How Can We Vaccinate Our Networks?

Security Weekly | December 29, 2020

 

The news is flooded with updates regarding the COVID-19 vaccine.  Cyberattacks are targeting the vaccine supply chain.  Phishing attacks are exploiting sign-ups for the vaccine.  There are even attacks to get access to vaccine data.  Sounds a lot like our enterprises every day!  We’re all learning about human immunology from the headlines, but what are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don’t really have a network immune system?

The List of Known SolarWinds Breach Victims Grows, as Do Attack Vectors

Data Center Knowledge | December 23, 2020

 

The SolarWinds breach story continues to get worse.

The list of known victims now includes US departments of Commerce, Defense, Energy, Homeland Security, State, the Treasury, and Health.

More worrisome for those responsible for cybersecurity at enterprise data centers, however, are the technology vendors that allowed the compromised SolarWinds Orion software into their environments.

Network Middle East: The Next Big Thing in Security

Network Middle East | December 2020 (Page 29)

Dr. Mike Lloyd, CTO at RedSeal, on “the next big thing in security”

We are in unprecedented times and no one can truly predict what lies ahead. What do we know is that threat actors are on the lookout for vulnerabilities and the sudden move to remote operations may have left loopholes that they can leverage. We sat down with security experts to understand how the security landscape may shape up next year.

Tool Sprawl – The Cybersecurity Challenge of 2021

Solutions Review | December 14, 2020

It’s not news that the pace of change in IT is extremely fast. What’s less well-known is the downside — tool sprawl. IT teams innovate at a breakneck pace, picking up whatever innovations suit their immediate needs. Security, in contrast, must protect the old applications that are still around, plus the new ones, plus the different platforms those new applications are built on. It creates a juggling challenge – how many different technologies can your security team juggle at once? If you have too many, how do you decide which are most important and which you must drop?

7 SecOps roles and responsibilities for the modern enterprise

SearchSecurity | December 7, 2020

Security operations, or SecOps, has had a direct, if increasingly challenging, mandate since the dawn of enterprise networking: detect, respond to, predict and prevent cyberattacks. But SecOps roles and responsibilities are shifting to accommodate growing interest in an offensive, rather than defensive, approach to cybersecurity. By staying ahead of threats and anticipating bad actors’ next moves, security leaders aim to thwart attacks before they happen.

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

Forbes | December 5, 2020

Bottom Line: In 2021, cybersecurity vendors will accelerate AI and machine learning app development to combine human and machine insights so they can out-innovate attackers intent on escalating an AI-based arms race.

UK tech skills gap to reduce as more Brits consider IT jobs

IT Pro | 4 November 2020

The UK’s tech skills gap is set to decrease as over half of workers are contemplating a career change into more tech-based roles, new research suggests.

A survey of over 2,000 professionals from CWJobs found that over half (55%) of non-tech workers are contemplating a career change.

What You Need to Know About CMMC Certification

Supply Chain Brain | October 7, 2020

As the Cybersecurity Maturity Model Certification (CMMC) nears full implementation, affected organizations are scurrying to ensure they’ll pass the certification process.

The goal is simple: organizations must meet minimum cybersecurity standards, and in doing so, they do their part to improve national security. The stakes are extraordinarily high for the estimated 300,000 defense industrial base (DIB) organizations which will soon need to be certified to one of the five CMMC levels to be eligible to be awarded a federal contract. Simply stated: no certification, no contract. From the perspective of the U.S. Government and the Department of Defense, the stakes have always been high since the DIB plays such a critical role in the defense of our nation. The only way to ensure the protection of our data and the integrity of the supply chain is to hold industry to a higher standard.

The Role of Cyber Hygiene in the COVID Crisis

Signal Magazine | October 7, 2020

By Ray Rothrock
Federal teleworkers need to know the cyber basics.

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign.

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

Pets vs cattle: How to get cloud and DevOps security right

ITProPortal | September 25, 2020

A look at security, both on-premise and in the cloud.

By Dr. Mike Lloyd

In a world as nebulous as cloud computing and DevOps, analogies can sometimes help us to think more clearly. The idea of “pets versus cattle” was first used nearly a decade ago to help delineate the difference between traditional on-premises IT and the cloud, and has become a firm favorite in the DevOps community ever since. But there are also lessons here for cybersecurity teams, as long as they’re able to see through the limits of the analogy and understand where the main challenges are.