We're at less than a month before the EU General Data Protection Regulation (GDPR) regulations go live and global readiness still lags considerably. Companies around the world are in varying states of compliance, with a fair number of organizations out there that still haven't even stepped up to the start line of their GDPR compliance journey.
Last week's DevOps Connect event at RSA Conference brought together some of the leading minds in the DevOps and AppSec communities to discuss DevSecOps. Given the audience, a lot of the discussions focused on awareness themes for security folks still wrapping their heads around the idea of embedding their people into cross-functional DevOps teams. But each year these DevOps confabs at RSAC, the security audience grows savvier in continuous delivery principles, and the programming is trending more toward the real nuts and bolts of instituting DevSecOps.
Building an effective cybersecurity team is no mean feat. Hiring managers struggle to find experienced talent today and according to the most recent figures from ISACA, one in three organizations say it takes six months or longer to fill any given security position.
Cyber attacks, security incidents and breaches initiated through insecure Internet of Things (IoT) devices are on the uptick and most enterprises aren't yet on track to do anything about it, according to several high-profile studies over the last month.
As enterprises bridge their adoption patterns for public cloud from isolated pilot projects to fully scaled environments, they're going to need to get serious about adjusting their cybersecurity strategy and architecture to accordingly. According to the thinkers at McKinsey & Company, that sea change needs to start now. In a new report out last month by the consulting firm, enterprises are finally doubling down on their public cloud experiments over the last decade. And that means an impending cascade of public cloud usage in critical infrastructure that previously remained entrenched in the on-prem world.
The U.S. Securities and Exchange Commission (SEC) put public companies on warning that they need to get better about how and when they disclose not just breaches but material cyber risks to investors. The instructions were part of an updated guidance on breach disclosure from the SEC meant to protect investors and bring greater clarity to what the regulatory board expects from public companies when it comes to how they handle information security transparency.
Business fraud has been on a dramatic uptick over the last decade and cybercrime stands near the top of the list of losses and events that organizations are experiencing. A new report out from consulting powerhouse PwC found that the ratio of organizations who admitted to falling prey to economic crime in the past year has increased by 63% since 2008, with just under half of organizations admitting to being victims.
We've all heard about the 80/20 rule in business. But in vulnerability management, it may be more like the 54/12 rule. According to a new report out last week by vulnerability intelligence firm Risk Based Security, in 2017 about 54% of all new vulnerabilities came from just 12 vendors.
As worries about third-party risks continue to press on the minds of technology decision-makers within organizations large and small, many technology service providers are finding security to be a key differentiator for winning over prospects. Cyber warranties could be the next big way to help them signal to customers that they're serious about security risks.
Quantum computing may sound like science fiction, but it's coming down the pike faster than you might expect. And if security practitioners don't start taking this impending advancement seriously now, they could be facing the wholesale obscelesence of their corporate cryptographic protections within a decade.
When the Mirai botnet first made waves back in 2016 taking down DynDNS services using an Internet of Things (IoT)-powered botnet, cybersecurity experts warned that this was just the warm-up act. Mirai marked the first splashy real-world example of the kind of attacks that the bad guys could carry out when harnessing the power of IoT devices in a well-controlled botnet. And as predicted by experts following the rollout of Mirai, the hits just keep coming via IoT botnets.
The last year has proved out about security naysayers' warnings about the undisciplined use of cloud architectures. While many organizations work hard to secure data stored on cloud stores, the truth is that there's a lot of work to go. That fact is made abundantly clear by the growing number of incidents caused by extremely poor security hygiene within Amazon Simple Storage Service (S3) storage buckets that are holding very sensitive information.
