Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods. Instead of relaunching the same tried-and-true attacks that have generated their handsome profits, ransomware groups are using the money to invest in R&D, an approach resembling series A financing rounds. As reported by SC Magazine, larger ransomware groups are becoming more professionalized, even holding conferences, hiring web design teams and placing want ads to build their businesses. “Ransomware, like any business, is a complex economy,” SC Magazine reported. “The well-organized designers let stables of contractors use their ransomware on commission, those contractors purchase pre-hacked access to systems from

Is there a cloud security skills shortage? It depends on who you ask. Prior to the pandemic, the world was immersed in cloud technology – everyone, it seemed, had a migration strategy. Then the global lockdown happened. We collectively added a layer of priority to the cloud as tens of millions of people started to rely on it for work and communications in ways we hadn’t before. Cloud is a highly complex and continually evolving set of technologies and protocols. Finding team members with the right background is a challenge, making it seem like there’s a substantial shortage of skilled and certified professionals. But these same professionals might tell you no one is hiring. The ones looking for work may

We have all heard the old adage how big surprises can come in small packages. If you are a candidate who is studying for the CISSP exam, or if you are in the early stages of considering studying for the exam, you may be surprised that at all the opportunities that are available from a single certification. However, when taken in context with the benefits of the CISSP credential, very few other certifications carry the same respect and career-boosting potential as the CISSP. It is understandable why one might hesitate at reaching for what is often referred to as the “gold standard” of certifications. Many are initially intimidated by the broad subject matter covered by the CISSP Common Body of

A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. This does not bode well for their longevity, as other industry data shows that 60% of small businesses that suffer a data breach will be out of business within six months. The high cost of remediation and the potential for reputational damage can be more than most small businesses can withstand. Many times, the issue is sheer size and staffing. Small businesses rarely have the capacity to hire a full-time cybersecurity professional, and the

The Biden Administration held a summit on August 25 with technology, finance, energy and education leaders to discuss ways to bolster cybersecurity, both for individual companies and the nation as a whole. Companies represented included some of technology’s biggest names such as Apple, Amazon, Google, IBM and Microsoft. Some organizations announced commitments to improve security controls and practices across the supply chain and to invest in education. Apple committed to working with suppliers to drive the adoption of measures such as multifactor authentication and event logging. Google plans to invest $10 billion on zero-trust programs, software supply chain security and open-source security. Following the event, (ISC)2 conducted a quick online poll of 105 global cybersecurity practitioners to gauge their reaction.