December 13, 2024 at 08:37AM Lloyd’s of London has launched a cyber insurance consortium aimed at creating a shared risk facility for qualified organizations. This initiative offers exclusive rates, simplified processes, and comprehensive coverage, particularly for those with HITRUST certifications, including a significant premium discount. The consortium aims to improve underwriting efficiency and broaden participation. … Read more
December 11, 2024 at 08:46AM Snowflake will require all customers to enable multifactor authentication (MFA) by November 2025, following a three-phase policy change. After incidents of attacks on customers, this measure aims to enhance security, with guides available for migration. Failure to comply will result in access being blocked after specified deadlines. ### Meeting Takeaways: … Read more
December 11, 2024 at 08:10AM The FCC proposed new cybersecurity rules for telecommunications companies in response to recent foreign cyberattacks, emphasizing the need for robust network security. The plan requires annual certifications, risk management, and modernization efforts. Additionally, legislation is introduced to enforce digital security standards and regular assessments to prevent unauthorized access and vulnerabilities. … Read more
December 9, 2024 at 05:59PM At the Fall Summit 2024 for FS-ISAC, I highlighted the importance of drawing inspiration from literature, poetry, and art for cybersecurity. Engaging with diverse sources can foster creativity and innovation, enabling security professionals to convey messages more effectively and address challenges with fresh perspectives. Embrace broader insights for growth. ### … Read more
December 9, 2024 at 09:06AM Artivion disclosed a ransomware attack on November 21, disrupting order and shipping processes. The company, which manufactures aortic-centric medical devices, took systems offline for investigation and remediation. While it believes the attack won’t materially affect finances, some remediation costs may not be insured. Details on the threat actor remain undisclosed. … Read more
December 6, 2024 at 01:32PM The FCC, led by Jessica Rosenworcel, plans to enforce stricter network security measures for telecom operators following the Salt Typhoon cyberattacks. Proposed rules would require annual cybersecurity reports and compliance with CALEA. The initiative aims to enhance national security and address vulnerabilities exposed by recent breaches affecting telecom infrastructure. ### … Read more
December 5, 2024 at 10:28AM The rise of IoT and OT devices in critical sectors introduces unique security challenges due to their diversity, limited patching options, operational disruptions, inadequate security protocols, and limited visibility. Tailored strategies, such as risk-based approaches, strict access controls, and specialized monitoring tools, are essential for effective vulnerability management in these … Read more
December 5, 2024 at 07:24AM Vulnerability Management (VM) is becoming inadequate as cybersecurity challenges evolve, necessitating a shift to Exposure Management (EM). By incorporating business context, organizations can prioritize risks, optimize resources, and align security with strategic goals. Effective metrics can engage leadership and transition cybersecurity from a cost center to a business enabler. ### … Read more
December 3, 2024 at 05:39PM Many organizations using CDN-provided WAF services are misconfiguring them, exposing back-end servers to direct attacks. This affects nearly 40% of Fortune 100 companies, including major brands. Researchers found that inadequate request validation and lack of security best practices are primary causes of this widespread vulnerability, making servers accessible to Internet … Read more
December 3, 2024 at 05:39PM BigID has launched Data Activity Monitoring, enhancing data security by proactively managing risks, identifying insider threats, and ensuring compliance. Unlike traditional tools, it tracks data access activity for improved decision-making and faster investigations. BigID continues to receive accolades for its innovative approaches in data security and compliance management. **Meeting Takeaways … Read more