What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant — referred to as SLOTHFULMEDIA — used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

The Transportation Security Administration checkpoint at Albany International Airport is now using new technology that confirms the validity of a traveler’s identification and confirms their flight information in near real time. This technology will enhance detection capabilities for identifying fraudulent documents at the security checkpoint.

The number of IT-sanctioned SaaS apps has increased tenfold since 2015, and 76% of those professionals surveyed see unsanctioned apps as a security risk.

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has launched a crowdsourcing challenge to spur new methods to ensure that important public safety data sets can be de-identified to protect individual privacy. The Differential Privacy Temporal Map Challenge includes a series of contests that will award a total of up to $276,000 for differential privacy solutions for complex data sets that include information on both time and location. 

Travel has been limited to prevent the spread of COVID-19; however, as restrictions relax and organizations start to return to operations, we’re beginning to see an increase in business travel. In fact, in May, Business Travel News estimated that 31% of travelers expected to start planning business travel within the next month and 50% of meeting planners anticipated resuming meetings from the months of June to September.

The report, Death on the Job: The Toll of Neglect by the American Federation of Labor and Congress of Industrial Organizations (AFL–CIO), features state and federal data on worker fatalities, injuries and illnesses, as well as worker protections. In particular, the report examines some of the industries and workers most affected by the pandemic. In addition, it found that workplace violence is the second leading cause of occupational fatalities.

The National Security Agency (NSA) has chosen Cal State San Bernardino to be a leader of its core workforce development initiative, selecting it for a $10.5 million grant and naming the university’s Cybersecurity Center as the Community National Center for Cybersecurity Education. This prestigious designation illustrates CSUSB’s continued prominence as the premier institution of higher education for cybersecurity education and took effect Sept. 18, 2020. 

Emotet — a sophisticated Trojan commonly functioning as a downloader or dropper of other malware — resurged in July 2020, after a dormant period that began in February. Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.

Thycotic, provider of privileged access management (PAM) solutions, released its CISO Decisions survey. Based on findings from more than 900 global CISOs/Senior IT decision-makers, the research shows Boardroom investments in cybersecurity are most commonly the result of an incident or fears of compliance audit failure. Because of this, the research shows more than half, 58 percent, of respondents say their organizations plan to add more towards security budgets in the next 12 months. 

The Cybersecurity and Information Security Agency (CISA) has released an infographic mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.

Cybersecurity company Balbix released a cookbook to celebrate National Cyber Security Awareness Month. You heard that right.

As security professionals around the globe are involved in their organization’s COVID-19 response, many security staff are contemplating how to assess their protocols and procedures, as well as what new protocols and procedures to put in place. How can security technologies be a part of the overall COVID-19 response for an enterprise and how can security professionals use technology now that will serve them well in the future with continued enterprise risk mitigation?

Shannon Polson, author of “The Grit Factor: Courage, Resilience and Leadership in the Most Male Dominated Organization in the World” and the founder of The Grit Institute, gave the final keynote today at ICS West. Presented by the SIA Women in Security Forum, titled, “Leading From Any Seat: Stories from the Cockpit & Lessons from the Grit Project,” featured Polson discussing courage, resilience and leadership, using examples from her personal life as one of the first women to fly the Apache helicopter in the U.S. Army and ideas outlined in her book.

Independent polling firm Schoen Cooperman Research recently conducted a nationwide poll on Americans’ views of facial recognition technology. The survey of 1,000 adults found that most Americans support the use of facial recognition across a wide range of applications with 75% supporting facial recognition technology at airports.

Digital Guardian announced Tim Bandos will become Chief Information Security Officer (CISO). Bandos will bring more than 15 years of experience to the position including his five years as VP of Cybersecurity at Digital Guardian. Prior to joining Digital Guardian, Bandos was Director of Cybersecurity for Dupont where he was responsible for overseeing internal controls, incident response and threat intelligence.

Skyfire Consulting, a public safety UAS consulting group, announced the appointment of Michael Briant as Chief Security Officer (CSO) and Michael Rogers as Director of Public Safety. Both will team up and bring their experience to the Skyfire Academy, as they lead a robust training programs in the industry. 

The Department of Justice announced that six men have been arrested and charged federally with conspiring to kidnap the Governor of Michigan, Gretchen Whitmer.  According to a complaint, this group used operational security measures, including communicating by encrypted messaging platforms and used code words and phrases in an attempt to avoid detection by law enforcement.

U.S. Secretary of Transportation Elaine L. Chao announced the launch of this year’s Stop. Trains Can’t. public education campaign, which will run through November 8. This national $6.6 million safety campaign will run on radio, digital, and social media, educating drivers not to gamble with their lives at rail grade crossings.  The campaign will also target high-risk highway-railway crossings in Alabama, Arizona, California, Georgia, Indiana, Tennessee, and Texas.

The National Security Agency announced the official launch of the Center for Cybersecurity Standards (CCSS) in the Cybersecurity Directorate. This office will lead NSA’s Cybersecurity mission to engage with standards bodies to communicate security requirements and influence standards to secure our National Security Systems and provide support to the Defense Industrial Base (DIB).

McAfee and the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) released a new research study, MITRE ATT&CK as a Framework for Cloud Threat Investigation, developed by CLTC researchers. The report focuses on threat investigation in the cloud through the lens of the most widely adopted framework, MITRE ATT&CK.

Acting Secretary of Homeland Security Chad F. Wolf released the Department of Homeland Security’s (DHS) Homeland Threat Assessment (HTA). This first-of-its-kind report synthesizes threat information across DHS including intelligence and operational components.

SEC emeritus faculty George Campbell has been recognized with the 2020 U.S. Outstanding Security Performance Award (OSPA) for Lifetime Achievement. The winners were announced September 25.

The security office head, Crede Bailey, who is in charge of the White House security office contracted coronavirus last month and has been hospitalized since September.

Transit agencies in the U.S. were surveyed for the research done by Mineta Transportation Institute (MTI) at San Jose State University to assess the readiness of agencies to understand, mitigate and respond to cybersecurity threats.

Security professionals want functionality like data encryption and VPN to be permanently enabled. Some have taken the approach of completely disabling the insertion of USB devices. This needs to be supported with more fine-grained control. What is the path forward?

Amid ever-changing technology, embracing modern security solutions and capabilities can be a challenge for many, especially those who have spent years accustomed to tried-and-true products, like the traditional keyed padlock. Today, decision makers working in the security sector are tasked with sorting through the blitz of new technology offerings and introductions.

As the 2020 U.S. presidential election nears, there has been a rise in mercenary hacking groups and cyber espionage. Some say this a direct result of the current administrations’ increasingly isolationist global foreign policy, and that the U.S.’ status in the global cyber domain should be a major discussion point before November.

The University of Florida Police Department is installing license plate recognition technology on campus and will partner with the Gainesville Police Department and Alachua County Sheriff’s Office that is currently using the technology to share information for aiding in investigations, responding to incidents, etc.

Security magazine and its partner for the Top Cybersecurity Leaders, (ISC)², is looking for enterprise information security executives, who have made and continue to make significant contributions in the cybersecurity space to their organizations and/or the enterprise-level information security profession.

While we may not all have time to get in a round at the golf course while bringing business back up to speed, here are some lessons golf can teach us about preventing burnout, a subject that particularly affects so many security professionals. 

As cybercriminals increase their attacks during the COVID-19 pandemic, Metro Health – University of Michigan Health is fighting back. Metro Health has joined an innovative partnership of cybersecurity experts working 24/7 to protect patients and employees from scams and information theft. The Michigan Healthcare Security Operations Center launched in 2018 as the first collective of its kind in the nation. Mi|HSOC brings together leading IT security experts from Michigan Medicine, Beaumont Health, Munson Healthcare, the Michigan Health & Hospital Association and security company CyberForce|Q.

Following a competitive review process, CISA awarded $2,000,000 to the University of Mississippi Medical Center (UMMC) for a two-year period of performance beginning on September 30, 2020. UMMC will use REMCDP funds to build on the successes of its previous REMCDP awards.

Why are CISOs constrained from delivering metrics at scale and why is producing good security metrics so difficult? Here, find out what the five stages of security metrics maturity are, and how you can achieve a mature security metrics program.

A ransomware attack last spring at Simon Fraser University (SFU) reportedly compromised the personal information of about 250,000 students, faculty and alumni. Information included student and employee identification numbers, full names, birthdays, course enrolments and encrypted passwords.

At NRF Protect this morning, loss prevention professionals discuss their tactics regarding COVID-19 response and the role of their departments in the organization.

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently issued a Risk Alert (the “Alert”) discussing cybersecurity observations from its examinations over time. The Alert did not state the time period of examinations included; however, OCIE has conducted several cybersecurity targeted exams over recent years.

While remote working arrangements will be less common in the post-COVID environment than during the pandemic, they will remain elevated over pre-pandemic levels, says the survey.

Keren Elazari, CISSP, Security Analyst, Researcher, and Public Speaker, kicked off GSX+’s fourth day with a keynote address on the future of cybersecurity. Elazari, a former hacker turned cybersecurity expert, is an internationally celebrated speaker, researcher, and author on all matters of cybersecurity. Her 2014 TED talk, viewed by millions, helped shape the global conversation about the role of hackers and the evolution of cybersecurity in the information age.

Previously, school districts dealt with securing their systems at both the district and school level. But now, teaching, learning and working are all happening at home simultaneously. It’s messy, far more complicated, and gives our cyber and IT teams significantly less control over networks and security than there was when traditional in-school learning was the norm. It’s especially crucial we keep our security measures tight, even if it feels like an uphill battle.

As users receive more security awareness training, their ability to effectively deal with security threats increases, reveals a new study by MediaPRO, co-sponsored with Osterman Research. The report also found that boring security awareness training doesn’t make employees want to be secure.

To get buy in from the entire organization on your role as a security professional, share these basic elements of an effective cybersecurity strategy with the rest of the C-suite.

Using memes as propaganda, employing sophisticated communication networks for both planning and recruiting, making use of both fringe and private online forums and organizing militias to inspire lone wolf actors for violent action have proven to become tried-and-true tactics by extremist online communities seeking to expand their influence in recent years. According to the Network Contagion Research Institute (NCRI) report, presented by the Rutgers Miller Center for Community Protection and Resilience, Network-Enabled Anarchy: How Militant Anarcho-Socialist Networks Use Social Media to Spread Violence Against Political Opponents and Law Enforcement, militant and extremist groups have taken to social media and online forums to plant hateful, anti-Semitic and/or revolutionary ideas in the public eye, which are often disguised with humor or through using coded language.

SB 785 passed this week in the Senate and includes programs for post-traumatic growth, access to alternative therapies, as well as a grant of up $750K going to state and local organizations that provide suicide prevention services to veterans and their families. 

No matter how much the economic situation changes, prompt detection and response to cyber threats must remain a core priority for your organization. The ability to spot and address incidents in their early stages will help you avoid data breaches and their unpleasant consequences, including business downtime, lost revenue, costly security investigations and fines from regulatory bodies. As a result, you can save your budget for mission-critical tasks that will bring your organization value in the long run. 

Contact-tracing are emerging in a variety of formats and deployments and study says adoption will only continue to grow.

The Information Security Forum (ISF) announced the launch of ISF Aligned Tools Suite 2020, bringing together 14 ISF tools and cross reference aids, including a rebuilt Benchmark platform and the new IRAM2 WebApp. Aligned to the latest version of the Standard of Good Practice for Information Security 2020 (SOGP 2020), the suite – which also includes Security Healthcheck, Supply Chain accelerator tools and SOGP 2020 cross-references – helps ISF Members demonstrate compliance with international standards and assure security across their external suppliers.

Government organization Enterprise Ireland put on a cybersecurity panel discussion yesterday tackling a wide range of subjects as it relates to cybersecurity, private and public sector roles and responsibilities, and even managing cybersecurity for organizations with a huge global reach operating in multiple countries. 

Louisville, Ky. Mayor Greg Fischer and Louisville Metro Police Department (LMPD) Chief Robert Schroeder outlined steps being taken in preparation for Attorney General Daniel Cameron’s planned announcement in the Breonna Taylor case, including a countywide curfew starting at 9 p.m.

Recently, broader social dynamics, related to gender and nationality, in particular, are shaping the activity of cybercriminal forums. Digital Shadows explored this trend in a new analysis blog, "Unpicking Cybercriminals’ Personalities - Part 1: Gender and Nationality," that looks at how the dynamics of gender and nationality play out in cybercriminal forums and how it’s shaping cybercrime trends as a result. 

A new report asked organizations to list the incidents they have experienced since the transition to remote work; the most common threat patterns were dependent on the human factor: phishing (48%), admin mistakes (27%) and improper data sharing by employees (26%).