"With human error as the leading cause of breaches and security incidents within the enterprise, organizations should offer employees mandatory security awareness training with regular refreshers...
Believe it or not, most studies show that employee human error is by far the leading cause of malware infestations, data breaches and other security incidents within the enterprise. While these are referred to as insider threats in the IT security world, that name is somewhat misleading..."
In his 2019 letter to shareholders, JPMorgan Chase's CEO Jamie Dimon wrote: " The threat of cyber security may very well be the biggest threat to the U.S. financial system."
This isn't news to bankers. In Cornerstone Advisors' annual What's Going On in Banking study, cybersecurity has been a top concern of C-level bank and credit union execs for the past few years...
"91% of CISOs suffer 'moderate or high' levels of stress. Here are some ways to help...
Former CISO Karen Worstell doesn't mind sharing her burnout story with others in the industry as a cautionary tale. About a decade ago, she left her role as VP of risk management at AT&T Wireless following a grueling merger project. She took a two-week vacation and then started her new role as CISO at Microsoft. Her adjustment into the new culture proved rocky and excruciatingly stressful after her boss laid out her performance metric for the year: No hack, no leaks..."
"Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
The fear of cyber breaches looms heavy for many businesses, large and small. However, many companies are so busy looking for bad actors throughout the world that they ignore the threat from within their own walls..."
"Many entities face the same security risks so it is essential to have an insight on how to manage them and respond in case of occurrence...
BakerHostetler's privacy and data protection team released its 2019 Data Security Incident Response Report, which leverages the metrics and insights drawn from 750 potential incidents in 2018 to help entities identify and prioritize the measures necessary to address their digital risk posture..."
"How should businesses plan to survive a potential cyber attack extinction event?
The world is full of dangers and some of the most deadly are those that we ourselves unwittingly encourage or allow. An example of this is believing that someone else has your back, such as your IT or internet supplier.
We need to accept that despite the cyber security initiatives that we trust our IT suppliers have taken, it is entirely possible for a cyber attack to cripple the company's IT. So what can a company do to enable recovery from such a devastating attack?..."
"As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero trust approach to network security.
Zero trust may seem like just another security buzzword, but organizations are increasingly finding reasons to take the zero trust approach to network security.
In the early days of the internet, network security professionals borrowed medieval terminology to describe network defenses: Moats, bastion hosts, perimeters, firewalls and gateways all figured into the network defender's vocabulary. In those days, the baseline network infrastructure was as simple as organizations dividing hosts into two categories: internal and trusted vs. external and untrusted..."
"Prioritizing key log sources goes a long way toward effective incident response.
Like a triage nurse, security professionals have to prioritize the data that will help them best identify problems and keep the organization, its data, and devices safe from intruders and cyberattacks.
However, logging and monitoring all relevant events from across the IT environment can be challenging..."
"Organizations looking to heighten security awareness among employees need to cover a wide variety of security awareness training topics, but social engineering tops the list...
When organizations decide to shore up their employee security awareness efforts, the security awareness training topics they address may be broader than they originally expected. They should cover universal concepts, as well as unique situations exclusive to the organization itself..."