cybersecurity (15)

12744515662?profile=RESIZE_400xThe recent U.S. Supreme Court decision in Loper Bright Enterprises v. Raimondo questions the topic of cybersecurity regulation. The Court's decision effectively overturned the Chevron Doctrine, a longstanding principle that gave deference to federal agencies' interpretations of ambiguous laws. Cybersecurity leaders are now scrambling to understand the implications for regulating the threat landscape already a moving target.  Business leaders have questioned the validity of unelected bureaucrats

12400254075?profile=RESIZE_400xCyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity.  AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.  Adversaries can use AI as part of their exploits.  It is never been more critical for us to design, deploy, and use AI securely.

See:  https://redskyalliance.org/xin

12360309462?profile=RESIZE_400xFor over a decade, the Security and Exchange Commission (SEC) has been working with corporations and their many stakeholders to seek ways to appropriately influence corporate governance around cybersecurity. On 26 July 2023, the SEC voted to implement new rules for all publicly traded corporations.[1] [2]  

In 2011, the SEC issued guidance to help companies understand they should take responsibility for reducing cyber risk.  This was guidance vice formal regulation, but it helped raise awareness

12331833873?profile=RESIZE_400xIn the face of unrelenting pressure from significant cyber incidents and regulatory action to mitigate them, enterprises are assessing whether they are doing enough to deal with cybersecurity.  Public companies are evaluating responses to new SEC rules calling for disclosures regarding cybersecurity strategy, risk management, and governance practices.  The SEC’s action against Solar Winds is setting off alarm bells throughout the cybersecurity community, causing CISOs to worry about personal lia

12264389452?profile=RESIZE_400xLast year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is m

12234694483?profile=RESIZE_400xA US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants.  About 380,000 are furloughed, meaning they cannot work or get paid.  The rest are working without pay.  A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.

Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms.  The US government wil

12201635273?profile=RESIZE_400xContext helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions quickly.  Today’s modern network demands solutions that go beyond simple one-size-fits-all approaches.  Traditional protection methods have proven inadequate against evolving threats, and modern cybersecurity solutions often integrate multiple security tools and technologies.[1]

These considerations, combined with the increasing volume of data generated from various so

12176160254?profile=RESIZE_400xMaintaining today’s digital acceleration takes time, effort, and scrutiny.  Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times.  Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough

11072920667?profile=RESIZE_400xThe Internet continues to expand and connect more devices every minute.  The number of connected devices is now over 10 billion, so the need for effective cyber threat intelligence sharing has never been greater.  Cyber-attacks have increased in frequency and sophistication, presenting significant challenges for organizations that must defend their data and systems from capable threat actors.   Cyber threat information is any information that can help an organization identify, assess, monitor, a

10905394052?profile=RESIZE_400xPoor results reflect that (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.  So, a school grade of “C”, a score of

10855623668?profile=RESIZE_400xAs a young intelligence officer, if you had told me an adversary could act anonymously and alone, easily acquire the most advanced weaponry, disrupt or take down almost any “connected” target globally, and our ability to prevent these attacks was systemically flawed – I would have been astonished.  As always, all adversaries integrate intention, capability, and opportunity.  With cyber warfare, a breadth of adversaries and individuals can bring to bear all three by continuously aiming at the U.S

9442939895?profile=RESIZE_400xNew guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code.  The best practices could be a model for the private sector as well.  NIST's release of best practices carries out a mandate in President Joe Biden's May executive order on cybersecurity, which, in part, called for agencies to address supply chain threats, such as that posed by the SolarWinds incident

9259840279?profile=RESIZE_400xDie Zahl der registrierten Cyberkriminalität steigt im deutschen Cyberspace weiter an, wobei sich Cyberkriminelle zunehmend auf "größere Beute" konzentrieren.  Die Zahl der DDoS-Attacken nimmt weiter zu, ebenso deren Intensität.  Die Täter sind global vernetzt und agieren mit zunehmender Geschicklichkeit und Professionalität.  Die Dark-Web-Underground-Economy wächst und stellt eine kriminelle, globale Parallelökonomie dar, die primär auf finanziellen Profit aus ist.  Haupttreiber des Profits ist

8120562100?profile=RESIZE_400xThey say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most securi

4026067745?profile=RESIZE_710xNo, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community