The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity. NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards and create a new model that reflects evolving security challen ..read more

The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials. In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk. The report identified six action items: Remove identity silos Reduce the risk of credential harvesting Know your dark web exposure ..read more

As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense. Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a clearance. Jobs that typically require security clear ..read more

Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities. In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies. Still, it’s not all roses for ransomware gangs. Many top-tier groups are struggling to ..read more

While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher. As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles. AI is also high on the list of United States government concerns. In late February, Speaker Mike Johnson and Democratic Leader ..read more

How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried. In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless. The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to reveal blind spot vulnerabilities are urgently necessary as well. Strong clou ..read more

In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027. With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt to meet the cyber challenges of the ..read more

There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030. This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers. In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws and regulations. Here are three stra ..read more

As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure. Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism ..read more

Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses. Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations. Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomwar ..read more