April 27, 2024
Cybersecurity teams spend countless hours designing, implementing and managing security controls to protect against confidentiality, integrity and availability threats. Teams of professionals read threat intelligence reports from vendors and government agencies, learn about attacks that compromised peer organizations, and study attacker tactics, techniques and procedures to better understand these threats and design controls against them.
Still, you can’t have confidence in even the best-planned defenses until they’ve been put to the test.
Security leaders may take advantage of a variety of tests to better understand their risk exposure. The three main categories of tests are vulnerability assessments, penetration tests and red team exercises. These terms are not interchangeable; each represents a distinct type of security testing and comes with its own advantages and disadvantages.
Published April 2021 in BizTech Magazine.
Read the full article: When Is a Business Ready for a Red Team Test?
Today, cloud computing plays a central role in the technology ecosystems of every college and university. The degree of cloud adoption varies, of course. Some schools might use a handful of carefully vetted Software as a Service (SaaS) providers for videoconferencing, email and their learning management systems. Others have taken an all-in, cloud-first approach to managing their infrastructure.
Either way, the manner in which higher education IT provisions and manages services has been forever changed. The flexibility and agility of the cloud allows technologists to improve the level of service they provide to students, faculty and staff while also keeping costs under control. These services do, however, pose new potential cybersecurity risks that must be mitigated. Perhaps the most significant risk in a cloud-centric environment is the potential misconfiguration of cloud provider security controls.
Published April 2021 in EdTech Magazine.
Read the full article: Essentials to Consider When Choosing a Cloud Security Posture Management Solution
Cybersecurity professionals have worried for years about the insidious risk posed by supply chain attacks — that sophisticated attackers with the ability to breach the internal systems of technology vendors might inject malicious code directly into devices that agencies rely on to perform their work.
Worst of all, this code could be delivered through trusted update mechanisms, rendering it virtually undetectable by traditional IT security defenses.
At the end of 2020, federal agencies saw this nightmare scenario come to life when officials at network management vendor SolarWinds revealed that the company had been the victim of just such an attack.
Published March 2021 in FedTech Magazine.
Read the full article: How Agencies Can Tackle Supply Chain Cybersecurity Threats
The past few years presented businesses around the world with a dizzying array of new and changing requirements for handling personally identifiable information. The European Union ushered in this wave of change in 2018 when the General Data Protection Regulation took effect. The California Consumer Privacy Act passed later that same year and went into effect in Januray 2020.
All the requirements from multiple jurisdictions can be confusing. Let’s separate the facts from the falsehoods to help businesses in their efforts to comply.
Published March 2021 in BizTech Magazine.
Read the full article: GDPR and CCPA: Businesses Must Comply With Both, and They’re Not the Same
A decade ago, agencies struggled to build collaborative workplaces because the technology to facilitate teamwork simply didn’t exist. The advent of modern office productivity suites changed that picture entirely.
With tools such as Google Workspace, Microsoft OneDrive and Box, agency teams could quickly and easily work together on a shared document without the version control problems that occurred with file servers and email threads back in the day.
Published February 2021 in FedTech Magazine.
Read the full article: How Agencies Can Secure Data from Shared Documents After Users Leave
Fortunately, information technology (IT) professionals can draw upon the long history of resilience engineering in other fields to develop their organization’s cyber-resilience practices. The National Institute of Standards and Technology (NIST) also offers a cyber-resilience engineering framework that offers a catalog of cyber-resilience best practices. These best practices may serve as the starting point for any organization’s cyber-resilience program.
IDC Research Report published February 2021.
Read the full report: IDC PlanScape: IT Security ? Building Enterprise Cyber-Resilience
“Meeting privacy expectations of management and stakeholders requires a cross-functional approach with contributions from business leaders, privacy professionals, technologists, and cybersecurity teams,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP).
IDC Research Report published February 2021.
Read the full report: IDC PlanScape: Privacy Engineering
Last spring’s rapid shift to remote learning may have taken many education IT teams by surprise, but the technology supporting this shift has been gaining steam for years. As we look back at the many technical miracles pulled off by teachers and school technologists, it’s clear that many of them were only possible through the agility, flexibility and scalability benefits brought by cloud computing. Without access to cloud resources, it would have been virtually impossible to take advantage of the videoconferencing, learning management and file-sharing services teams spun up to support teachers and students.
Published February 2021 in EdTech Magazine.
Read the full article: IaaS Offers Critical Agility, Scale and Innovation for School Districts
From a string of high-profile ransomware attacks to the compromise of SolarWinds network monitoring tools, higher education continues to find itself vulnerable to attackers. To defend against a dizzying array of threats, university cybersecurity leaders must focus on building a defense-in-depth approach that addresses more risks.
One solution is an identity and access management system, which resides at the center of cybersecurity strategies. It provides the core identification, authentication and authorization services to create secure technology environments.
Published January 2021 in EdTech Magazine.
Read the full article: How to Choose an Identity and Access Management Solution for Higher Education
Ransomware attacks are expected to grow both in frequency and effectiveness in 2021, with researchers at Cybersecurity Ventures predicting attacks to occur every 11 seconds and ultimately cost victims more than $20 billion. That’s an incredible impact for a cybersecurity risk that has been around for years.
These ransomware attacks cause significant damage, but they are almost completely preventable. Organizations that build a strong cybersecurity foundation will find themselves far less vulnerable to attack than their competitors.
Let’s take a look at five ransomware protection best practices you should consider to bolster your defenses.
Published February 2021 in SearchSecurity
Read the full article: 5 key ransomware protection best practices to safeguard assets