Nov 21 2021

How can a business ensure the security of their supply chain?

Category: cyber securityDISC @ 3:50 pm
How can a business ensure the security of their supply chain?

10 best practices to evaluate a supplierā€™s risk

While there are no guarantees that a business can detect a supply chain attack before it happens, there are 10 best practices that a business can consider to help mitigate risk and validate the security of its supply chain.

1. Evaluate the impact each supplier can have on your business if the supplierā€™s IT infrastructure is compromised. While a full-risk assessment is preferred, smaller organizations might not have the resources to conduct one. At a minimum, however, they should analyze the worst-case scenarios and ask questions such as:

  • How would a ransomware attack on this supplierā€™s systems impact my business?
  • How would my business be affected if the supplierā€™s source code was compromised by a Trojan virus?
  • If the supplierā€™s databases are compromised and data is stolen, how would that impact my business?

2. Evaluate internal IT resources and competencies for each supplier. Do they have a dedicated cybersecurity team led by a security manager or a CISO? It is important to identify the supplierā€™s security leadership because that is who can answer your questions. If the team is non-existent or poorly staffed with no real leadership, you may want to reconsider engaging with this supplier.

3. Meet with the supplierā€™s security manager or CISO to discover how they protect their systems and data. This can be a short meeting, phone call, or even an email conversation, depending on the risks identified in step 1.

4. Request evidence to verify what the supplier is claiming. Penetration reports are a useful way to do this. Be sure the scope of the test is appropriate and, whenever possible, request a report on two consecutive tests to verify that the supplier is acting on its findings.

5. If your supplier is a software provider, ask for an independent source code review. In some cases, the supplier may require an NDA to share the full report or may choose not to share it. When this happens, ask for an executive summary.

6. If your supplier is a cloud provider, you can scan the supplierā€™s networks, perform aĀ Shodan search, or ask the supplier for a report of their own scans. If you plan to scan yourself, obtain a permit from the supplier and ask them to segregate customer addresses from their own so you are not scanning something irrelevant.

7. If the supplier is a software or cloud provider, find out if the supplier is running a bug bounty reward program. These programs help an organization find and fix vulnerabilities before attackers have a chance to exploit them.

8. Ask your suppliers how they are prioritizing their risks. For example, theĀ Common Vulnerability Scoring System (CVSS)Ā is a free and open industry standard for assessing the severity of computer system security vulnerabilities and assign severity scores so the supplier can prioritize risk responses.

9. Request the supplierā€™s patching reports. The fact that they have a report demonstrates their commitment to security and managing vulnerabilities. If possible, try to get a report that is produced by an independent entity.

10. Steps 1 through 9 should be repeated annually, depending on the risk to and impact on your business. For a low-impact supplier, this may be performed less often. For a supplier that is mission-critical to the businessā€™s success and is high risk, the business may want to develop a permanent evaluation process. However, large SaaS and IaaS providers may not be willing to participate in ongoing evaluations.

How can a business ensure the security of their supply chain?

Cyber Security and Supply Chain Management

Tags: Supply Chain at Risk, supply chain security

Nov 18 2021

How Virtualization Helps Secure Connected Cars

Category: Cyber Communication,cyber security,data security,Hardware Security,VirtualizationDISC @ 11:11 pm
How Virtualization Helps Secure Connected Cars

Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more).

However, car companies havenā€™t really explored the opportunities to monetize customer data adequately. We can probably attribute this to cybersecurity threats and a mad rush to market. But as the industry evolves and accelerates adoption, we must address these concerns now.

According to Allied Market Research, experts forecast the worldwide connected car market to be worth $225.16 billion by 2027. As we strive to achieve continuous connectivity, whatā€™s the best approach to secure it? How do we keep drivers and their data safe from threat actors?

Before we dive into the solution, letā€™s look at some of the connected car challenges.

What Are the Threats to Connected Car Security?

#CarSecurity #Car Hacking

Tags: #CarSecurity #Car Hacking, Secure Connected Cars

Nov 08 2021

Pakistan government approves new cybersecurity policy, cybercrime agency

Category: cyber security,Information SecurityDISC @ 9:38 am

The Pakistan Ministry of Information Technology has announced that a new cybersecurity policy and accompanying cybersecurity agency has been approved for the South Asian nation.

The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.

It comes at a delicate time for Pakistan, which recently accused India of using the Israeli spyware Pegasus to spy on Prime Minister Imran Khan ā€“ and designates cyber-attacks on any Pakistani institution as an attack on national sovereignty.

ā€œThe IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity,ā€ said IT minister Syed Aminul Haq, as quoted inĀ localĀ press.

Tags: cybercrime agency, pakistan

Nov 01 2021

Cybersecurity can drive business transformation instead of holding it back

Category: cyber securityDISC @ 9:15 am
Cybersecurity can drive business transformation instead of holding it back

A security strategy that doesnā€™t offer the flexibility for innovation undermines the key competitive driver in a modern environment. So how do organizations bake trust into their security posture to provide the confidence to innovate and grow?

To achieve a balance between trust and innovation, businesses must rethink their approach by weaving security into every part of their digital fabric. Instead of creating a steel fortress around their digital ecosystem, they must have the flexibility to respond to market opportunities, confident that they can intercept and respond to risks in real-time.

Complexity undermines security ROI

The security market has never garnered more interest, withĀ Gartner estimatingĀ spending on cybersecurity to exceed $150 billion by the end of 2021. However, according to a recent IBM study, despite more significant enterprise investment, enterprise security effectiveness hasĀ declined by 13%.

Businesses often fail to consider that their increased investment in security technology often creates toolset sprawl, which introduces complexity that degrades their ability to detect and manage threat vectors.

More layers of security seem, in theory, like a good thing ā€“ in fact, the average enterprise deploys over 45 unique pieces of security-related technology across its networks. Yet, according to IBM, organizations that deploy over 50 tools are 8% less effective in detecting threats than companies employing fewer toolsets or one provider managing the entire ecosystem.

Security talent is challenging to hire and retain

Cybersecurity: The Insights You Need from Harvard Business Review

Tags: business transformation, cybersecurity business enabler

Oct 28 2021

The first step to being cybersmart: Just start somewhere

Category: cyber securityDISC @ 8:57 am
The first step to being cybersmart: Just start somewhere

When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once theyā€™ve taken that crucial first step, they can build the next steps around that risk assessment.

Cybersecurity is an ongoing strategic project. The initial goal shouldnā€™t be perfection. Instead, the goal can simply be to be better than yesterday.

Just start with a risk assessment

IT and security specialists can begin by pinpointing their organizationsā€™ most critical risk areas and then taking the steps to secure them. IT specialists should conduct a full data and asset inventory and assess where the greatest risk lies.

There are two areas that IT specialists should examine:

Tags: cybersmart

Oct 06 2021

Arizona governor announces the launch of Command Center to protect state computer systems

Category: cyber securityDISC @ 9:52 am
Arizona governor announces the launch of Command Center to protect state computer systems

The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers.

The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state.

The move is the response of the Arizona administration to hundreds of thousands of cyberattacks that hit the state.

At a ceremony Monday at the Department of Public Safetyā€™s Arizona Counter Terrorism Information Center in Phoenix, Ducey explained that Cyber Command Center has been established to protect the IT infrastructure of the state.

ā€œThe Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the stateā€™s computers against attacks and by extension, help protectĀ the over 7Ā million residents of the Grand Canyon State.ā€ reads aĀ postĀ published by AZCentral.

ā€œWhen we protect your data, we protect you at home as well,ā€ Arizona Department of Homeland Security Director Tim Roemer said in an interview. ā€œWe help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.ā€

In the case of a severe cyber attack, experts at the center will coordinate the incident response activities.

Tags: Command Center to protect state computer systems

Sep 03 2021

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Category: cyber security,Information Security,Laptop Security,Wi-Fi Security,Windows SecurityDISC @ 9:35 am
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.

A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.

The issues were discovered by the ASSET (Automated Systems SEcuriTy) Research Group from the Singapore University of Technology and Design (SUTD), their name comes from the Norwegian word ā€œBrakā€ which translates to ā€˜crashā€™.

The BrakTooth flaws impact 13 Bluetooth chipsets from 11 vendors, including Intel, Qualcomm, and Texas Instruments, experts estimated that more than 1,400 commercial products may be impacted.

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm.

ā€œwe disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.ā€ reads the post published by the researchers. ā€œAll the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching. Moreover, four of the BrakTooth vulnerabilities have received bug bounty from Espressif System and Xiaomi. ā€œ

The attack scenario tested by the experts only requires a cheap ESP32 development kit (ESP-WROVER-KIT) with a custom (non-compliant) LMP firmware and a PC to run the PoC tool they developed. The tool communicates with the ESP32 board via serial port (/dev/ttyUSB1) and launches the attacks targeting the BDAddress (<target bdaddr>) using the specific exploit (<exploit_name>).

The ASSET group has released theĀ PoCĀ toolĀ to allow vendors to test their devices against the vulnerabilities

braktooth

Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology (Special Publication 800-121 Revision 1)

Tags: Bluetooth security

Sep 02 2021

DoJ Launches Cybersecurity Fellowship Program as Threats Rise

Category: cyber security,Cyber StrategyDISC @ 9:35 am
DoJ Launches Cybersecurity Fellowship Program as Threats Rise

The U.S. Department of Justice (DoJ) announced the creation of a cybersecurity fellowship program that will train prosecutors and attorneys to handle emerging national cybersecurity threats.

Fellows in the three-year Cyber Fellowship program will investigate and prosecute state-sponsored cybersecurity threats, transnational criminal groups, infrastructure and ransomware attacks and the use of cryptocurrency and money laundering to finance and profit from cybercrimes.

Cyber Fellowship Program

The program will train selected attorneys to deal with emerging cybercriminal threats and the ability to secure a top-secret security clearance is a prerequisite. All participants will be based in the Washington, D.C. area.

As part of the fellowship, participants will rotate through the multiple departments charged with protecting the country from cybersecurity threats, including the Criminal Division, the National Security Division and the U.S. Attorneysā€™ Offices.

The program is coordinated through the Criminal Divisionā€™s Computer Crime and Intellectual Property Section and the creation of the Fellowship is the result of a recommendation from the departmentā€™s ongoing comprehensive cybersecurity review, which was ordered by Deputy Attorney General Lisa Monaco in May 2021.

fellowship web app election security government

Enhancing Efforts Against Cybersecurity Threats

Tags: Cybersecurity Fellowship Program

Aug 26 2021

Samsung can remotely disable their TVs worldwide using TV Block

Category: cyber security,Cyber Spy,Cyber ThreatsDISC @ 1:39 pm
Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.

“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.

“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”

As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”

https://twitter.com/SamsungSA/status/1423674642443784198

How TV Block works

Tags: Samsung can remotely disable, Smart TV, Smart TV Security, TV Block

Aug 05 2021

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats

Category: cyber security,Information SecurityDISC @ 7:23 am

Creation of the Joint Cyber Defense Collaborative follows high-profile cyberattacks on critical U.S. infrastructure

The U.S. government is enlisting the help of tech companies, includingĀ Amazon.comĀ Inc.,Ā MicrosoftĀ Corp.Ā and Google, to bolster the countryā€™s critical infrastructure defenses against cyber threats after a string of high-profile attacks.

The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHSā€™s Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.

ā€œThis will uniquely bring people together in peacetime, so that we can plan for how weā€™re going to respond in wartime,ā€ she said in an interview. Ms. Easterly was sworn in as CISAā€™s director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Armyā€™s first cyber operations unit at the National Security Agency, Americaā€™s cyberspy agency.

ā€˜This will uniquely bring people together in peacetime, so that we can plan for how weā€™re going to respond in wartime.ā€™ā€” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats

Department of Homeland Security and Information Sharing: Is It Working?Ā 

Department of Homeland Security and Information Sharing: Is It Working? by [United State Army War College, U.S Army U.S Army]

Tags: Department of Homeland Security, DHS

Aug 02 2021

CISA launches US federal vulnerability disclosure platform

Category: cyber securityDISC @ 8:15 am
CISA launches US federal vulnerability disclosure platform

ā€œThrough this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified,ā€ Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA,Ā explained.

The VDP platform

Binding Operational Directive 20-01, released in September 2020, mandates that all FCEB agencies must develop and publish aĀ vulnerability disclosureĀ policy.

At the moment, this newly establishedĀ VDP platformĀ collects eleven vulnerability disclosure programs, published by the:

  • Federal Communications Commission (FCC)
  • Department of Homeland Security (DHS)
  • National Labor Relations Board (NLRB)
  • Federal Retirement Thrift Investment Board (FRTIB)
  • Millennium Challenge Corporation (MCC)
  • Department of Agriculture (USDA)
  • Department of Labor (DOL)
  • Privacy and Civil Liberties Oversight Board (PCLOB)
  • Equal Employment Opportunity Commission (EEOC)
  • Occupational Safety and Health Review Commission (OSHRC)
  • Court Services and Offender Supervision Agency (CSOSA)

This newly established VDP platform is run byĀ BugCrowd, a bug bounty and vulnerability disclosure company, andĀ EnDyna, a government contractor that provides science and technology-based solutions to several US federal agencies.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Tags: CISA, Cybersecurity and Infrastructure Security Agency

Jul 26 2021

How to develop a skilled cybersecurity team

Category: cyber security,InfoSec jobsDISC @ 10:19 am
How to develop a skilled cybersecurity team

What skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations employ to develop a well-staffed cybersecurity team? Where should they look for talent? What advice do those already working in the field have for those who want to enter it?

(ISC)Ā² wanted to know the answer to these and other questions, so they asked 1,024 infosec professionals and 1,010 cybersecurity job pursuers in the U.S. and Canada.

What do the information security professionals say?

Cybersecurity Workforce : Staffing Needs, Skills Requirements and Coding Procedures

Cybersecurity Workforce

Tags: cybersecurity team, cybersecurity workforce shortage

Jul 11 2021

Three security lessons from a year of crisis

Category: CISO,cyber securityDISC @ 11:10 am
Three security lessons from a year of crisis

When Pindrop surveyed security and fraud professionals across vital sectors including banking and healthcare, we discovered hundreds of teams that had made heroic efforts to continue operating in the face of huge obstacles. We were also reminded of the many ways that fraud threatens businesses and individuals facing turmoil.

Spikes in call volume left contact center agents overextended while lockdown protocols forced reorganizations and remote work; well-intentioned and generally beneficial programs like PPP loans provided new avenues for fraud; and fraud attempts shifted to new venues, like banksā€™ prepaid card divisions.

More time on the line

Today, we live our livesā€”and conduct our businessā€”online. Our data is in the cloud and in our pockets on our smartphones, shuttled over public Wi-Fi and company networks. To keep it safe, we rely on passwords and encryption and private servers, IT departments and best practices. But as you read this, there is a 70 percent chance that your data is compromised . . . you just don’t know it yet.

Cybersecurity attacks have increased exponentially, but because they’re stealthy and often invisible, many underplay, ignore, or simply don’t realize the danger. By the time they discover a breach, most individuals and businesses have been compromised for over three years. Instead of waiting until a problem surfaces, avoiding a data disaster means acting now to prevent one.

No matter who you are or where you work, cybersecurity should be a top priority. The information infrastructure we rely on in every sector of our livesā€”in healthcare and finance, for governments and private citizensā€”is both critical and vulnerable, and sooner or later, you or your company will be a target. This book is your guide to understanding the threat and putting together a proactive plan to minimize exposure and damage, and ensure the security of your business, your family, and your future.

Tags: cyber crisis, security lessons

Jun 08 2021

Reformulating the cyber skills gap

Category: cyber security,InfoSec jobsDISC @ 8:45 am
Reformulating the cyber skills gap

Many thought leaders have approached the skills shortage from a cumulative perspective. They ask ā€œHow on Earth can companies afford to keep re-training their teams for the latest cyber-threats?ā€ The challenge, to them, emanates from the impracticalities of entry level training becoming obsolete as new challenges emerge.

Of course, the question of ongoing training is very important, but I believe it has misled us in our evaluation of the growing disparity between the supply and demand of cyber-professionals. What we should be asking is ā€œHow can we create a generation of cyber-professionals with improved digital skills and resilience to tackle an enemy that continually mutates?ā€

Defining the relationship between people and tech is of the utmost importance here. Cybersecurity is not merely a technical problem, itā€™s a human problem. This is a critical intersection. People are not the weakest link in an effective cybersecurity defense strategy, but the most crucial. However, technology is the apparatus that can properly arm us with the skills to defend against attacks.

The silver bullet

The only thing we can be certain of is that cyberattacks are taking place right now and will continue to take place for the foreseeable future. As a result, cybersecurity will remain one of the most critical elements for maintaining operations in any organization.

There is a growing appetite for reform in cybersecurity training, particularly among higher education institutions (e.g., with the UKā€™s top universities now offeringĀ National Cyber Security Centre (NCSC) certified Bachelorā€™s and Masterā€™s programs. It is in the interest of the British government that this appetite continues to grow, as theĀ Department for Culture, Media & SportĀ reported there were nearly 400,000 cybersecurity-related job postings from 2017-2020.

In addition, COVID-19 has been a significant catalyst in increasing uptake and emphasis on cyber skills since the steep rise in the use of digital platforms in both our work and personal lives has expanded the surface area for attacks and created more vulnerability.

Overall, though, young people remain our best hope for tackling the global cyber skills gap, and only by presentingĀ cybersecurity to them as a viable career optionĀ can we start to address it. This is the critical starting point. Once we do this, the next important step is to give universities and schools the facilities to offer sophisticated cyber training.

The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! by [Vagner Nunes]

Tags: cyber skills gap

Jun 04 2021

Quantum computing: How should cybersecurity teams prepare for it?

Category: cyber security,Information SecurityDISC @ 2:14 pm
Quantum computing: How should cybersecurity teams prepare for it?

Our community ā€“ that is, technologists, mathematicians and information assurance professionals ā€“ has generally adapted well to changes in the technology landscape.

At the start of the Cold War, the western security apparatus sought to understand the actions of their adversaries by intercepting radio signals bouncing off the ionosphere and analyzing the messages they carried. Later, when the Soviets moved to microwave transmissions, that same security apparatus deployed cutting-edge line-of-sight interception techniques.

Then, in 1977, after the Soviets began to successfully encrypt their communications, the NSA launched the Bauded Signals Upgrade program, delivering a supercomputer designed to compare encrypted messages with elements of plain text transmitted by mistake, allowing the agency to break many of the Sovietsā€™ high-level codes. Time and time again, our innovation has kept us safe, but only when we have prepared to meet the threat.

Quantum information theory, which has been explored since the beginning of the 20th century, has led to an exciting yet dangerous new prospect: new quantum algorithms to solve computational problems which have thus far proven to be intractable ā€“ or at least unachievable within a useful period ā€“ by classical computers. One such problem is the breaking of the Advanced Encryption Standard, a key pillar of modern data encryption.

A joint research team of engineers from Google and the Swedish Royal Institute of Technology published a study that theorized the breaking of a 2048 bit key in just 8 hours, something that would take todayā€™s classical computers over 300 trillion years. The catch? This theory requires a 20 million-qubit computer, and the largest quantum computer that exists today has only 65.

Their study, alongside many like it, tells us that quantum technology will present the greatest threat to the security of our critical systems in the history of computing. It may even be useful to us in future conflicts. However, quantum computers will need considerably more processing power than is available today and will require a significantly lower error rate if they are to be utilized for cyberspace operations.

To meet this challenge, institutions across the world are rushing to develop quantum computers that are capable of delivering on the promising theory.

The U.S. National Institute of Standards and Technology is currently evaluating over 60 methods for post-quantum cryptography, quantum key distribution, and other security applications. Early indications are that quantum technology will provide an ability to detect, defend, and even retaliate against all manner of future threats.

Away from security, most people understand that quantum computing has immense potential for good ā€“ with applications in the scientific and medical research fields easy to imagine. However, this vast computing power could also be used to undermine the classical computer systems that our nation relies upon so heavily.

DISC InfoSec Shop

Cryptography and Quantum Computing

Tags: Quantum computing

May 13 2021

Gamers beware! Crooks take advantage of MSI download outage

Category: cyber securityDISC @ 10:27 pm
Gamers beware! Crooks take advantage of MSI download outage…

Tags: MSI download outage

May 09 2021

Teaching Cybersecurity to Children

Category: cyber securityDISC @ 9:45 pm
Teaching Cybersecurity to Children

Tags: Teaching Cybersecurity to Children

May 05 2021

61% of cybersecurity teams are understaffed

Category: cyber securityDISC @ 9:19 am
61% of cybersecurity teams are understaffed

In a climate where remote work became more prevalentā€”and in some cases, mandatoryā€”those citing ā€œlimited remote work possibilitiesā€ as a reason for leaving their cybersecurity role saw a six-percentage point decline (45%) compared to the year before.

Though the cybersecurity workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that longstanding issues persist, including:

  • 61 percent of respondents indicate that their cybersecurity teams are understaffed.
  • 55 percent say they have unfilled cybersecurity positions.
  • 50 percent say their cybersecurity applicants are not well qualified.
  • Only 31 percent say HR regularly understands their cybersecurity hiring needs.

Understaffed cybersecurity teams and attacks issues

Tags: cybersecurity teams are understaffed

May 03 2021

A battle cry for SMBs to address cybersecurity

Category: cyber securityDISC @ 7:33 am
A battle cry for SMBs to address cybersecurity

If cybersecurity is a new concept for the business, first take the necessary steps to follow best practises, as set out by theĀ NIST Cybersecurity framework, as a minimum. Furthermore, to enhance the organisationā€™s overall security maturity, there are 4 key categories that need to be addressed: cyber strategy and risk, network security, endpoint security, and threat detection and response capabilities.

What is the current level of the cyber strategy and risk?

Small business owners are focussed on running their business with cybersecurity often a secondary concern. To begin with, businesses should seek consultation from industry experts to provide an assessment of the infrastructure to determine areas of concern. This will help the business plan, adapt and grow to stay competitive. It also will provide insight into how the businessā€™ security measures stack up to the needs of the business currently and for the future.

An assessment by an external consultant can also examine whether the business is meeting compliance and regulatory requirements, which can be weaved into the security strategy. This guidance not only helps to improve the overall security posture, but also saves costs in the long run.

The Essential Guide to Cybersecurity for SMBs

Tags: Cybersecurity for SMBs

Apr 30 2021

The realities of working in and pursuing a career in cybersecurity

Category: CISSP,cyber security,Information SecurityDISC @ 5:50 am
The realities of working in and pursuing a career in cybersecurity

ā€œOne of the biggest challenges we have in cybersecurity is an acute lack of market awareness about what cybersecurity jobs entail,ā€ saidĀ Clar Rosso, CEO ofĀ (ISC)Ā². ā€œThere are wide variations in the kinds of tasks entry-level and junior staff can expect. Hiring organizations and their cybersecurity leadership need to adopt more mature strategies for building teams.

ā€œMany organizations still default to job descriptions that rely on cybersecurity ā€˜all starsā€™ who can do it all. The reality is that there are not enough of those individuals to go around, and the smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come.ā€

cybersecurity career realities

« Previous PageNext Page »