Security News
Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training. "In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."
Today, a stark disconnect exists between the inadequacy of crisis exercising and the desire to build an effective cyber crisis response function, according to an Osterman Research study. "With three quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary."
Cybersecurity professionals know all too well that crises tend to breed new threats to organizational security. Health agencies are being attacked, massive phishing operations are underway, and security flaws in leading communications platforms are coming to light.
Researchers find critical RCE vulnerabilities in industrial VPN solutionsCritical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more. Lack of training, career development, and planning fuel the cybersecurity profession crisisThe cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Bug in widely used bootloader opens Windows, Linux devices to persistent compromiseA vulnerability in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise.
The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted 70 percent of organizations, as revealed in a global study of cybersecurity professionals by ISSA and ESG. Cybersecurity profession crisis. Cybersecurity pros need a globally accepted career development plan.
"Our study reinforces that organizations who act quickly and decisively on their data strategies - or Data Leaders - will recover from the global crisis better and even accelerate their success," said Greg Betz, Senior Vice President, Data Intelligence and Automation, NTT DATA Services. Data crisis: Organizations struggle to use data for transformation.
While there was no way to fully anticipate the impact to our organizations and be prepared from day-one with a detailed plan, there is a lot we can learn to strengthen our resilience to emerging threats. Phil now leads the group's Cybersecurity Services business which includes Managed Security Services, Security Consulting and Professional Services, and Integrated Security Services.
Immersive Labs announced an industry-first solution to create better-drilled crisis response across institutions of all sizes. Cyber Crisis Simulator will allow people to virtually test their organization's reactions to the latest real-world attacks and is designed to be relevant to everyone from legal and communications teams, to cybersecurity specialists.
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.