Moving Security Programs Forward
Our first set of predictions and trends for 2021 really started back in March 2020 when we developed our Pandemic Security Model. We talked about how organizations and businesses would react from a security perspective as we moved along the WHO pandemic scale. Since the pandemic has dominated every aspect of our lives, it has also become the core focus of many businesses and...
Risk amongst third-party vendors is a growing concern in 2020. As internal security efforts have increased, cyber criminals are targeting an organization’s supply chain seeking personally identifiable information (PII), intellectual property (IP), and other sensitive data. As a result, in the last 12 months, organizations in the United States have experienced an average of 3.1 breaches resulting from vulnerabilities within a third party. To begin understanding what leads to vendor...
Third party risk management (TPRM) is a growing topic in cyber security, and for good reason. Organizations are constantly increasing the number of vendors in their supply chain, from machinery and logistical support to software and other technological solutions in the name of improving workflows or gaining a competitive advantage. But with more vendors and...
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and Department of Human Health Services (HHS) have recently released a joint advisory about ransomware targeting the public health sector. Among these include U.S. hospitals and healthcare providers. The attack utilizes ransomware such as Trickbot, Ryuk, and BazarLoader to conduct ransomware attacks, data theft, and to otherwise disrupt...
Every year IBM Security sponsors and publishes the Cost of a Data Breach Report based on research from the Ponemon Institute. The report for 2020 is an 84-page resource with valuable information regarding not only the cost of breaches, but also insight into mitigating factors, and data breach trends. This article takes a focused look...
Everyone's been working from home for a while now, but just because we're getting used to the remote work lifestyle doesn't mean that cyber-attacks are any less possible or relevant. Many organizations have adopted or created a remote work policy and adjusted security processes accordingly, but these should be assessed and improved regularly, just as any other aspect of...
What is a security program assessment? How often does an organization need to conduct one? Do you have to outsource assessments?These are questions people often ask in security, and this article will go through the basics of a security program assessment and what to keep in mind to make the most of them to improve...
What is a vendor risk management program? Vendor risk management, also referred to as third-party risk management is a common component of many organizations, but many of the problems that organizations and security teams encounter haven’t changed. The hurdles organizations face can commonly be broken down into three categories: the current approach for third-party risk, technology associated with these processes, and the resources or people...
Many studies have shown that there is a talent gap in cyber security and given the current state of cyber security’s talent development practices, it’s not surprising. This talent gap is a contributing factor to the overall resource shortage as well as a lack of diversity throughout cyber security and technology companies as a whole. This...
The pressure is on for cyber security teams to build effective security programs that can effectively stay on top of the changing threat landscape while simultaneously meeting business needs. The work of an effective security program is never done but keeping up with changing demands and requirements can quickly become overwhelming. Establishing a roadmap can provide guidance...