Week in review: Discussing cybersecurity with the board, APT-style attacks, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles and interviews:
January 2022 Patch Tuesday forecast: Old is new again
Let’s look at some recent events which will be influencing this month’s patch releases.
Ransomware attacks decrease, operators started rebranding
Positive Technologies experts have analyzed the Q3 2021 cybersecurity threatscape and found a decrease in the number of unique cyberattacks. However, there’s been an increase in the share of attacks against individuals, and also a rise in attacks involving remote access malware.
Insider threat does not have to be malicious, so how do you protect your organization?
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about the causes of insider threat attacks and what companies can do to mitigate or even avoid them.
LTE IoT market to grow steadily by 2026
LTE IoT market is expected to register a healthy CAGR of over 28% during the forecast period (2021 – 2026), accordig to ResearchAndMarkets. The growth of connected devices and the need for unique and defined network qualities are fueling the growth of the LTE IoT market.
How can SMBs extend their SecOps capabilities without adding headcount?
While cybersecurity budgets are rising, most small and some midsize organizations looking to employ skilled cybersecurity professionals are often unable to match salaries offered by big enterprises in a job market where demand outstrips supply.
Healthcare cloud infrastructure market size to reach $142 billion by 2028
The global healthcare cloud infrastructure market size is expected to reach $142 billion by 2028, according to ResearchAndMarkets. The market is expected to expand at a CAGR of 16.7% from 2021 to 2028.
Why the UK’s energy sector is fragile and ripe to cyber attacks
For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and far-reaching impacts of it.
How companies manage data and AI initiatives
Investment in data and AI initiatives continues to grow – the 2022 survey indicates that 97% of participating organizations are investing in data initiatives and that 91% are investing in AI activities. This year, 92.1% of organizations report that they are realizing measurable business benefits, up from just 48.4% in 2017 and 70.3% in 2020.
A CISO’s guide to discussing cybersecurity with the board
To get the assets needed for CISOs to properly do their jobs, business leaders need to invest time, attention, and money in cybersecurity. Here are helpful ways that CISOs can discuss cybersecurity with their C-suite and board members.
Preventing document fraud in a world built on digital trust
All digital markets are built on trust and that trust has been reduced to an algorithm driven by proof of identity, which currently remains heavily reliant on formal documents such as a passport or driving license. Anyone looking to misrepresent who they are, where they live or what they’re paid would need their documentation to reflect this false version of their status.
Should businesses be concerned about APT-style attacks?
As we enter 2022, organizations are re-evaluating their cybersecurity strategies to lower risks and best defend against potential threats. Through budget, risk tolerance, compliance and more, organizations have varying priorities for their security needs. Two things to consider in that planning – in addition to the ever-growing threats of ransomware, phishing, and zero-day vulnerabilities – are nation-state and Advanced Persistent Threat (APT)-style attacks.
API security: Understanding the next top attack vector
While traditional application security controls remain necessary, they are not quite up to the API security challenge. Fortunately, there are certain basic API security practices organizations can implement to create a more resilient API security posture.
SMBs should consider new approaches for increasing their cybersecurity posture
SMBs can obtain advice about cybersecurity quite easily from a plethora of resources. Getting their hands on practical technology solutions is, on the other hand, more of a problem, as they are often greatly constrained by their budget. Still, there are solutions within their reach.
The Log4j debacle showed again that public disclosure of 0-days only helps attackers
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as additional PoCs appeared.
Bridging the “front and back of the house”: A lesson in risk management
Between cloud proliferation, new tech infrastructure and tools and an increasingly distributed workforce, organizations are struggling to implement proper risk management practices. They often ignore one of the most important components of a solid risk management strategy: efficient communication between the “front and back of the house.”
Five tips on how to stay (cyber)secure in a hybrid work world
In the rush to embrace this new world of work, it’s been all too easy to overlook one of the biggest challenges it creates: maintaining cybersecurity.
Enterprise PKI automation: The modern approach to certificate lifecycle management
The challenge faced by already strained IT teams is how to deliver strong certificate management across increasingly complex IT environments, at a time when workforces are massively distributed and entering the corporate network via the consumer-grade technologies in their homes.
Network and security teams must collaborate to successfully deliver digital transformation
Collaboration is a key component of any successful business strategy, but it’s not always a simple task. The conflicting goals of individual teams means that different operations can become siloed, with each team working with specific requirements and deliverables in mind.
Supply chain cybersecurity: Pain or pleasure?
Whatever sector your business operates in, you will depend on third parties to provide you with goods and services to support what you do. Whether you are a small printing services company working with an accountant or an organization with a full manufacturing and distribution supply chain, suppliers are important to your daily operations and will all on some level interact on site or digitally with your business, and this makes them a risk vector.
The CISO’s guide to third-party security management
In this comprehensive guide, we provide the direction you need to make your organization’s third-party security program efficient and scalable.
Infosec products of the month: December 2021
Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack Labs, F5 Networks, Immuta, IriusRisk, MetricStream, MobileSphere, Nerdio, NetQuest, Oxeye, Ping Identity, Pondurance, SentinelOne, Syxsense, Tenable, ThreatConnect, Tufin, Veriff, Verimatrix, and Zerto.