Here’s an overview of some of last week’s most interesting news, articles and interviews:
Official (ISC)² CISSP CBK Reference: Out with the old, in with the new
Arthur Deane is a Senior Director at Capital One Financial, where he leads cybersecurity activities in the Card division. He is also the co-author of the Official (ISC)² CISSP CBK Reference, 6th edition. In this interview with Help Net Security, he discusses the book as well as certification in general.
SaaS security is becoming a primary concern for businesses
One of the frequently touted advantages of using software-as-a-service (SaaS) solutions is their maintenance-free and supposedly inherently secure nature. These services are maintained by their providers and users do not have to worry about configuring, troubleshooting, and updating them. Things are not as simple as that, though.
Leveraging threat intelligence to tackle supply chain vulnerabilities
In this interview with Help Net Security, Brandon Hoffman, CISO at Intel 471, talks about the growing threat of supply chain attacks, the most common supply chain vulnerabilities and how the right threat intelligence can help stay on top of these threats.
A multi-party data breach creates 26x the financial damage of single-party breach
Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today’s interconnected digital world.
3 ways any company can guard against insider threats this October
October is Cybersecurity Awareness Month, but most business leaders and consumers don’t need a special event to remember cybersecurity’s preeminence in today’s turbulent digital landscape.
Corporate attack surface exploding as a result of remote work
74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic. The data is drawn from a study of more than 1,300 security leaders, business executives and remote employees conducted by Forrester Consulting.
The biggest problem with ransomware is not encryption, but credentials
Credential compromise is the leading cause of ransomware attacks, because credentials give hackers the access they need to hold your systems hostage. However, if you eliminate username/password credentials, you eliminate their easiest point of entry to your systems.
How to avoid the pitfalls of multi-cloud strategy deployment
Making the decision to implement a multi-cloud strategy is difficult. From the decision to pursue a multi-cloud journey to defining the requirements to laying the foundation to identifying and deploying applications and services to the multi-cloud environment, the process requires a solid strategy and flawless execution to succeed, say experts at Taos.
To avoid cyberattacks, companies need to think like hackers
Companies are spending more than ever on cybersecurity but, despite a plethora of new security systems, they continue to be vulnerable to attacks, which are not only becoming more numerous but are also taking a greater financial and business toll on organizations.
Proper password security falling short despite increase in online presence
While 92 percent of people know that using the same password or a variation is a risk, 65 percent still re-use passwords across accounts, drastically increasing the risks to their sensitive information, a LastPass report revealed.
Cybersecurity posture validation: Fireside chat with Arkadiy Goykhberg, CISO of DMGT
Working in cyber security is an exciting if humbling experience. It is a discipline where you can never have enough details, best practices, and lessons learned by examining mistakes made by others. Learning from peers has always been paramount.
Ransomware attacks on the rise – How to counter them?
Ransomware attacks are not novel nor exotic. Knowing the dangers and the vulnerabilities, why is there such a lack of preparedness, especially with raised awareness that higher-level executives seem to have around cybersecurity issues?
The relationship between development and security teams affects speed to market
VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. The study found that security is still perceived as a barrier in organizations, with 52% of developers believing that security policies are stifling their innovation.
How much trust should we place in the security of biometric data?
Increasingly, biometric data is being collected from people who are entering countries as refugees. Although the collected information varies from country to country, within the UK fingerprints and a facial image are collected as standard.
Ransomware attacks on healthcare organizations may have life-or-death consequences
Ponemon Institute surveyed 597 IT and IT security professionals to understand how COVID-19 has impacted how healthcare delivery organizations (HDOs) protect patient care and patient information from increasing virulent cyberattacks, especially ransomware.
Today’s cars are mobile data centers, and that data needs to be protected
As manufacturers increase levels of system automation on the journey to fully autonomous vehicles (AVs), the volume of data generated and consumed by our vehicles will grow exponentially, as will the complexity of the code base on which the car depends.
IT executives do not believe their business can have both a flexible and usable Kubernetes environment
A Dimensional Research survey shares Kubernetes best practices and key insights about the rapidly growing and evolving use of Kubernetes within businesses.
Nation-state attacks fears grow, execs don’t trust governments to protect them from cyber threats
Arctic Wolf published findings from a recent global survey of over 1,400 IT decision-makers at enterprise organizations. After a year of high-profile cyberattacks, the survey data reveals executive attitudes on a wide array of cybersecurity and business issues.
New infosec products of the week: October 1, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from Cloudflare, Citrix, DataDome, deepwatch, Elastic and Fugue.