healthcare is the most targeted of any sector for cybersecurity attacks. Ransomware attacks, specifically in the healthcare sector, increased by 210... Read more →
Posted by (ISC)² Management on 23 October 2019 at 09:32 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, Privacy, Ransomware | Permalink
|
Comments (0)
13 August 2019
SSCP vs. CISSP Exams: How are they different?
You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the... Read more →
Posted by (ISC)² Management on 13 August 2019 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (6)
03 July 2018
Don't be a sitting duck in the next OT cyberattack
By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
26 January 2018
(ISC)² Secure Summit UK Insights: The Future Impact of AI in Cybercrime
(ISC)²’s two-day Secure Summits bring multi-subject sessions from hands on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community with regional events, the Summits offer a wealth of educational value, networking opportunities, and a community forum for like-minded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions... You’re the CEO of an international oil and gas company. Business risk and risk management planning is... Read more →
Posted by (ISC)² Management on 26 January 2018 at 04:00 AM in (ISC)² Events, Cybersecurity Training, Insider Risk, Malware, Ransomware | Permalink
|
Comments (0)
02 January 2018
Do You Feel What I Feel? Cybersecurity’s Impact of Humans and Machines
Organizations, individuals feel pain of breaches, critics silenced, and China outraged. As analysts and cybersecurity experts make predictions about the future of cyber and the advancements we can expect to see in artificial intelligence (AI), it’s worth taking a moment to think about the power of machines and their impact on human emotions. AI holds the promise that someday computers will possess emotional intelligence, but will computers ever really be able to mimic our natural human emotions? Everything from mere words, names, and numbers evokes strong feelings in people, and few names elicit the strong emotional response as that of... Read more →
Posted by (ISC)² Management on 02 January 2018 at 03:00 PM in Government , Malware, Ransomware | Permalink
|
Comments (1)
21 December 2017
Happy New (Security) Year!
By Lorna Trayan, Associate Partner Security at IBM Security Services As I realized that the year is almost over, I had a thought: wouldn’t it be great if we could get a crystal ball and see what the future holds for us? Although I would love to know about my personal life, it’s the cybersecurity world I’m referring to here! Alas, since that’s not possible, we will all have to settle on reading the reports coming out and talking about future “predictions” of the security realm. Predictions, even if sometimes don’t come exactly true, would still assist us in taking... Read more →
Posted by (ISC)² Management on 21 December 2017 at 04:30 AM in Cloud Security, Ransomware | Permalink
|
Comments (0)
10 November 2017
Weekly Security Headlines: Hearings, guidelines and news
New guidelines, increased government oversight, and mounting stress in cybersecurity With the 4th quarter underway, we are starting to see lots of predictions about what the cybersecurity industry can expect to see come 2018. Thinking about the future makes it easy to forget about what is happening right now, though. Let’s take a look back at the news that happened this week to remind us of where we are, before we focus too much on where we’re going. Arguably the biggest industry-wide news of the week was the Senate Commerce Committee hearing, “Protecting Consumers in the Era of Major Breaches.... Read more →
Posted by (ISC)² Management on 10 November 2017 at 02:10 PM in Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
27 October 2017
Security Headlines: Hopping Around
This week’s National Cybersecurity Awareness campaign focused on feeding the pipeline to narrow the skills gap in the cybersecurity workforce. While StaySafeOnline declared “The Internet Wants You: Consider a Career in Cybersecurity,” Ransomware hopped to the headlines. Rabbit on the run ‘Bad Rabbit’, the third global outbreak of the year with similarities to NotPetya, struck companies throughout Russia and Eastern Europe with file-encrypting malware. This strand of ransomware metaphorically knocks on the user’s door by way of a malicious pop-up offering a Flash update. Though the outbreak was first reported, it’s suspected that the group behind the attack has been... Read more →
Posted by (ISC)² Management on 27 October 2017 at 11:10 AM in Malware, Network Security, Ransomware | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (21)
- (ISC)² Events (140)
- Center for Cyber Safety and Education (50)
- Cloud Security (120)
- Cybersecurity Certifications (357)
- Cybersecurity Training (298)
- Cybersecurity Workforce (208)
- Digital Forensics (27)
- Ethics (49)
- Government (101)
- Insider Risk (54)
- IT Security (356)
- Legal (41)
- Malware (96)
- Network Security (160)
- Operations Security (130)
- Privacy (96)
- Ransomware (53)
- Risk (168)
- Software Development (43)
- Spotlight (66)