By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware. Edge Computing Edge Computing is a distributed computing... Read more →
171 posts categorized "Risk"
12 February 2021
Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 2)
Posted by (ISC)² Management on 12 February 2021 at 07:45 AM in Cloud Security, Cybersecurity Workforce, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
01 February 2021
Remote Work During the Pandemic: What We Got Wrong
By Stephen Fried, CISSP As COVID-19 began to spread rapidly across the globe in 2020, many organizations moved their employees off company premises and enabled large "work from home" efforts. Nobody knew how long this would last, but we assumed we could work remotely for a few months until this thing worked itself out, then return to the office and get back to "normal." We were very wrong. We weren’t just wrong about the length of the crisis; we were wrong about how our employees defined “home.” What we didn’t anticipate is that the pandemic would force companies to rethink... Read more →
Posted by (ISC)² Management on 01 February 2021 at 08:30 AM in IT Security, Network Security, Privacy, Risk | Permalink
|
Comments (1)
29 May 2020
Study: Pandemic Boosts Cybersecurity Demand
Demand is up for cybersecurity solutions and services as businesses try to cope with the effects of the COVID-19 pandemic. In a survey of technology firms, industry association CompTIA found that customer inquiries regarding cybersecurity were up by 36% in April -- second only to inquiries about communications, collaboration and A/V technologies. The increased demand for cybersecurity and collaboration technologies makes sense in light of the sudden increase in work-from-home (WFH) numbers. The ranks of remote workers shot up as a result of stay-at-home and lockdown directives issued by governments in efforts to manage the spread of COVID-19. Recent (ISC)2... Read more →
Posted by (ISC)² Management on 29 May 2020 at 08:00 AM in Cybersecurity Workforce, Government , Malware, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
06 April 2020
Cyber Threats Are Spiking as Remote Worker Ranks Soar
The number of people working from home is skyrocketing as the COVID-19 pandemic forces companies to close offices and practice social distancing. The sudden explosion of makeshift home office environments is adding to the burden of already overtaxed cybersecurity workers, who now face the massive task of trying to protect a remote workforce against cyber threats. While cybersecurity professionals put in extra hours to handle the situation, the increasing ranks of remote workers are catching the attention of another group – cyber attackers. Cyber criminals are betting that many of these hastily outfitted work-from-home environments will not have the same... Read more →
Posted by (ISC)² Management on 06 April 2020 at 07:55 AM in Cybersecurity Workforce, Malware, Network Security, Privacy, Risk | Permalink
|
Comments (0)
20 February 2020
UNDER ATT&CK: How MITRE’s methodology to find threats and embed counter-measures might work in your organization
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA... Read more →
Posted by (ISC)² Management on 20 February 2020 at 08:45 AM in Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
13 February 2020
Breaches Increased in 2019, but the Number of Exposed Records Declined
The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report. These statistics are a complete reversal of what happened in 2018, when the number of exposed consumer records soared by 126% and breaches declined by 23%, according to the Identity Theft Resource Center’s (ITRC) End-of-Year Data Breach Report for 2019 Data breaches tracked in 2019 in the United States jumped to 1,473, from 1,257 in the previous year, the report revealed. Meanwhile, 164,683,455 sensitive records were... Read more →
Posted by (ISC)² Management on 13 February 2020 at 08:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, Malware, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
05 December 2019
Cyber Threats to Healthcare on the Rise
Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018.... Read more →
Posted by (ISC)² Management on 05 December 2019 at 09:00 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Workforce, Malware, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
22 November 2019
Cybersecurity Is the Top Concern for Midmarket Executives
Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row. The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S.... Read more →
Posted by (ISC)² Management on 22 November 2019 at 09:47 AM in Cybersecurity Workforce, IT Security, Network Security, Risk | Permalink
|
Comments (0)
21 November 2019
#ISC2Congress: Global Factors Driving Data Privacy Regulation (Part 2)
By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. In the previous post, we discussed the growing influence of digital authoritarianism, which has now contributed to nine consecutive years of a decline in internet freedoms across the globe. We’ll now turn to two other competing global influences that are further shaping data... Read more →
Posted by (ISC)² Management on 21 November 2019 at 09:30 AM in (ISC)² Events, Ethics, Government , Legal, Privacy, Risk | Permalink
|
Comments (0)
20 November 2019
#ISC2Congress: Global Factors Driving Data Privacy Regulation (Part 1)
By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. On October 29, the internet turned 50. Despite original aspirations of a free and open internet, the modern internet is increasingly segmented and shaped by political boundaries. Included within broader technological shifts such as 5G, artificial intelligence, and the internet of things, these... Read more →
Posted by (ISC)² Management on 20 November 2019 at 09:15 AM in (ISC)² Events, Ethics, Government , Legal, Privacy, Risk | Permalink
|
Comments (0)
13 August 2019
SSCP vs. CISSP Exams: How are they different?
You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the... Read more →
Posted by (ISC)² Management on 13 August 2019 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (6)
17 July 2019
CEOs: Cybersecurity Will Be a Major Challenge in the Coming Decade
Cybersecurity concerns remain top of mind for global CEOs as they weigh the challenges their organizations will face in the next five to 10 years. A new report by global management consultancy EY reveals that cybersecurity tops the list of concerns for CEOs, along with income inequality and job loss caused by technology advances. The findings in EY’s 2019 CEO Imperative Study confirm earlier research showing that chief executives view cybersecurity threats as one of their most daunting challenges. Adding to the problem, the EY study reveals that CEOs lack confidence in the C-suite’s ability to address these challenges. Only... Read more →
Posted by (ISC)² Management on 17 July 2019 at 09:05 AM in Cybersecurity Workforce, Ethics, Insider Risk, IT Security, Risk | Permalink
|
Comments (0)
11 July 2019
Small Businesses Need New Security Solutions but Aren’t Always Sure Which Ones
Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be. (ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.”... Read more →
Posted by (ISC)² Management on 11 July 2019 at 08:55 AM in Cybersecurity Workforce, Risk | Permalink
|
Comments (1)
09 July 2019
The Challenges of Raising User Security Awareness
One of the toughest challenges of cybersecurity is to raise awareness among users. Technology solutions are instrumental in achieving a solid security posture, but they only get you so far. There’s always the risk a user will make a split-second bad decision and open the door to attack. User awareness was the topic of a recent (ISC)² webcast, Delivering Security Awareness that Works. Participants shared their experiences in modifying user behavior and the challenges they face on a daily basis to save users from their own potentially harmful actions. User Risks One theme quickly emerged: Cybersecurity teams must be on... Read more →
Posted by (ISC)² Management on 09 July 2019 at 09:05 AM in Cybersecurity Training, Risk | Permalink
|
Comments (1)
20 June 2019
Small Businesses Not the Weakest Link in the Supply Chain, Study Shows
A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only... Read more →
Posted by (ISC)² Management on 20 June 2019 at 11:00 AM in Cybersecurity Workforce, IT Security, Risk | Permalink
|
Comments (1)
23 January 2019
Cybersecurity Is the Top Business Concern for U.S. CEOs
A potential recession is on the minds of U.S. corporate executives, according to new research. But do you know what worries them even more? Cybersecurity. The C-Suite Challenge 2019 study by think tank The Conference Board reveals that American CEOs rank cybersecurity as their biggest “external concern” for 2019. It outranks recession fears, which took third place behind new competitors. It also matches a finding by the World Economic Forum that cyber attacks are the top risk of doing business in North America. Globally, recession fears top the list of external business concerns. This is a significant change from last... Read more →
Posted by (ISC)² Management on 23 January 2019 at 09:00 AM in Risk | Permalink
|
Comments (0)
21 December 2018
Beware of Scams this Holiday Season
By Tony Vizza, CISSP, (ISC)² Director of Cybersecurity Advocacy, APAC Over the past few weeks, I have noticed a marked increase in the number of phishing attempts, both using cyber based methods as well as traditional methods such as phone calls, text messages and even postal service scams. Scammers rely on psychological trigger points to succeed. December, in particular, is a stressful time for many people. Boozy Christmas parties, buying presents for your family (and finding something your partner will like), planning the holiday getaway with the kids and of course wrapping up end-of-quarter and end-of-year and you have a... Read more →
Posted by (ISC)² Management on 21 December 2018 at 08:00 AM in Center for Cyber Safety and Education, Malware, Risk | Permalink
|
Comments (1)
03 December 2018
Report: Cyberattacks Pose Big Business Risks Around the Globe
Cyberattacks rank as the number one risk of doing business in North America, Europe and the East Asia-Pacific region, according to a World Economic Forum report, Regional Risks of Doing Business. While business leaders in other areas of the globe are more concerned about unemployment, unstable governments and oil prices, cyber risks rank as the fifth highest worldwide. The concern about cyberattacks shows just how critical cybersecurity has become, ranking even higher than terrorism in the global top 10. Not surprisingly, cyber risks are a bigger concern among the most industrialized areas of the globe such as North America, where... Read more →
Posted by (ISC)² Management on 03 December 2018 at 09:05 AM in Malware, Risk | Permalink
|
Comments (0)
10 October 2018
LIVE FROM #ISC2CONGRESS: Should You Get Cyber Insurance?
About three thirds (76%) of companies currently have cyber insurance, but less than a third of them (32%) get policies that cover all risks, according to two representatives from insurer RLI Corp. who spoke during this week’s (ISC)2 Security Congress 2018 in New Orleans. While having a cyber policy is always a good idea, there is a fair amount of complexity that makes it difficult to determine how much coverage you need. Often third parties such as cloud providers are involved, creating coverage nuances that companies must be aware of when taking out a policy. Beyond that, companies often don’t... Read more →
Posted by (ISC)² Management on 10 October 2018 at 03:08 PM in (ISC)² Events, Risk | Permalink
|
Comments (0)
03 July 2018
Don't be a sitting duck in the next OT cyberattack
By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
Search
Categories
- (ISC)² Chapters (21)
- (ISC)² Events (150)
- Center for Cyber Safety and Education (50)
- Cloud Security (123)
- Cybersecurity Certifications (362)
- Cybersecurity Training (304)
- Cybersecurity Workforce (221)
- Digital Forensics (27)
- Ethics (49)
- Government (102)
- Insider Risk (54)
- IT Security (357)
- Legal (41)
- Malware (98)
- Network Security (162)
- Operations Security (132)
- Privacy (98)
- Ransomware (56)
- Risk (171)
- Software Development (43)
- Spotlight (66)