Tag Archive for: CISOs

Ransomware 3.0 – Where the CISO’s most feared scenario goes next

/in


Ask any CISO what keeps them awake at night and the answer is bound to be: ransomware. A proven money-maker for cybercriminals, ransomware can be devastating to your business – it can wipe out core operational systems; can cost you millions of dollars to recover from; can result in a stock downturn and job losses; and it should be entirely avoidable.

A brief history of ransomware

Ransomware 1.0 really kicked in with the advent of cryptocurrency, allowing cyber criminals to anonymously monetize the attacks. In this first iteration, the malware was sent out in massive quantities of malicious emails into the wild and it would demand payment from whatever machine it happened to infect. This reached a peak when, in May 2017, the global WannaCry outbreak used an automated attack mechanism to infect hundreds of thousands of machines, bringing panic across the security industry, and impacting critical national infrastructure like healthcare institutions. Unprecedented in its scale, WannaCry underlined the fact that ransomware was able to create massive extortion opportunities from public and private organizations alike.

Source…

7 cybersecurity priorities CISOs should focus on for 2021

/in


In 2020, a world inexorably going digital was sped up by COVID-19, necessitating businesses to enable remote workforces overnight, without planning or preparation. This change required chief information security officers (CISOs) to ensure digital security on the go, simultaneously reckoning with new and emerging threats, while ensuring business continuity in a workplace that now featured a multiplicity of systems, networks, devices, programs, processes and overflowing information.

How CISOs should prepare for 2021

As cyberattacks grow in number and sophistication, 2021 is unlikely to be different. Based on what we have seen so far, two assumptions can be made. The pandemic will linger long into this year, and the virtualized workplace will expand as businesses grow. Both assumptions mean increased CISO workloads and more imponderables.

I believe there are seven imperatives for CISOs to focus on for 2021.

1. Make cybersecurity a boardroom agenda

As digital transformation has become the core component of almost all business processes, security has become a business concern, and as a result, cybersecurity should firmly be on the boardroom agenda of all organizations. The role of a CISO has significantly evolved from being focused on technology alone to also considering business risks as well. They should engage with their peers across business units, explaining the significance of having a robust cybersecurity program. The management level councils and forums shall serve as an essential medium to engage with stakeholders to drive strategic initiatives.

2. Invest in cloud security

As businesses continue to move to the cloud, CISOs must prepare against more (specific) threats — data breaches, denial of service, insecure APIs and account hijacking, among others — simply because the growing amount of information in the cloud attracts cybercrime. Most cloud service providers include built-in security services for data protection, regulatory compliance and privacy, secure access control capabilities for effective security risk management and protection in public cloud. Yet, it is critical for organizations to build a robust strategy for risk management framework, secure cloud…

Source…

Three ways CISOs should be rethinking mobile security in 2021

/in


In order to comply with the new working model, CISOs will need to make ‘mobile security’ a priority on a much broader scale to prepare for future challenges. Josh Neame, Technology Director at BlueFort Security, suggests ways that CISOs should be rethinking how they approach ‘mobile security’ to ensure their organisation is both productive and secure in 2021.

The Coronavirus pandemic has had a significant impact on many aspects of the economy. But while many businesses have been focusing on maintaining operations in the face of remote working and changing consumer demands, threat actors around the world have been capitalising on the crisis.

Deloitte points out that its Cyber Intelligence Centre has observed a spike in phishing attacks, Malspams and ransomware, with threat actors using COVID-19 as bait to mislead employees – many of whom are now working remotely, beyond the confines of the corporate network and using a variety of mobile devices. 

CISOs are now facing a host of new security challenges brought on by the rapid deployment of tools, technologies and processes that enabled people to work remotely. Many of these changes happened in a matter of days and the rushed nature of the rollout now poses some major data security issues.  The ‘new normal’ has changed both the scope and definition of how CISOs will need to think about ‘mobile security’ going into 2021. 

The risk of insider threat is not a new one. However, the shift in working practices, associated devices and locations is making it far easier for these types of threat to go unnoticed – whether they’re malicious or just a simple mistake. The mobile nature of the new IT environment means CISOs will need to consider a range of new tools and processes. Here we look at three ways CISOs should be rethinking how they approach ‘mobile security’ to ensure their organisation is both productive and secure in 2021.

  1. The proliferation of mobile devices

With more employees now working on mobile devices, the key question for CISOs is: are the devices my employees are using properly secured? The proliferation of mobile devices widens the organisation’s potential attack…

Source…

71% of CISOs Believe Cyber-warfare is a Threat to Their Organization – Infosecurity Magazine

/in

71% of CISOs Believe Cyber-warfare is a Threat to Their Organization  Infosecurity Magazine
“cyber warfare news” – read more