Risk Management Archives - Page 6 of 18

U.S. Infrastructure Bill Allocates $2 Billion to Cybersecurity

Issued by: Security Week

The Infrastructure Investment and Jobs Act includes funding for roads, bridges, transportation safety, public transit, railways, electric vehicle infrastructure, airports, ports, waterways, broadband internet, environmental remediation, and power infrastructure. The White House said this week that the bill will also invest approximately $2 billion to “modernize and secure federal, state, and local IT and networks;…

Software Security

Building Effective Business Cases to Cover Cybersecurity Costs

Issued by: Security Intelligence

With the global average cost of a data breach totaling $3.86 million in 2020, the topic of security continues to be a major pressure point and a board-level agenda item. So why do security programs still seem to lack adequate funding, urgency and support until a breach or lawsuit occurs or auditors demand change? Verizon’s…

Network Security

House Passes Several Critical Infrastructure Cybersecurity Bills

Issued by: Security Week

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities. The bill covers vulnerabilities in IT and OT systems, as well as security holes in…

Network Security

Facebook: Iranian Hackers Target Military, Aerospace Entities in the US

Issued by: Security Week

Recent activity that Facebook associated with the group focused on military personnel, defense organizations, and aerospace entities primarily in the United States and, to a lesser extent, the U.K. and Europe, showing an escalation of the group’s cyberespionage activities. Active since at least 2018, Tortoiseshell was previously observed targeting information technology organizations in the Middle…

Network Security

CISA Releases Analysis of 2020 Risk and Vulnerability Assessments

Issued by: Security Week

Designed to assess the effectiveness of Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI), and State, Local, Tribal, and Territorial (SLTT) stakeholders in identifying and resolving network vulnerabilities, the RVAs revealed that phishing links were the most successful technique for initial access. CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to…

Network Security

NSA Releases Guidance for Securing Enterprise Communication Systems

Issued by: Security Week

UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors. The NSA has warned that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware. Threat actors could…

Network Security

Gartner: Global Security Spending Will Reach $150 Billion in 2021

Issued by: Security Week

The company forecasts that information security and risk management will grow by more than 12 percent in 2021. Spending in these segments increased by more than 6 percent in 2020. Gartner says nearly half of the total, roughly $72 billion, will be spent on security services, including consulting, hardware support, and implementation and outsourced services….

Vulnerabilities

Lawmakers Reintroduce ‘Pipeline Security Act’ Following Colonial Hack

Issued by: Security Week

The Pipeline Security Act was first introduced in 2019, but it did not receive a vote. Now, following the recent ransomware attack on Colonial Pipeline, which had a significant impact, the bill was reintroduced. The bipartisan pipeline security legislation would ensure that the roles of the Transportation Security Administration (TSA), which has been the primary…