From Security Weekly Wiki
Revision as of 14:40, 24 August 2020 by Matt (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


  • Cybersecurity new normal needs change in process, CISOs say - As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal.
  • Should State and Local Governments Obtain Cybersecurity Maturity Model Certification? - The Cybersecurity Maturity Model Certification (CMMC) is a certification and compliance process developed by the Department of Defense (DoD). But how can it help state and local governments?
  • Why Do Your Employees Resist New Tech? - While the use and application of technology has become near ubiquitous around the world, the actual adoption of new and emerging technologies across most organizations continues to be less than optimal. Here are five key levers to help business leaders create a culture that will help drive better, more effective tech adoption:
    • Incentivize technology use
    • Invest in the infrastructure
    • Make re-skilling and learning part of the plan
    • Don’t make it piecemeal
    • Understand how governments and policy are involved
  • Who’s Responsible for a Safer Cloud? - With so much reliance on multiple cloud providers and solutions, from diverse locations and sources, protecting and securing the cloud has gotten much more complex, and in some cases even misunderstood. Here's a plan for a safer cloud:
    • Develop a comprehensive plan
    • Understand your compliance requirements
    • Know your risk tolerance
    • Design and implement technology controls
    • Develop a continuous monitoring program
  • The cybersecurity skills shortage is getting worse - New research from ESG and ISSA illustrates a lack of advancement in bridging the cybersecurity skill shortage gap. Here are some key findings:
    • 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage.
    • The primary ramifications of the skills shortage include an increasing workload on the existing cybersecurity staff, long-standing open jobs, an increase in hiring and training junior personnel, and an inability to learn or utilize security technologies to their full potential.
    • Skills shortages are most acute among application security specialists, cloud security specialists, and security analysts.
    • Only 7% of cybersecurity professionals claim that their organization has improved its position relative to the cybersecurity skills shortage over the past few years. Alternatively, 45% say that things have gotten worse while 48% believe things are about the same today as they were in the past.
    • When asked if their organizations were taking the necessary actions to address the impact of the cybersecurity skills shortage, 58% of cybersecurity pros believe their organization should be doing somewhat or much more.
  • Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years - Research from Risk Based Security highlighted that the number of publicly reported data breaches declined in the last five years, while the number of records exposed increased four-times more than any previously reported incident in the first six months of 2020. Here are the key highlights:
    • The number of payment card details exposed in the first six months of 2020 surpassed 90 million records. Despite this, there were even more Social Security / national identity numbers, financial account numbers, and dates of birth exposed during this period.
    • Four economic sectors (Information, Health Care, Finance & Insurance, and Public Administration) accounted for more than half (52.5%) of reported breaches.
    • The information sector accounted for 14.5% of reported breaches, with software providers, hosting, and other online services accounting for 86.5% of the information sector breaches.
    • The health care sector nearly matched the information sector, accounting for 14.3% of the reported breaches.