Just when a company thinks they’ve seen it all in cybersecurity, new challenges in data protection keep security leaders on their toes. One of the largest movie-ticket retailers discovered a need to protect sensitive data that could be shared across their productivity tools.
The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times. With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are required by regulations to isolate their most sensitive systems to avoid any type of security breach.
A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts allowing remote code execution. More recently, the Capital One breach last year stemmed from a misconfigured web application firewall. Verizon’s 2020 DBIR reported that only hacking was more prevalent than misconfiguration errors as the culprit of data breaches.
One of the most common questions that businesses operating under GDPR, LGPD or other similar data regulations have is how long should you keep data? As answers to this question typically seem to vary widely to clear up confusion, we’ve gathered insights from business leaders & specialists across a variety of industries to try and answer this question and shed light on what are reasonable timeframes to keep hold of data, whether that may be financial, employee or other potentially sensitive data.
If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn! The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day.
As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making the threat of attacks increasingly difficult to both prepare for and defend against.
Information Security leaders have to demonstrate the value and purpose for each solution that’s purchased and prove the solution that was chosen is doing the job it was procured to do. Executives are therefore requiring Information Security leaders to prove the value of the solutions in ways they understand. They need to see the value not in security metrics but in dollars and cents.
More organizations than ever before have shifted to a hybrid work culture to reduce the impact of COVID-19. This unprecedented change has not only given rise to new security challenges, but has also considerably increased the surface area available for an attack. A blend of personal and corporate endpoints in use, geographical spread of resources, and a sharp spike in the overall number of security threats have further complicated the already labor-intensive security landscape.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. Organizations on a global scale observe Cybersecurity Awareness Month to educate and instruct their employees on cybersecurity best practices. This week we highlight some cybersecurity trends that are shaping the industry today.
