It’s perhaps one of the most well-known and understood foundations of enterprise security – finding and patching outdated software with software updates. However, a newly released survey from cloud IT services provider ServiceNow, Today’s State of Vulnerability Response: Patch Work Demands Attention, found that there is still much work that must be done within the enterprise to close the window of vulnerability, that time between when an application vulnerability becomes known and it is remedied.
All about Virtualization and Cloud Security | Recent Articles:
How much risk is hiding in your in the data in your enterprise?
Probably quite a bit.
Do you think automation and AI/machine learning will help your organization close its internal skills gap? A recent study from the Ponemon Institute found otherwise — at least for now. According to the Ponemon Institute study (funded by security vendor DomainTools) also found that the cybersecurity professional skills shortage will increase as automation technologies increase.
Once again, a third-party vendor may have exposed sensitive credit card information of hundreds of thousands of Delta Air Lines and Sears. The attack shows the vulnerability to reputation and risk from attacks on third party vendors.
It doesn’t matter what discipline within cybersecurity one looks at, nearly everywhere one looks machine learning and artificial intelligence are changing how security data are analyzed, security tools deployed, and threats identified. I know there’s a difference between machine language and AI, but so many use the terms interchangeably now that the difference is blurring in the minds of many.
An annual study from enterprise software company Micro Focus has shown progress in the security maturity of organizations, but much more work remains. According to the fifth annual State of Security Operations Report 2018, there has been a 10 percent improvement in organization’s ability to meet security-related business goals. According to the study, about 25 percent of organizations assessed meet those goals.
Over the past few years, considerable attention has been given to the cybersecurity skills gap. In the post Enterprises Continue to Grapple with a Huge Cyber Security Skills Shortage we covered how the global cyber security workforce shortage is on pace to hit 1.8 million by 2022, a 20 percent increase since 2015, according to the Global Information Security Workforce Study. That study found 68 percent of workers in North America think the workforce gap is due to a lack of qualified personnel.
Organizations already facing a tough time finding cybersecurity talent may find additional cybersecurity headwinds this year as the vast majority (84 percent) of cybersecurity workers say they are on the lookout for new job opportunities.
Ever since the first data breach notification law went into effect July 1, 2003 in California (SB 1386), there has been controversy surrounding what types of data being exposed should trigger data breach notifications, who should be notified, and how quickly they should be notified. In fact, it’s become somewhat of a mess.
It’s hard to believe but the conversation around how security fits in DevOps has been going on for years. It was in 2012 when Gartner analyst Neil MacDonald wrote his blog DevOps Needs to Become DevOpsSec. In this blog MacDonald wrote “DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT.”
The more things change, the more they stay the same. While the nature of the technology employees use has dramatically changed over recent decades – from immovable desktops connecting to internal networks to iPads and netbooks with the ability to work anywhere — insiders and employees have remained among the greatest risks. According to the 2018 Netwrix Cloud Security Report, which consists of a survey of 853 various-sized organizations, industries and geographical locations. All organizations are public or hybrid cloud users.
To anyone who has been paying attention, this isn’t as much of a surprise, as it is a confirmation of the ongoing tenuous condition of enterprise cybersecurity but a just-released survey from specialty insurer Hiscox shows that roughly three-quarters of the 4,100 organizations surveyed face significant shortcomings when it comes to cybersecurity.