Among your primary responsibilities as a board member is providing advice on both business strategy and enterprise risk. A general understanding of risk management is essential when looking at cyber risk specifically. Ultimately, an enterprise should consider adding cybersecurity expertise to its board membership, but all members can benefit from increasing their understanding about how cyber risk affects corporate strategy and the overall enterprise risk profile. To provide effective strategic advice to company leadership on cyber risk, you must ask the right questions, including whether a company does ongoing cyber risk assessment and management, and how.
Published By: Lookout
Published Date: Aug 30, 2017
Most people define mobile devices – smartphones and tablets – as those
running a mobile-optimized operating system (e.g. iOS, Android, Windows
Phone). There’s a trend emerging, however, in which traditional mobile
devices are gaining functionality typically associated with PCs.
At the same time, PCs are being architected more like mobile devices — an
interbreeding of species, if you will. The iPad Pro, for example, has a
keyboard. With Windows 10, phones and tablets can run “Universal” apps
that also run on PCs. Windows 10 also has application-layer sandboxing,
code-signing, and an app store with apps pre-vetted by Microsoft. In
certain configurations (i.e. enterprise-managed devices), a laptop running
Windows 10 has a security architecture that looks strikingly similar to a
smartphone or tablet.
Published By: Lookout
Published Date: Sep 25, 2017
“We don’t have a BYOD programme.”
This statement, referencing mobile device usage in the workplace, is a refrain often heard in European organisations that are
tasked with securing the privacy of highly confidential data and personally identifiable information, and managing employee
authorisation and access to that data. However, businesses often believe that they aren’t actually subject to cyber-threats
from mobile devices because, simply, they don’t currently allow personal mobile devices to access their networks. Ultimately,
this posture puts data at risk because every company has a BYOD policy whether they like it or not.
For the past decade, financial institutions have created sophisticated digital platforms for consumers to access, save, share and interact with their financial accounts. As sophisticated as these digital platforms have become, cyber criminals continue to pose an ever-present risk for everyone – from individual consumers to large corporations
In his recent article, 2018 Outlook: Customer Experience and Security Strike a Balance, Andrew Davies, vice president of global market strategy for Fiserv’s Financial Crime Risk Management division, explains how and why security will become a key differentiator for financial institutions as they respond to a changing landscape, which includes:
•Global payment initiatives
•Open Banking standards
•Artificial intelligence and machine learning
•Consumer demand for real-time fraud prevention and detection
An optimized hybrid IT infrastructure enables innovative business outcomes—but rapid IT transformation also creates new risks, threats and vulnerabilities. Coupled with increasingly sophisticated cyberattacks and complex regulatory pressures, managing risk in today’s digital environment becomes even more critical to the enterprise. Download now to learn more.
MIT Technology Review Survey: Executive Summary
Are you prepared for the next breach? Only 6% of leaders say yes.
Information security—or, the lack of it—is firmly on the radar for business and IT leaders in organizations of all sizes and in every sector. Many fear that their companies are ill-prepared to prevent, detect, and effectively respond to various types of cyberattacks, and a shortage of in-house security expertise remains of widespread concern.
Those are among the initial findings of the Cybersecurity Challenges, Risks, Trends, and Impacts Survey, conducted by MIT Technology Review of approx. 225 business and IT executives, in partnership with Hewlett Packard Enterprise Security Services and FireEye Inc.
Research conducted by The Economist Intelligence Unit (EIU), sponsored by Oracle,
provides answers. The results show that a proactive security strategy backed by a fully
engaged C-suite and board of directors reduced the growth of cyber-attacks and
breaches by 53% over comparable firms. These findings were compiled from responses
by 300 firms, across multiple industries, against a range of attack modes and over a
two-year period from February 2014 to January 2016.
The lessons are clear. As cyber-attackers elevate their game, the response must be an
enterprise solution. Only C-suites and boards of directors marshal the authority and
resources to support a truly enterprise-wide approach. In sum, proactive cyber-security
strategies, supported by senior management, can cut vulnerability to cyber-attack in half.
Published By: Symantec
Published Date: Aug 15, 2017
Stay ahead of the evolving threats.
Organized crime is driving the rapid growth and sophisticated evolution of advanced threats that put entire website ecosystems at risk, and no organization is safe.
The stealthy nature of these threats gives cybercriminals the time to go deeper into website environments, very often with severe consequences.
The longer the time before detection and resolution, the more damage is inflicted. The risk and size of fines, lawsuits, reparation costs, damaged reputation, loss of operations, loss of sales, and loss of customers pile up higher and higher.
The complexity of website security management and lack of visibility across website ecosystems is further impacted by the fact that it is nearly impossible to know how and where to allocate resources.
Website security must be evolved in line with these growing threats and challenges.
This paper reveals how not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.
Businesses are battling immense competitive pressures. In order to succeed—or even survive—they must rapidly adapt to constantly changing environments, in every industry and sector.
What does this mean for IT leaders? Transformation, on all fronts.
Download this whitepaper to find out the benefits of Cisco ASAP Data Center Architecture.
Lax SSH security and management can lead to significant gaps in security controls. Cybercriminals target these gaps to gain full access to sensitive, regulated, and valuable systems and data.
Read the solution brief, Stop Unauthorized Privileged Access, to close these SSH security gaps and protect your business:
• Learn about the top SSH vulnerabilities
• Discover how to reduce risk of SSH key misuse
• Develop a strategy to manage and secure SSH keys
The SANS 20 Critical Security Controls for Effective Cyber Defense offers a blueprint of prioritized guidance to reduce risk. New updates to the SANS 20 signify the growing need to secure digital certificates and cryptographic keys to preserve trusted communications for all of your critical systems and your organization’s interactions with customers and partners.
Too often cyberattacks on keys and certificates are successful because basic security controls are not present or not properly configured. Download the Solution Brief to learn how you can effectively build scalable controls and reduce risk:
• Manage the rapid growth in certificates
• Gain visibility into where keys and certificates are located
• Secure your certificates against cyberattacks
• Enforce automation of certificate issuance and renewal
Published By: Panasonic
Published Date: Aug 04, 2016
Cybersecurity is top of mind for companies with workers using mobile computing devices. Report identifies top field service security risks, why security policies are critical, and includes a security checklist.
The included Framework for Inquiry is a non-prescriptive exercise that can help boards and management craft a replicable reporting template for reviewing risk levels, measuring operational effectiveness, and prioritizing initiatives over time.
Reports of cyberattacks now dominate the headlines. And while most high-profile attacks—including the major breaches at JP Morgan, Anthem and Slack—originated outside of the victimized organizations, theft and misuse of data by privileged users is on the rise.
In fact, 69% of enterprise security professionals said they have experienced the theft or corruption of company information at the hands of trusted insiders.1 There are also cases where a company’s third-party contractors, vendors or partners have been responsible for network breaches, either through malicious or inadvertent behavior.
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy.
Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate—across mobile, private and public cloud, distributed and mainframe environments.
Privileged credentials have served as a major attack vector in the successful execution of many breaches. Protecting privileged access is an imperative to successfully defend an organization from a breach and is a core requirement of multiple compliance regimes.
CA Privileged Access Management helps drive IT security and compliance risk reduction and improves operational efficiency by enabling privileged access defense in depth—providing broad and consistent protection of sensitive administrative credentials, management of privileged identity access and control of administrator activity.
Intrusion Detection Systems have ceased to live up to their name and have lost their ability to spot today’s sophisticated intrusions.
Consequently, cyber attackers are taking advantage of it by launching more evasive and strategic threats that spread rapidly within networks. And security teams are left without the proper tools or insight to identify intrusions that pose the biggest risk.
Covert communications are key enablers of cyber attacks that allow remote humans to patiently manage and direct their attacks undetected. Attackers choose these vehicles specifically for their ability to evade signatures, malware sandboxes and reputation lists.
To learn how Vectra empowers security teams to automatically pinpoint active cyber attacks as they’re happening, correlate threats with the hosts that are under attack, prioritize attacks that pose the greatest business risk, and quickly prevent or mitigate loss, register to get the white paper Detecting Covert Communications.
SecureWorks provides an early warning system for evolving cyber threats, enabling organisations to prevent, detect, rapidly respond to and predict cyber attacks. Combining unparalleled visibility into the global threat landscape and powered by the Counter Threat Platform — our advanced data analytics and insights engine —SecureWorks minimises risk and delivers actionable, intelligence driven security solutions for clients around the world.
Cybercriminals can be goal-driven and patient, and they often have a singular focus, plenty of time and access to vast, modern technical resources. Both organized and forum-based criminals are working constantly to find innovative and efficient ways to steal information and money with the lowest risk to their personal freedom. If we wish to stay “one step ahead” of the threats detailed in this report, awareness of online criminal threats, techniques and markets is our best defense.
Published By: Onapsis
Published Date: Mar 16, 2016
Business-critical applications running on SAP continue to be the best “economics” for cyberattackers as these systems house the most critical assets and support the most mission-critical business process. They are also the highest cost blind spot for many Chief Information Security O?cers (CISOs), as their current security products do not include applications running on SAP. A recent Ponemon Institute independent research report states that 65% of survey respondents SAP systems have been breached once or more in the past two years.
To help organization’s better understand the business impact of potential SAP cyberattacks, Onapsis offers a complimentary Business Risk Illustration (BRI) service. This service frames the business risk of an SAP cyberattack by examining an organization’s SAP landscape for vulnerabilities and ties them to the economic impact of a potential cyberattack.
Ponemon Institute is pleased to present the results of Uncovering the Risks of SAP Cyber Breaches sponsored by Onapsis. The purpose of this study is to understand the threat of an SAP cyber breach and how companies are managing the risk of information theft, modification of data and disruption of business processes.