Jul 10th, 2020 - Risk management is critical for any company looking for growth and profit instead of liabilities and reputational damages. So let’s answer an important question: is third-party remote access and why should you care? Networks can be attacked from all sides. The surface area of your network is determined by the points of entry to your network by people (both internal employees and external third parties) and things. When vendors have access to your network, it is not only a potential security risk, but the risks that are associated are huge. Depending on the enterprise or company, employees ... [Read More]

Jul 9th, 2020 - Risk management and security are top concerns for most organizations, especially in government industries. The Risk Management Framework (RMF) integrates security into the early development stages to help speed up time to delivery while avoiding risk. The Risk Management Framework (RMF) was first developed by the Department of Defense (DoD) to act as criteria for strengthening and standardizing the risk management process of information security organizations. The framework later became widely adopted by the rest of the U.S. federal information systems in 2010. While originally developed by ... [Read More]

Jul 7th, 2020 - The tally of breach victims impacted by an April ransomware attack on Magellan Health has been reported to HHS as impacting over 365,000 patients; member portal breaches and another ransomware attack complete this week’s breach roundup. July 07, 2020 - The extent of the ransomware attack that hit Arizona-based Magellan Health in April  became clear  this week, with eight  Magellan Health affiliates and healthcare providers reporting breaches  stemming from  the  incident to the Department of Health and Human Services . The breach reporting tools shows about 365,000 patients were ... [Read More]

Jul 7th, 2020 - In the new work-from-home reality, corporate security paradigms, and attitudes, must change The COVID-19 pandemic continues to affect the world in many ways, both health-wise and from a business standpoint. As we adjust to what is likely a new normal for many organizations with an increased number of remote workers, we have to start rethinking the way we secure those employees and the data and systems they work with . The first step is to stop thinking of them as remote workers. The future reality may well be that most workers will be “remote”—that is, from a traditional office ... [Read More]

Jul 6th, 2020 - BlackBerry's Roger Sels on How AI-Driven Solutions Can Transform Response ) •     Roger Sels of BlackBerry assesses cybersecurity risk and sees two forms of chaos – cyber and endpoint. He also sees enterprises trying to defend automated attacks at human speed, which makes him ask: Isn’t it time we rebooted our approach to cybersecurity risk prevention? Sels, VP of solutions for EMEA at BlackBerry, says today’s biggest challenge is that defenders have given up on prevention. “We’ve started to believe [prevention] is not an achievable target anymore,” he says. “Even if you ask ... [Read More]

Jul 6th, 2020 - With all the acronyms floating around in cybersecurity, it is easy to get confused by what means what. Security information and event management, or SIEM , is often confused with security orchestration, automation and response, or SOAR , and vice versa. The reason why stretches beyond their similar syntax. Both SIEM and SOAR live in the security operations center and act as the key technologies to helping organizations detect and respond to threats in an organized and timely manner. As a result, they are complementary solutions, yet different in capabilities and the roles they play. Let’s ... [Read More]

Jul 6th, 2020 - Information risk has multiple components. With too many threats to assess individually, too many vulnerabilities to patch all at once, and many choices among controls, where should security leaders start? What's the priority? As I worked on my book, , I became fascinated with this question: How can we find a way to gain 80% of the benefits for 20% of the work? Named after Italian economist Vilfredo Pareto, the "Pareto Principle" asserts that for many events, roughly 80% of the effects come from 20% of the causes. According to Mike Gentile — president and CEO at CISOSHARE and someone who has ... [Read More]

Jul 6th, 2020 - The healthcare sector is the most affected by a group of 19 critical vulnerabilities known as Ripple20, found in over 52,000 medical device models and with remote code execution possibilities. July 06, 2020 - Healthcare is the sector most impacted by a group of 19 critical vulnerabilities known as Ripple20, found in the TCP/ IP   stack of hundreds of millions of IoT and connected devices.  The impact of which is currently unknown, given the flaws are found in embedded software  and web components .   First   by security researchers JSOF in mid-June, the Department of Homeland Security ... [Read More]

Jul 6th, 2020 - According to a recent report by TUV Rheinland " Study 2020 on the state of industrial safety " a lack of a holistic view of security is exposing the inner systems of industrial plants and critical infrastructure.  The study, done by TUV Rheinland and the Ponemon Institute , found that hackers are already pouncing on this opportunity. They are targeting devices and systems that control or monitor industrial processes — such as motors, pumps or valves.  "OT systems differ in function and technology from classic corporate IT. At the same time, successful cyberattacks on OT systems often ... [Read More]

Jul 6th, 2020 - ONUG's recent whitepaper outlines how establishing uniform event reporting could lead to improved transparency from cloud providers. Adhering to compliance can be tricky for enterprises that move to the cloud, but the creation of standards to automate governance could ease some of the issues they face. The Open Networking User Group (ONUG) recently issued a that lays out why standardizing different reporting methods might save organizations from some of their headaches. Co-founder Nick Lippis says ONUG is advancing its efforts beyond the first phase of the collaboration, which focused on ... [Read More]