• By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  In part one of this series, we discussed what lies ahead in 2023, including a rise in wiperware and ransomware attacks plus challenges with OT infrastructure and staffing shortages.   In our part two of this series, we will explore issues relating to cybersecurity insurance, data privacy, supply chain and artificial intelligence (AI) technology.  Cybersecurity Insurance   The global cybersecurity insurance market is projected to grow to U.S. $30 billion by 2027, nearly tripling in growth over five years. In 2023, we can expect the demand for cybersecurity insurance to continue to expand, however it is going to be harder to obtain. Premiums will rise, especially as more organizations become aware of the potential financial

    Feb 09,
  • With the ever-changing landscape of the cybersecurity industry, it is important to keep certifications current, accurate and relevant - and we need help from you, the cybersecurity professionals, who hold certifications in the field.   (ISC)² is exploring a new security management credential that is in better alignment with global standards for recognized roles and specialisms. The current CISSP-ISSMP credential is earned after obtaining a CISSP. This new certification could be obtained by a practitioner before seeking the CISSP credential.    The first step of the process is to conduct a JTA workshop, tentatively scheduled for March 13-15, 2023. We are asking that anyone who currently holds the CISSP-ISSMP or CISSP to review the current CISSP-ISSMP Exam Outline and consider

    Feb 08,
  • By John E. Dunn The industry is taking a fresh look at the security around multi-factor authentication (MFA) in the face of recent bypass attacks. Multi-factor authentication (MFA) is coming under sustained pressure from attackers, with a striking example being a breach that unfolded at DevOps platform CircleCi back in December.  According to a recent incident update, the attack was traced back to a single malware infection on an engineer’s laptop on December 16, which wasn’t detected by AV. This, it transpired, was a good target for compromise – the engineer had the privileges to generate production access tokens.   Attackers first hijacked a corporate SSO session which had passed 2FA, allowing them less than a week later to elevate their

    Feb 08,
  • By John E. Dunn  It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0?   Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the world’s most influential cybersecurity references for best practice and planning.  In January, the world finally caught sight of the draft CSF Concept Paper that will form the basis of the next version 2.0 overhaul due for release around mid-2023.    From this draft, it is clear that the CSF is developing fast, taking on new and much wider ambitions since the version 1.1 refresh in 2016. The first and perhaps most significant of these is what NIST calls “increased international collaboration engagement.”

    Feb 08,
  • By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices.   ION Markets Hit by “Cyber Security Event”  Dublin-based data and software firm ION Markets has been hit by a “cyber event” which has had a knock-on effect on financial futures and derivatives markets worldwide. The attack is thought to have been ransomware related. ION Markets said the attack on its ION Cleared Derivatives division was “contained to a specific environment”, all the affected servers are disconnected, and remediation of services is ongoing. Traders were left having to complete business manually.  https://iongroup.com/press-release/markets/cleared-derivatives-cyber-event/  Hackers target trainers, fast food giants  Sportswear retailer JD Sports said

    Feb 07,