New United States Securities and Exchange Commission (SEC) rulemaking makes cyber risk reporting and business resilience planning a key component of effective board governance. Earlier this year, the SEC released a proposed cybersecurity disclosure rule to advance risk management and governance towards the treatment of cyber risk.
It’s hard to go a week without learning about a new cyberattack. And while it is often the Fortune 500 companies that draw the most media attention (Marriott International, Morgan Stanley, T-Mobile, Target, and more), small businesses are under more frequent threat and have much more to lose…such as their entire business.
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
A few years ago, cybersecurity outsourcing was perceived as something inorganic and often restrained. Today, cybersecurity outsourcing is still a rare phenomenon. Instead, many companies prefer to take care of security issues themselves.
Almost everyone has heard about cybersecurity outsourcing, but the detailed content of this principle is still interpreted very differently in many companies.
In this article, I want to answer the following important questions: Are there any risks in cybersecurity outsourcing? Who is the service for? Under what conditions is it beneficial to outsource security? Finally, what is the difference between MSSP and SecaaS models?
As software-related vulnerabilities continue to grow, companies must manage their software cyber risks to innovate faster and create safer, more secure digital products.
Until recently, most companies were unaware of the “ingredients” or code that make up the software that powers their products and enterprise software. This is an issue because third-party code usage is increasing, and the consumption of open-source software (OSS) will accelerate in the years to come.
European Union lawmakers have proposed a new set of product rules to apply to smart devices that’s intended to compel makers of Internet-connected hardware — such as ‘smart’ washing machines or connected toys — to pay fulsome attention to device security.
The proposed EU Cyber Resilience Act will introduce mandatory cybersecurity requirements for products that have “digital elements” sold across the bloc, with requirements applying throughout their lifecycle — meaning gadget makers will need to provide ongoing security support and updates to patch emerging vulnerabilities — the Commission said today.
Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention.
Remote work is now a standard option for most professionals, but the rising popularity of work from anywhere has driven a corresponding rise in cybersecurity incidents.
Remote work during the COVID-19 pandemic drove a 238% increase in cyber attacks, according to a March 2022 report by Alliance Virtual Offices, which provides services to the remote workforce. And Gartner’s “7 top trends in cybersecurity for 2022” called the expansion of the attack surface that came with remote work and the increasing use of public cloud a major area of cybersecurity concern. Trends such as these have made security improvements for remote employees and risk-based vulnerability management the “most urgent projects” in 2022 for 78% of CISOs surveyed by security software provider Lumu Technologies.
Cybersecurity has a reputation for being difficult—and not without reason. Covid-19, remote-working and geopolitical unrest have exacerbated the problem almost beyond recognition, leaving some of the world’s most powerful corporations scratching their heads. If the big fish are struggling to swim straight, what hope is there for the little guys?
With this in mind, it’s worth taking a look at how U.K. SMEs (small- and medium-sized enterprises) are getting on. How often are they being attacked? What kind of threats are they facing? What are they worried about? What are they doing about it? What should they be doing about it?
Blockchain is nothing new. Originally proposed in 1982, and eventually harnessed in 2008 as the technology behind Bitcoin, blockchain acts as an immutable publicly distributed ledger. Each block cannot be edited and cannot be deleted. It is secure, decentralized and tamper-proof.
These attributes hold immense value for IoT infrastructures, and point the way to a more transparent future. Blockchain technologies can be used to support IoT deployments by improving decentralization, heightening security and bringing better visibility to connected devices.
The strategies companies need to keep their data safe.
As cyberattacks become more sophisticated and harder to trace, it’s critical for companies to be ready for them. Three experts from Chicago’s cybersecurity scene discuss trends in the cybersecurity arena and how companies can better prepare for cyberattacks.
Although SMBs are more aware about cyber threats now, a recent survey shows around 60% SMBs do not consider cyber attacks a huge risk for them and about 40% do not believe that strong security is a priority.
The increasing number of reports of cyber crimes involving small businesses shows that criminals are shifting their focus. Now, banks, financial institutions, and large corporate houses are not their only target, but also easy prey, like small and medium businesses (SMBs) and the common man.
Presidio’s Brian Lynch caught up with Julia O’Reilly to discuss the lasting impact of the HSE attack, cybersecurity frameworks, and knowing the value of your own data.
In May 2021, Ireland was subjected to a ransomware attack that forced our national health and social services provider to shut down its entire IT system. The Health Service Executive’s (HSE) systems were targeted with Conti ransomware. The stolen data was ultimately restored after the ransomware group handed over a decryption key without having received the €16.7 million ransom. Speaking at the time, CEO of the HSE Paul Reid said the impact of the attack had put some services back 30 to 40 years.
IIoT security often takes a back seat, report finds.
Cyberattacks against Industrial Internet of Things (IoT) devices, as well as operational technologies (OT), are widespread, with almost no companies being immune, a new report from Barracuda Networks has claimed.
Andy is CSO for Huawei Technologies USA, overseeing Huawei’s US cyber assurance program.
Recent security incidents violating IT service providers like SolarWinds and Microsoft have brought to the forefront the importance of accountability and transparency in cybersecurity. The sheer volume of recent reports of ransomware attacks, cyber intrusions reportedly perpetrated by nation-states, and largescale data breaches affecting millions of people indicates that cyber defenses must be raised across the board—particularly in critical infrastructure, government and essential services.
IoT brings benefits to business, government and consumers. But those features shouldn’t come at the cost of security or less privacy for its users.
When firefighters arrive at burning buildings, they must contain the blaze, rescue inhabitants and keep calm under pressure. As IoT devices are increasingly deployed throughout cities, firefighters could have access to more information that could save more lives and lead to less lost property through use of real-time data about surroundings impacting people in need.