Securing IoT can make profitable sense to any company

Posted by:

Securing IoT can make profitable sense to any company

A survey conducted by Ponemon in 2018 found that 97 percent of security professionals thought that a cyber attack vectoring from an insecure device could be “catastrophic” for the business. They also found that only 15 percent had bothered to do an inventory of the IoT devices, which were indeed connected to their systems. And only half had protocols to disconnect high-risk devices upon detection.

The survey stresses the importance of addressing this vulnerability:

Read More →

0

CISO On Demand, Compliance, Data Breach, Incident Response, Information Security, IoT, IT Security, Network Security

DevSecOps: an intro on why you need it

Posted by:

DevSecOps: an intro on why you need it

We’ve pulled together an FAQ on DevSecOps, so you can give some thought on whether this approach might be beneficial in your organization. We hope it’s useful.

What is DevSecOps?

The concept evolved from its predecessor DevOps, a portmanteau for Development and IT Operations (Dev + Ops). I have also heard it referred to as “Agile on steroids”. The idea is simple: it bridges the gap between development and IT teams through collaboration to reduce project ...

Read More →
1

CISO On Demand, Cloud Security, cyber-security, Identity Theft, Incident Response, Information Security, IT Security, Network Security

, , , , , ,

Should C-level Bonuses Be Tied To Cybersecurity Posture?

Posted by:

Should C-level Bonuses Be Tied To Cybersecurity Posture?

The cybersecurity catch-22 – have you run across it? This is where, for example, you’ve found a vulnerability in a product, and you inform the affected company in a responsible way, but you never receive a response.

Or perhaps you work in the development team, and really want your employers to give you the resources you need to address a security flaw, only to see your requests shoved aside to focus on new, sexier features.

Read More →

0

CISO On Demand, Cloud Security, Compliance, cyber-security, Data Breach, Identity Theft, Incident Response, Information Security, IT Security, Network Security, Penetration Testing, Ransomware, Red Team

, , , , , , , ,

2019: What to expect in cybersecurity this year

Posted by:

2019: What to expect in cybersecurity this year

Another year is upon us. 2018 was a cyber rollercoaster with massive internet scandals and data breaches.  With that in mind there are a number of IT security topics that should be top of mind for 2019.

Take a look at a few we’ve identified…

Security by Design

We expect to see a greater focus on baked-in security, be this in application development, or in IT and company strategies. In 2018, with the enforcement of Europe’s data ...

Read More →
0

CISO On Demand, Cloud Security, Compliance, Cyber Criminals, cyber-security, Data Breach, Identity Theft, Incident Response, Information Security, Network Security, Penetration Testing, Uncategorized

, , , ,

Top Five Data Breaches of Summer 2018

Posted by:

Top Five Data Breaches of Summer 2018

It seems that 2.6 billion records were exposed in the first half of 2018. Just to provide context, remember that there are less than 3 times that many people alive on the planet. Obviously, those records don’t represent unique users, but it goes to show the sheer scope of the problem.

And it is an expensive problem. In the U.S. the average price tag swells to $7.91 million per breach, with an average clean up time ...

Read More →
0

CISO On Demand, Cyber Criminals, Data Breach, Identity Theft, Information Security, IT Security, Network Security, Penetration Testing, Ransomware

, , , , ,

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

201 CMR 17.00, CISO On Demand, Cloud Security, Compliance, Cyber Criminals, cyber-security, Data Breach, GDPR, HIPAA, Information Security, IT Security

, ,

U.S. and China trade wars: What’s the likely impact on information security?

Posted by:

U.S. and China trade wars: What’s the likely impact on information security?

Image courtesy of the Los Angeles Daily News

The U.S. political landscape is shifting dramatically, and no one knows what this shake out will uncover. For better or worse, it is certainly rocking the boat for U.S. residents, but changes are afoot for other global entities as well.

One of these entities is China.

According to media reports as recent as yesterday, China says it is “fully prepared” for a trade war with the U.S.

This coming ...

Read More →
0

Blog, CISO On Demand, Compliance, Cyber Criminals, cyber-security, Data Breach, Information Security, IT Security, Network Security, Penetration Testing

, , , , ,

Cryptomining – How Prevalent Is It And How To Stop It

Posted by:

Cryptomining – How Prevalent Is It And How To Stop It

One of the recent additions to the cyber threat landscape plaguing many organizations is the introduction of Crypto Miners. Due to the rise in popularity of Cryptocurrency, attackers have been shifting their attention and focus on gaining access to as many resources as they can find. The end goal of these attacks is to utilize the victim’s CPU to mine Cryptocurrency. To gain access to these resources the attackers are cycling in and out the latest and most popular exploitable ...

Read More →
0

Blockchain, Blog, CISO On Demand, Cyber Criminals, cyber-security, Information Security, IT Security

, , , , ,

The truth about managing Supply Chain risk? It’ not easy

Posted by:

The truth about managing Supply Chain risk? It’ not easy

Ahhh the joys of supply chain risk management. It is a complex beast with many heads, each focusing on the problem from a different operational standpoint.

The goal is of course to build and maintain a resilient system of checks and balances so your organisation’s supply chain is healthy and operating at an acceptable level of risk.

If this sounds easy to you, I am willing to bet you’re a theoretical expert.

Read More →

0

CISO On Demand, Cloud Security, Compliance, Cyber Criminals, cyber-security, Identity Theft, IT Security

, , , , , ,

Convincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters.

Posted by:

Convincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters.

We published an article recently about how many senior information security professionals, be they CISOs or CIOs, are worried about their systems being vulnerable to breach. One of the main problems is getting senior stakeholders, like the Board or the executive management team, to buy into your information security strategy. We shared a few approaches on how to address this ubiquitous problem.

Achieving executive buy-in on information security policies is much more difficult than ...

Read More →
0

CISO On Demand, Compliance, cyber-security, Data Breach, Incident Response, Information Security, IT Security, Network Security, Penetration Testing

, , , , , , ,

})
SEC Cybersecurity Exams