Integrating Cybersecurity into Business Continuity Planning

Organizations can’t afford to wait until a threat is identified to start worrying about their #cybersecurity. Measures must be integrated throughout the entire process! Learn more about integrating cybersecurity into business continuity planning –> http://ow.ly/yXya50EKVo5

Kaspersky has recently published the latest installment of its quarterly summaries of advanced persistent threat (APT) activity.

The most remarkable findings In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised. This resulted in the deployment of a custom backdoor, named Sunburst, on the networks of more than 18,000 SolarWinds customers,Continue reading “Kaspersky has recently published the latest installment of its quarterly summaries of advanced persistent threat (APT) activity.”

XDR Delivers Significant Performance Improvement over SIEM

In every SOC environment, there are two key metrics that demonstrate efficiency and effectiveness: Mean Time to Detection (MTTD) and Mean Time to Remediation (MTTR).  The risk and exposure from any cyber threat can be reduced significantly by improving these metrics.  Stellar Cyber recently completed a study with its MSP and MSSP partners, to determine how much our OpenContinue reading “XDR Delivers Significant Performance Improvement over SIEM”

勒索軟件入侵校園 NCSC警告攻擊將大增

上月教育行業受勒索軟件影響之後,英國國家網絡安全中心(National Cyber​​ Security Center, NCSC)就如何保護網絡免受網絡犯罪分子侵擾提出建議,並警告針對學校、學院和大學的勒索軟件攻擊激增。 政府通訊信總部(Government Communications Headquarters, GCHQ)網絡安全部門的警報指,在過去一個月中,針對教育的勒索軟件攻擊數量激增,而與此同時,學校亦正準備恢復面授課程。 勒索軟件會攻擊加密伺服器和數據,從而阻止組織提供服務,在這種情況下,網絡罪犯企圖令學校和大學因要維持教學,而屈服於勒索要求,並要求受害者以比特幣支付贖金,換取恢復網絡的解密密鑰。而在最近受影響的教育機構中,勒索軟件令學生課程、學校財務記錄以及與 COVID-19 測試的有關數據損失。這些黑客威脅如果他們沒有得到贖金,便會發布被盜數據。 資料來源:https://zd.net/3tJKkDa

Principles for Board Governance of Cyber Risk

Cyber risk is among the top risks facing businesses today, and it has become clear that boards, especially, need stronger foundations to govern cyber risks effectively. Companies that effectively manage the entire portfolio of risks, including cyber, do better in the marketplace. This paper, published by the World Economic Forum, is designed as a reference forContinue reading “Principles for Board Governance of Cyber Risk”

CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities

CISA on 8rd March, 2021 has published a Remediating Microsoft Exchange Vulnerabilities web page that strongly urges all organizations to immediately address the recent Microsoft Exchange Server product vulnerabilities. As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises organizations follow the guidance laid out in the web page. The guidance provides specific steps forContinue reading “CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities”

Top 3 Third-Party Risk Management Challenges

Since the massive Target data security breach in December 2013, third party cyber security stopped being an afterthought and started becoming one of the top security priorities for CISOs and Risk Departments. As a response, third party risk management (TPRM) underwent a transformation in early 2014, and continues to reverberate today. With attackers finding new ways toContinue reading “Top 3 Third-Party Risk Management Challenges”

What is GRC

GRC stands for Governance, Risk and Compliance, although some organizations may use the acronym to stand for “Governance, Risk and Control.” It is a strategy for managing an organization’s overall governance, enterprise risk management and compliance with regulations. The capabilities of GRC are often spread over different departments: internal audit, compliance, risk, legal, finance, IT, HR as wellContinue reading “What is GRC”