Security News
Even if things go well on the technical level, incident response is still a stressful and hectic process across the company; this is the reality of cyber crisis management. I recently managed a cyber incident in a large company where, on a technical level, the handling of the incident was excellent but the cooperation with the management was complex and frustrating, a real Tower of Babel.
"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe. Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk," said Daniel Hofmann, CEO of Hornetsecurity. Hofmann commented: "Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage. We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices."
A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Good vulnerability management is not about being fast enough in patching all potential breaches.
According to Action1's 2021 Remote IT Management Challenges Report, 78% of organizations admit that they failed to patch critical vulnerabilities in a timely manner during the past year, and 62% said they suffered a breach due to a known vulnerability for which patch was available but not yet applied. It's not just the sheer volume that's a problem - each device might have its own hardware configuration and installed software, which adds a great deal of complexity to the patch management process.
Vulnerability scanning is a fundamental component of every good cyber security strategy - but it can be challenging to get right. Intruder created a vulnerability management platform to make it simple and save time, so that every business can enjoy the same level of security as banks and governments worldwide but without the complexity.
Below, you'll find four key resources you can use to take your email security to the next level. Electronic communication policy While communication tools such as email are convenient, they can also be dangerous.
In this Help Net Security video, Uri Haramati, CEO at Torii, talks about how it's impossible for IT to take full ownership or responsibility for managing cloud apps today. Instead, SaaS management is a team sport-but not all the players know they're on a team.
Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Identity and Access Management solutions administer user identities and control access to enterprise resources and applications.
In this Help Net Security video, Christopher Maddalena, Director of Internal and Community Product at SpecterOps, showcases Ghostwriter, which helps you manage clients, projects, reports, and infrastructure in one application. The tool does not replace some of the more common or traditional project management tools, such as CRMs. Still, it does consolidate all relevant project information in a way for users to easily curate every aspect of their projects.
The number one thing enterprises need to do is get back to basics and focus on what builds the foundation to robust asset risk management - and that is visibility and understanding of risk. Asset risk management is paramount to an effective zero trust architecture.