Are We Doomed? Not If We Focus on Cyber Resilience
Here’s how to doom a cybersecurity program: Think of cybersecurity as a war against an attacker that must be fought to the finish, invest in threat tracking technology for threats your organization has no capabilities to defend against, and let the sunk cost effect determine how you spend your security budget. In reality, cybersecurity is…
ISMG Editors: Why Is LockBit Ransomware Group So Prolific?
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including why being a CISO is like being the first family doctor in a small village, why you can’t trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt…
LockBit Tries to Distance Itself From Royal Mail Attack
What’s the term for when a ransomware group blames a geopolitically awkward attack it appears to have carried out on someone – anyone – else, just not them? Let’s call it getting “Colonial Pipelined,” after the DarkSide group’s disastrous hit on that oil pipeline system led the crime group to kill its brand. Is the…
Software Supply Chain Security Needs a Bigger Picture
The intricate labyrinth of open source dependencies across the global software supply chain has created an application security puzzle of mammoth proportions. Whether open source or closed, most of the world’s software today is built on third-party components and libraries. Consequently, one piece of vulnerable code in even the smallest of open source projects can…
Cerberus Sentinel to Acquire RAN Security
Cerberus Sentinel (NASDAQ: CISO), an industry leader as a managed cybersecurity and compliance provider, based in Scottsdale, Ariz., announced that it has signed a definitive agreement for the acquisition of RAN Security, a cybersecurity company with headquarters in Buenos Aires, Argentina, and offices in Chile, Peru, Bolivia, and Paraguay. Under the terms of the agreement,…
When CISOs Are Ready to Hunt
Like a member of any profession, a chief information security officer (CISO) grows into their role. They exhibit a maturity curve that can be roughly split into five attitudes: Protection: When a CISO first steps into their role, they look to perfect the basics and build a fortress for themselves in the form of firewalls,…
Analyzing Australia’s cyberthreat landscape, and what it means for the rest of the world
Australia has been the victim of damaging cyberattacks in the latter half of this year, with high-profile incidents impacting businesses across critical sectors such as telecoms, healthcare, and government. The impacts of some of these attacks have been rolling on for months, with new details and further information about data breached from the incidents suffered…
Why the Culture Shift on Privacy and Security Means Today’s Data Looks Different
Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. In…
DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions
It generally starts with malvertising and ends with the deployment of Royal ransomware, but a new threat group has distinguished itself by its ability to innovate the malicious steps in between to lure in new targets. The cyberattack group, tracked by Microsoft Security Threat Intelligence as DEV-0569, is notable for its ability to continuously improve…
Balancing Security Automation and the Human Element
I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your…
