Security News

China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities - all with the help of Chinese tech vendors. That's a nod to accusations that China practices what's been labelled "Debt trap diplomacy" whereby development assistance comes with repayment plans small nations may not be able to afford.

An offensive mindset is key to ensuring the best cyber defense. To ensure success, there are three main components for organizations to consider when developing a defensive strategy based on an offensive cyber model: re-envisioning recruitment, thinking like a hacker, and promoting offensive training in tangent with defensive training.

In a September 2021 report from the nonprofit Cloud Security Alliance, nearly 70 percent of respondents - comprising 1,090 IT and security professionals - reported that their company's cloud security, IT operations and developer teams are misaligned on security policies and/or enforcement strategies. March 2021: The arts-and-crafts retailer Hobby Lobby left 138GB of sensitive customer information, source code for the company's app, and employee names and email addresses open to the public internet because of a cloud misconfiguration in its Amazon Web Services cloud database.

The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.

The Center for Internet Security Community Defense Model v2.0 can be used to design, prioritize, implement, and improve an enterprise's cybersecurity program. Enterprises naturally want to know how effective the CIS Critical Security Controls are against the most prevalent types of attacks.

Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence intel-sharing cyberdefense hub to an attempt at blackmail. Although being accepted as a contributing participant, this does not make Ukraine a NATO member, but it will most likely tighten collaboration and will also allow it to gain access to NATO members' cyber-expertise and share its own.

While Ukraine is yet to become a member of the North Atlantic Treaty Organization, the country has been accepted as a contributing participant to the NATO Cooperative Cyber Defence Centre of Excellence. Although this does not make Ukraine a NATO member, it will likely tighten collaboration and allow it to gain access to NATO member nations' cyber-expertise and share its own.

Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge. Invest in an automated platform that enhances visibility into all connected devices and software and provides context into how those assets are being used, so your IT and security teams can make better decisions.

These days, information technology and information security professionals know this all too well, especially when it comes to configuration assessments. To reduce opportunities for hackers, organizations should perform configuration assessments regularly.

One of the most valuable steps an organization can take is to establish a cyber-threat profile, which is a deep-dive look at your organization's adversaries, vulnerabilities and risk. The creation of a cyber-threat profile should be based on intelligence and due diligence and should be used to drive action for the other cyber-defense functions.