Threat watch: The ongoing Russia-Ukraine war continues to pose both direct and indirect risks to enterprise networks, says Michael Baker, vice president and IT CISO of IT services and consulting firm DXC Technology. He also discusses recruiting and retaining new talent.
The public-private Ransomware Task Force last year issued numerous recommendations for battling ransomware, and task force member Marc Rogers of Okta says that while the problem persists, better mechanisms are helping to blunt such criminal activity.
How can companies make their cybersecurity posture more transparent to stakeholders? That's a question being asked by both boards of directors and potential investors, says Stephen Boyer, founder and CTO of BitSight. He discusses the impact of new regulations and guidance from agencies.
Organizations have created significant security challenges by rapidly migrating applications, data and workloads to multiple public clouds over the course of the COVID-19 pandemic, according to Abbas Kudrati of Microsoft and Upendra Singh of HCL.
Ransomware continues to pummel organizations, with the average ransom payment reaching $925,000 so far this year, but the aggregate financial impact of business email compromise attacks is even worse, says Wendi Whitmore, head of Unit 42 at Palo Alto Networks.
Cloudflare says it detected and mitigated "the largest HTTPS DDoS attack on record." The 26 million requests per second DDoS attack likely originated from hacked virtual machines and servers kept by cloud computing hosts and was likely exacerbated by computationally intensive encrypted web traffic.
Ransomware groups such as Conti are beginning to move away from encrypting systems. Instead, they are stealing data, especially from public companies, and threatening to leak it publicly to extort ransom payments, says cybercrime expert Vitali Kremez, CEO of AdvIntel.
As Russia's invasion of Ukraine continues, it's notable that Ukraine's government - and much of the country - has remained connected to the internet. That's happening despite fierce Russian cyberattacks, says cybersecurity expert Mikko Hypponen, who highlights Ukraine's defensive mojo.
Threats facing industrial control systems are well-documented, and as the Russia-Ukraine war continues, concerns are rising about reprisals aimed at poorly protected Western critical infrastructure, says Lionel Jacobs Jr., security architect for ICS and SCADA systems at Palo Alto Networks.
Implementing modern architectures such as zero trust and secure access service edge remains an issue for many organizations. This challenge is further amplified by the shortage of skilled cybersecurity personnel, says Kate Adam, senior director of enterprise product marketing at Juniper Networks.
Organizations are struggling to implement all the security technology they've purchased and ensure they are protected across the most important areas of risk and posture, according to Amol Kulkarni, chief product and engineering officer at CrowdStrike.
Business-critical applications, the crown jewels of the modern enterprise, are increasingly targeted due to their significant value, and many organizations are struggling to secure them. These systems must be properly deployed, monitored and maintained, says Onapsis CEO Mariano Nunez.
Anyone using machine-learning models to support so-called artificial intelligence capabilities must prioritize ethical design to ensure the systems work equally well for all, says industry veteran Diana Kelley. She also discusses how to include and keep people in cyber.
Microsoft’s June rollout of security flaw fixes includes patching Follina, a zero-day exploit launched via malicious Office documents which has been spotted being exploited in the wild. From July users with E3 licenses and above will have the option of automatic updates instead of manual Patch Tuesday fixes.
The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.