In one report from CSO Online called “The Current State of Cybercrime,” from a study conducted less than a year ago in the U.S., it was found that 6 out of 10 boards “believe cyber risk is an IT problem.” As long as this belief exists, organization leaders will remain disengaged from the solutions and their role in supporting a robust cyber risk management strategy.
In 2000, odds were most judges wouldn’t scold most companies for not having multi-factor authentication. A password was enough. But now, when Google offers multi-factor authentication on gmail accounts, the bar has been raised. What’s reasonable has changed, and just using passwords might not be reasonable anymore.
Just 11 percent of information security professionals are women, and although women in the field are more likely than their male co-workers to hold a master’s degree or higher, they still hold less workplace authority. With that in mind, and given the ongoing cyberseucity skills shortage, the industry is making meaningful steps toward inclusion, as evidenced by the many engaging discussions on the topic that took place at RSAC 2018.
In February 2014 the U.S. National Institute of Standards in Technology (‘NIST’) published the first NIST Cybersecurity Framework, responding to an Executive Order on improving critical infrastructure cybersecurity issued by President Obama. At the end of last year, NIST released draft two of the Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, which incorporates feedback received by NIST since the release of Version 1.0.
“Cybersecurity is critical for national and economic security,” said Secretary of Commerce Wilbur Ross. “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must do for all CEO’s.”
The Australian Cyber Security Centre’s expanded role will include more proactive advice to a wider range of stakeholders, while cyber incidents are becoming ‘much more destructive’.
An industry group of 34 high-tech companies led by Microsoft, have signed today a tech accord, agreeing to defend customers at all costs from cybercriminal and nation-state cyber-attacks, but also not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users.
Security researchers observed a noticeable spurt in the activities of advanced persistent threat (APT) groups based in certain parts of Asia and in the Middle East during the first three months of the year.
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime’s ‘web of profit.’
On April 19, 2018, an industry partner notified NCCIC and the FBI of malicious cyber activity that aligns with the techniques, tactics, and procedures (TTPs) and network indicators listed in the Alert.