AiiA summer roundup on Cyber Security
Thought provoking pieces on what affects you
Cyber Security has been a hot topic this summer, both on the regulatory front and implementation front. Learn how it all comes together with this roundup on all things cyber security.
Download this report to to see how your enterprise can build a strategy for third-party risk management that aligns with the overall business and cyber strategy.
This Cyber Security Hub Market Report highlights:
- The business case driving third-party enterprise risk management
- Examples of data breaches where due diligence and partner risk management could have contributed to a different outcome
- Shared responsibility for a data breach
- Estimating the financial impact of a data breach
- Third-party risk assessment frameworks
- The role of InfoSec in data loss mitigation
- Steps to assess current third-party relationships
Organizations are rapidly moving to cloud providers for legitimate reasons, including reduced costs, digital transformation initiatives, and improving the agility of business. This allows organizations to focus on distinct, core competencies and how to generate revenue or deliver services. To mitigate risks of a cloud migration, it’s important to ask the right questions that are detailed in this article such as:
- Do we have the right to audit? How does the provider prove audit compliance?
- Availability – DR and BCP
- Regulation compliance
- Data access & ownership
- Incident response
- Retention and destruction
Have you ever wondered, in regards to cyber security, where your organization aligns with your competitors or even amongst enterprise organizations as a whole? Do they face the same threat vectors, plan to increase their budgets or struggle with mobile device security in the same way you do?
This webinar can help you answer those questions while examining 6 key findings that rose to the top of our successful Cyber Security Mid-Year Snapshot 2019 report.
- Among the webinar discussion points:
- Cyber security sentiment
- Cyber budgets
- Data privacy legislation/GDPR
- Cloud security
- Talent crisis
- Security awareness over the next 6 months
In part two of this Task Force 7 Radio podcast recap, this week’s guest David Raviv shared a few cyber security career lessons, discussed the challenges of cyber security startups, and offered insight into the changing enterprise cyber landscape. He discusses:
- Beating the odds
- Building a successful cyber security startup team
- Three cyber security market insights
Our Digital Summit speakers described the value in a network triage from patching end-of-life systems and applications to scanning for open applications and open ports to monitoring early warning systems from networks of honeypots where attackers unknowingly practice their craft on legacy systems and inform advisory services of attack trends and new exploits. This includes:
- Avoiding investments in security symptoms and tactics
- The value of incident detection & response
- Incident response and containment
- Security orchestration, automation & response (SOAR)
- Digital Summit summary
On this week’s Task Force 7 Radio podcast, guest host Andy Bonillo welcomed Devon Bryan, the Executive Vice President and CISO for the National IT Organization of the Federal Reserve System, and Co-Founder of the International Consortium of Minority Cyber Security Professionals (ICMCP) to talk about diversity in a cyber security workforce. This recap goes over:
- Cyber’s diversity problem
- Programs making a difference in diversity
- Leading high-performance teams
- Creating pathways for service members into cyber security
- How to make dramatic change in the industry one life at a time
What is the value of your organization’s data and assets to an attacker? To have a truly robust cyber defence plan, it is critical that organizations recognize their desired outcomes while dedicating an appropriate amount of resources to achieving them. This webinar goes over:
- Why identification of the various sources of cyber risk is critical to implementing a successful security strategy unique to your organization
- Why organizations should focus their efforts on processes and technologies that help them achieve meaningful security outcomes and not simply fulfilling security tasks
- What the modern threat landscape means for you across the industry and the size of your organization
No industry sector can claim immunity from data breaches. Vertical markets with large customer bases, including healthcare and financial services, tend to lead in terms of the number of customer records exposed. Government agencies also fall into this group of potentially attractive targets with large amounts of personally identifiable information (PII). Impact to organization goes years beyond the incident.
As the technology continues to evolve, so too should the strategies CISOs and enterprises develop in order to remain secure. This report examines the ins and outs of today’s hybrid cloud setups so enterprises can better understand the technology and vulnerabilities, in order to develop the right cloud security strategy to fit their needs. The report highlights:
- How variations of cloud computing infrastructure bring complexity to the enterprise
- The industry view on cloud security
- Finding the right cloud security strategy for your industry and organization
- What to consider around cloud contracts
- Creating new opportunities with the future of cloud security
You can’t tackle the latest tech without a solid foundation. Dennis Leber talks about maturing your enterprise security and poses this warning: you cannot build a castle on a sand foundation.
IoT Device Deployments Are Outpacing IoT Security Measures
IoT has successfully evolved from concept to commercial deployment. Yet the most problematic concern about this technology is security. This article touches on all things penetration testing (pentesting) including:
- The benefits of pentesting an IoT environment
- The steps necessary for successful IoT pentesting
- The issues with pentesting an IoT environment
- How to prepare for successful, secure IoT deployments
Is it possible to understand the impacts of cyber incidents before they happen? In this podcast recap, President and CEO of Secure Systems Innovation Corporation (SSIC) discusses cyber security in industry including:
- The most significant change in cyber security
- Understanding cyber risk in financial terms
- A breakthrough in cyber security risk
- The cyber insurance market today and tomorrow
Survey respondents say ongoing talent crisis is challenging for security teams. There are many theories around the talent gap in cyber security – some say there is a talent shortage, some say there is a skills gap, and others believe recruiters and/or those hiring don’t know what they’re looking for — among a plethora of other opinions. Regardless, it was a critical topic of discussion in our latest market report, “Cyber Security Mid-Year Snapshot 2019.”
This podcast recap features Andy Bonillo, VP & CISO of Ciena. He takes a look at who should own cyber risk and transforming cyber security culture. He touches on:
- Where CISOs should report
- The role of the CEO in cyber security
- The less apparent impacts of a security breach
- Balancing cyber innovation with the basics
- More effective security awareness
Whether mandatory or not, enterprises can find industry frameworks useful. After establishing a risk assessment and risk management as the foundation for a cyber security program, many enterprises then turn to a control framework or set of standards to help streamline processes and reduce costs. Standards can help the organization define terminology, and manage systems, processes and controls in a more streamlined or uniform manner.
This podcast recap features Eric Murphy, Vice President of Security Research at SpyCloud, as he talks about the democratization of crimeware and “spray and pray” attacks. Murphy discusses:
- Defining the intelligence data collection challenge and assessing readiness
- Weighing proactive vs. reactive approaches to this challenge
- The difference between identity theft and an account takeover
- Overcoming the ATO awareness challenge
- Combating the rise in enterprise ATO
6 Cyber Security Trends To Watch Going Into 2020
In May 2019, Cyber Security Hub surveyed executives to see if their challenges and focuses have changed half way through the year. With the ability to benchmark these results to a previous survey (November 2018), we can see where priorities started in the beginning of 2019, and where they are headed as we enter the latter half of the year. This article touches on the six key findings from the research.
In this podcast recap, longtime publicist, strategist and producer of Google’s "Power On" film series, Ngoc Nguyen, connects entertainment with tech. She discusses her career and her work promoting women in STEAM fields. Also:
- Her history of empowering women
- How to build the right skillset
- Connecting entertainment and tech
- Bringing in more diversity
Winter and spring were not kind to the Internet of Things (IoT), and it’s not looking any better heading into the summer months. This article explores what’s wrong with IoT devices today, who’s responsible, and what we can do moving forward to increase consumer confidence in the IoT. This is not a technology problem.
Enterprise leadership must maintain an ongoing inventory of all impacted IT assets in order to better mitigate any related cyber security risks. Download “Preparing Enterprises For Quantum Computing Cyber Security Threats” in order to learn:
- What is quantum computing?
- The impact of quantum computing on cryptography.
- How to prepare for quantum computing now.
CNBC Cyber Security Reporter and author of the new book, "Kingdom of Lies", Kate Fazzini, is featured in this podcast recap and answers the question, is the biggest corporate issue specific to tools, communication, diversity, or something else? She also discusses:
- Diving into the biggest corporate problem
- Communication issues within government
- The disconnect of cyber security news
- Cyber security education and training
- Cyber security marketing mistakes
In this age of rapidly evolving IT and emerging cyber threats, any organization that interfaces with sensitive data needs to detect and respond quickly to security incidents. While outside experts can help, seeking external help only during a critical time of need is a risky strategy.
A well-crafted incident response (IR) plan will help your organization perform at its best by preparing for the worst. That’s because an incident response plan serves as your master blueprint when navigating the challenges of a serious infosec incident.
Download the full ebook, "Preparing For Battle: Building An Incident Response Plan," to learn:
- The foundational concepts of crafting an incident response plan prior to an attack.
- The design principles for processes that cater to different degrees of escalation in a security event.
- Best practices in training your organizational stakeholders to respond efficiently and effectively.
Scare tactics and the media are often two items that are grouped together in the cyber security industry (anyone else tired of seeing the guy in the dark hoodie in front of the computer?). Fear is oftentimes used to make an impact on cyber security headlines because they’re memorable for consumers. However, this is not always the case in the corporate world.
CNBC reporter and adjunct professor of cyber security in the Applied Intelligence program at Georgetown University, Kate Fazzini, explains how she wants to change that in this in-depth interview.
This article helps us understand why hackers want to attack mission-critical supply chain systems. It covers:
- Key findings
- A simple but often overlooked solution