A new program recognizes how small businesses, including those in rural areas without a concentration of cyber talent, need support in distilling key cyber risk information “and making it relevant and accessible.”
Using a hijacked Constant Contact email marketing account of USAID, the adversaries sent phishing emails to roughly 3,000 accounts at more than 150 different organizations. About 25 percent of these targets were international development, humanitarian and human rights organizations.
Dragos limited initial disclosure to only relevant parties, after discovering a watering-hole malware attack that later turned out to be unrelated.
The TCC bypass exploit could have allowed attackers to create ransomware that encrypts protected system files and folders without user knowledge.
More than ever, it’s vital that infosec colleagues and company leadership lend a sympathetic ear and establish a trusting relationship. “The fact is that we were all struggling,” said one CISO.
If you can’t afford to upgrade and integrate, consider a managed services model or use secure-by-design tech, said Cisco’s Wendy Nather.
State officials presented their ongoing strategic cyber plans at the 2021 RSA Conference.
Companies poised to do well in the rapidly accelerated digital economy are those that can cater to concepts such as dynamic network infrastructure and securing edge computing. In particular, said Chenxi Wang of Rain Capital, the market is witnessing “great momentum in cloud security.”
Security and usability are not mutually exclusive, and effectively combining these concepts can help organizations overcome the cyber skills gap, according to Google Cloud Chief Information Security Officer Phil Venables, during an RSA Conference keynote session.
Informal chats via text or business communications platforms could be used against an individual or the company to prove mishandling of a security incident, even if the organization may have acted responsibly.
