With COVID-19 variants on the rise, widespread remote work may be sticking around longer than IT leaders would like, which comes with a heightened risk for cyberattacks that could expose customer data, steal company information, or take control of internal operations
"The rise in attacks comes at a time when cybersecurity experts are in short supply - in 2020, over 3 million cybersecurity positions needed to be filled.
Enterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill. Fortunately, there are several security best practices enterprises can follow that don't require them to have an in-house cybersecurity expert.
3 tips to enhance your security now
Here are three best practices that can help strengthen your security sooner rather than later:..."
Organizations are increasingly turning to AI and ML to enhance their cybersecurity operations. Having algorithms to do some of the most tedious but necessary tasks has taken a lot of stress off of overworked security teams.
"But as AI/ML become more ubiquitous within organizations in many other areas, the technologies themselves are at risk of attack. The Harvard Kennedy Center's Belfer Center for Science and International Affairs recently released a report warning of 'a new type of cybersecurity attack called an 'artificial intelligence attack.''
These attacks, the report said, are different from other types of cyberattacks. 'AI attacks are enabled by inherent limitations in the underlying AI algorithms that currently cannot be fixed.' They present a bigger attack surface by weaponizing data and physical objects that rely on AI and ML..."
Ransomware is a top agenda item for executives and board of directors with organizations across the globe. Jim McGann presents five questions that every organization, whether a global enterprise or a micro-business, needs to have answers to with regards to this threat.
"In the past, ransomware attacks were less common and easier to combat, however, today with the rise of bitcoin and ransomware as a service, attacks are more common than ever.
Additionally, cyber criminals used to rely on simple business email compromise attacks and send out thousands of infected emails hoping someone would innocently click. Today, these bad actors have become far more sophisticated, utilizing machine learning and hidden approaches that easily circumvent existing security applications.
As a result, organizations have realized the inevitable: it's not if, but when the attack will occur. If your organization is relying on the status quo to continue your IT operations as is, you will soon be faced with a few tough questions from your executives - questions for which you will need to have a confident and intelligent answer..."
Being struck by ransomware has been compared to having a heart attack
"It's something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes - and sometimes hours - organisations are on their own.
It's a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack's effects even worse. Eventually a growing number call for help, valuing the experience of a service provider that's seen others go through the same mill many times before..."
Privileged access management (PAM) has long been central to a good enterprise cybersecurity strategy
"However, its nature is changing. The pace of digital change is speeding up and reliance on the cloud increasing. So, businesses and agencies must develop new PAM strategies to keep up. Processes and tools that could support yesterday's on-premises IT rarely meet the needs of today.
The events of 2020 sped up the pace of digital adoption across workplaces. But even before that, IT and cybersecurity experts lacked confidence about whether their PAM tactics were working. Nearly 40% of the respondents to a mid-2019 survey from Remediant said they weren't sure their current PAM solution would be able to prevent all misuse of privileged accounts, and 8% weren't certain that it could prevent any..."
The cybersecurity market continues to grow its capabilities and enterprise tech offerings, especially as changing workforce patterns and a growing number of malicious attacks have necessitated rapid change
A Closer Look At Cybersecurity Software
- Today's cybersecurity market
- Cybersecurity companies
- Cybersecurity features and solutions
- Cybersecurity use cases
- Benefits of cybersecurity
Today's Cybersecurity Market
The cybersecurity market is valued at $179.96 billion in 2021 and is estimated to more than double to $372.04 billion by 2028, according to Grand View Research.
Researchers attribute this rapid rate of growth to a few factors: a growing number of cyberattacks and sophisticated attack vectors; protections needed for an increasingly distributed workforce; and a desire to restructure security to better fit a cloud environment...
Today, most nations fear terrorist attacks that involve bomb reinforcements such as machine guns and other firearms, as terrorist attacks cause many people to die and other people to become disabled while others are left without families
"However, today in many countries, there is one more attack that can be destructive, and these are cyberattacks and threats.
The rapid proliferation of cyberattacks worldwide costs companies a significant amount to better protect their computer network from intrusions. Cyberattacks are not only becoming more frequent but also result in large financial losses for victims..."
Panther Labs released the findings from their report which surveyed over 400 security professionals who actively use a SIEM platform as part of their job, including CISOs, CIOs, CTOs, security engineers, security analysts, and security architects, to gain insight into their current SIEM challenges, frustrations, and desires when it comes to capabilities.
'Insights from this report confirm what my team and I have also experienced working at companies like Amazon and Airbnb - traditional SIEM platforms no longer meet the growing needs of security practitioners who face new and emerging threats,' said Jack Naglieri, CEO and founder of Panther Labs.
'The threat detection market is undergoing a radical transformation fueled by continuously evolving changes to infrastructure, remote workforce, budget restructuring, and other business, compliance, and security drivers. Our goal with this report is to assess the current state of SIEM, what security professionals are seeing, what they're concerned about, and what they want to improve.'
The importance of zero-trust network architecture (ZTNA)
"The security of your home will improve significantly when you complement the lock on your front door with an alarm and video surveillance system that tracks everyone knocking at your door, passing through it, and moving around your house. But this will not stop criminals from breaking your windows and quickly grabbing everything within reach, trying to manipulate and deactivate your alarm system remotely, or watching your every move to gather sensitive information. Similarly, a zero-trust network architecture (ZTNA) is an important first step to enhance business security, but a comprehensive zero-trust strategy requires taking additional steps..."
The term 'zero-trust' may sound gimmicky at first glance, but in reality, organizations are increasingly adopting this approach to shore up network security from multiple angles.
"Forrester coined the term zero-trust in 2010 to describe the idea that nothing is inherently safe and that everything must be continuously verified. You may have heard the motto, 'Trust nothing; verify everything.' This is a great way to think about zero-trust in Cybersecurity.
Forrester identifies tools that help to promote a zero-trust network culture, including:
- Access controls
- Multi-factor authentication
- Device identification and verification
- SIEM and other Cybersecurity platforms that continuously monitor network environments
In its Aug. 2020 special publication 'Zero Trust Architecture,' NIST defines zero-trust as a term for an 'evolving set of Cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.' The agency further identifies zero-trust architecture as the framework for applying zero-trust principles to infrastructure and workflows..."
See all Archived IT - Security articles
See all articles from this issue