In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access. Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up from 30% in 2019. Scan-and-exploit threats knocked phishing from the top spot, which accounted for 33% of attacks, up 31%

Last year taught us a valuable lesson: Always be prepared for the unknown. In a cybersecurity context, fostering resilience requires thinking of all possible scenarios – even if they seem implausible – and seeking solutions that can really work. But resilience in a cloudy world doesn’t happen overnight. It must be supported by a well-woven culture of security that evolves with the shifting global environment. Organizations that create a culture for the future are destined to excel; those that resist change will be left behind. READ THE FULL ARTICLE  

Earlier this year, we announced an upcoming update to the Certified Authorization Professional (CAP) certification. This (ISC)² certification exam will be updating on August 15, 2021. During the last Job Task Analysis (JTA), the decision was made to expand the CAP to reflect the more diverse day to day work of professionals who were earning the certification. What started built primarily for U.S. government professionals using the Risk Management Framework (RMF) has now expanded to professionals working in the private sector and or organizations around the world. We spoke with the Content Development Manager here at (ISC)², Toni Hahn, about these changes. Toni – who holds both the CISSP and CAP certifications – oversees a team of certified content experts

The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day, they make the mistake of thinking it could not happen to them. Many software developers do not typically worry about

Haven’t had a chance to nominate a colleague, peer or mentor yet for the Global Achievement Awards? Great news, the deadline has been extended to April 23! There are a few updates to the awards this year. With so many awards to choose from, let’s take a look at a few of them. These awards are similar in that they recognize individuals who have made a significant impact on the security industry during the past year. (ISC)² Government Professional Award This award recognizes regional government information security leaders who have made significant security developments at the federal, state or local level in a department, agency or the entire government. Candidates must have at least three years of work experience. The