• Spoiler alert: the obvious answer is not always the correct one! Migrating services, apps and data to the cloud is both promising and challenging. The advantages of scalability, flexibility, reduced operational costs and supporting a hybrid workforce can be eliminated by the challenges of cloud security and talent gap. Those two challenges are closely interrelated as it is demonstrated by numerous surveys. For example, the (ISC)² Cloud Security Report 2022 indicates that: 93% of organizations are moderately to extremely concerned about the massive skills shortage of qualified cybersecurity professionals 57% admit this lack of staff expertise makes cloud compliance challenging 56% of respondents believe that cloud security capabilities are the most essential talent for their organizations The hiring process is

    Mar 07,
  • Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks.  Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community  If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as a cybercriminal, while a text analysis suggested at least 30 percent of underground forum participants may be women. The work

    Mar 07,
  • We are continuing the popular bi-monthly CPE credit quiz as we transition from InfoSecurity Professional to our new web-based content platform.  The first (ISC)² News and Insights CPE Credit Quiz of 2023 is now live. Every two months, we publish a 10-question quiz with questions based on some of our editorial content from that period. Successfully passing the quiz results in two CPE credits being automatically added to your total.   Readers of our former bi-monthly magazine InfoSecurity Professional will know that each issue included a quiz, allowing members to earn CPE credits by passing the quiz, verifying they had read that issue. As we have now transitioned from the bi-monthly magazine to an on-going web-based content platform to better support members

    Mar 06,
  • Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023.  Threat Advisories and Alerts  NCSC Publishes Guidance on Zero Trust Security   The U.K. National Cyber Security Centre has published guidance on how companies can leverage zero trust security. The article explains why some systems can’t integrate into a zero trust network. Organizations can get around this issue by building a mixed estate using a zero trust proxy or a managed virtual private network (VPN).   ZK Java Web Framework Flaw Is Being Actively Exploited  A high-severity flaw (CVE-2022-36537) affecting the ZK Framework has been added to the U.S.

    Mar 03,
  • By Joe Fay China is ‘most active, and most persistent threat’ as government pinpoints need for a bigger and more diverse cybersecurity workforce to meet the long-term challenge.  The Biden administration has unveiled its long-awaited cybersecurity strategy, effectively putting the country on a permanent cyberwar footing, with the Federal government adopting zero trust while demanding tech providers take more responsibility for securing their products and tackling cyberthreats.  “Voluntary” approaches to securing critical infrastructure will be stiffened with regulation, tailored to individual sectors. The Federal government will also root out insecure legacy systems from its own estate, while building up its own cyber defense and offense capabilities.  The strategy noted a state of inequality in responsibility for tacking cybersecurity threats. For

    Mar 03,