- Executive order under consideration would expand what companies have to disclose security breaches to the federal government.
- Such breach disclosure laws have been long found over legal concerns.
- The EO would also establish that certain software vendors maintain a software bill of materials.
- 53% of Web traffic is now cloud-related, a 20% year over year increase.
- 61% of all malware is directly delivered via the cloud.
- Malicious Office documents represented 17% of all malware detected.
- Analysts expect the global IoT market to grow from about $212 billion in 2018 to about 1.3 trillion by 2026
- Unfortunately, these devices often ship with security flaws, poor API management, and lack efficient ways to provide security updates
- Special Publication 800-213 helps federal agencies understand how IoT devices can impact the network and information security risks within their organizations
- 83% of employers now say the shift to remote work has been successful for their company, compared to 73% in a prior survey.
- Less than one in five executives say they want to return to the office as it was pre-pandemic.
- Enterprises are going to have to balance convenience and security over the long haul.
- As enterprises get comfortable with remote work, their priorities are going to shift.
- Cybersecurity will be forefront in the year ahead between concerns about cyber espionage and ongoing nation-state attacks, and federal cybersecurity organizational efforts.
- Remote work has accelerated enterprises are turning zero trust architectures to improve their security.
-cloud-computing-data-network-853701240_3840x2160.jpg)
- As enterprises, and their home workers, deploy IoT devices, the risks these devices pose to enterprise data and systems increases.
- First released in 2019, the IoT Security Controls Framework established 155 essential security controls that the CSA believed would mitigate many of IoT's risk.
- The new version of the CSA IoT Security Controls Framework provides clarity on guidance and security enhancements
- When it came to healthcare security, 2020 proved to be a continuation of the state of cybersecurity in prior years.
- While there was considerable concern about some type of digital attacks during the U.S. presidential elections, so far, there's been no credible evidence showing such occurred.
- One of the more interesting attacks last year was one everyone had the opportunity to watch occur in real-time. And that's the Twitter attack that resulted in the widespread tweeting of a bitcoin scam the summer.
- Not enough organizations are continuously looking for risks in their IT assets.
- Interestingly, organizations with immature programs are more confident in their ability to manage their attack surface.
- Enterprises need to put monitoring regimes in place that can keep pace with technological change.
- Demand for digital transformation is driving low code development platforms.
- While line-of-business workers creating software alleviates development team burdens, it can increase risk.
- Enterprises must ensure that they are managing all apps in their portfolio.
- Too many IoT devices ship from the manufacturer with vulnerabilities and inadequate ways to update devices once they are deployed.
- The U.S. federal government hopes to establish a security standard through the National Institute of Standards and Technology.
- The U.S. federal government hopes it will be able to positively influence the security of IoT devices through its purchasing power
- The benefits of connected medical devices outweigh the risks.
- Despite remote security risks, businesses failing to take basic steps to mitigate risk
- Still, many enterprises believe increased remote work will remain long after the pandemic passes
- There are steps enterprises should take to mitigate data security risks
- The benefits of connected medical devices outweigh the risks.
- While healthcare organizations know what steps they must take to secure these devices, the right precautions aren't taken
- too often.
- Security deficiencies include lack of network segmentation, poor implementation of encryption and protocols.
