Security News
An offensive mindset is key to ensuring the best cyber defense. To ensure success, there are three main components for organizations to consider when developing a defensive strategy based on an offensive cyber model: re-envisioning recruitment, thinking like a hacker, and promoting offensive training in tangent with defensive training.
In a September 2021 report from the nonprofit Cloud Security Alliance, nearly 70 percent of respondents - comprising 1,090 IT and security professionals - reported that their company's cloud security, IT operations and developer teams are misaligned on security policies and/or enforcement strategies. March 2021: The arts-and-crafts retailer Hobby Lobby left 138GB of sensitive customer information, source code for the company's app, and employee names and email addresses open to the public internet because of a cloud misconfiguration in its Amazon Web Services cloud database.
The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.
The Center for Internet Security Community Defense Model v2.0 can be used to design, prioritize, implement, and improve an enterprise's cybersecurity program. Enterprises naturally want to know how effective the CIS Critical Security Controls are against the most prevalent types of attacks.
Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence intel-sharing cyberdefense hub to an attempt at blackmail. Although being accepted as a contributing participant, this does not make Ukraine a NATO member, but it will most likely tighten collaboration and will also allow it to gain access to NATO members' cyber-expertise and share its own.
While Ukraine is yet to become a member of the North Atlantic Treaty Organization, the country has been accepted as a contributing participant to the NATO Cooperative Cyber Defence Centre of Excellence. Although this does not make Ukraine a NATO member, it will likely tighten collaboration and allow it to gain access to NATO member nations' cyber-expertise and share its own.
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge. Invest in an automated platform that enhances visibility into all connected devices and software and provides context into how those assets are being used, so your IT and security teams can make better decisions.
These days, information technology and information security professionals know this all too well, especially when it comes to configuration assessments. To reduce opportunities for hackers, organizations should perform configuration assessments regularly.
One of the most valuable steps an organization can take is to establish a cyber-threat profile, which is a deep-dive look at your organization's adversaries, vulnerabilities and risk. The creation of a cyber-threat profile should be based on intelligence and due diligence and should be used to drive action for the other cyber-defense functions.
The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene - 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication. "The loss of data and resources due to ransomware attacks can be debilitating. Though organizations are taking this threat seriously, too many are failing to take basic preventative steps. This report indicates a disturbing misplaced confidence that defenses never fail or that paying a ransom after an attack will always work - they do, and it won't," said Ted Ross, CEO of SpyCloud.