Blog

By John E. Dunn In a fully digital world, organizations are no longer isolated islands. It seems the profession is finally coming to terms with the dark possibilities. What’s the worst thing a bad cyberattack could do to an organization? Five years ago, most business managers would have cited business disruption, reputational damage, or regulatory fines as their top worries. Now interviews with business managers and cybersecurity professionals by the World Economic Forum (WEF) have revealed that managers worry about something far worse – the near-term possibility of a catastrophic cyber-event beyond their control. According to the Global Cybersecurity Outlook 2023, 93% or cybersecurity professionals and 86% of business leaders they spoke to believed geopolitical instability means that a major

The (ISC)² Certified in Cybersecurity exam, designed for entry- and junior-level practitioners or career changers looking to start a new cybersecurity career, is now available in six languages, including Chinese, Japanese, Korean, German, Spanish and English.   Making this exam available in additional languages is a key part of the association’s global pledge of One Million Certified in Cybersecurity, which offers free Certified in Cybersecurity exams and self-paced education courses for one million people through the (ISC)² Candidate program.  The 2022 (ISC)² Cybersecurity Workforce Study revealed that more than 464,000 cybersecurity workers joined the profession in 2022. Despite that growth, the demand for cybersecurity workers outpaces the supply. In fact, China faces a shortage of 1.4 million cybersecurity professionals, and

The Center for Cyber Safety and Education is seeking the guidance and leadership of volunteers willing to serve on its Board of Trustees beginning July 1, 2023 to help achieve its mission. The Center, the charitable foundation of (ISC)², serves to break down barriers in exposure and access to the cyber profession and provide opportunities for underserved individuals, groups and organizations. Committed to diversity, equity and inclusion, all individuals interested in volunteering to serve on the Center Trustee Board are invited to apply for consideration. A broad range of experience and expertise is needed from a diverse and vibrant group of leaders, (ISC)² membership is not a requirement for application.   Nominations will be accepted February 15 – March 15,

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023.    Threat Advisories and Alerts  Massive Ransomware Campaign Targets VMware ESXi Servers  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a script for retrieving VMware ESXi servers encrypted by the massive ESXiArgs ransomware campaign. The attack began last week when cybercriminals launched their attack. At the time of writing, 2,800 servers are know to have been encrypted. As for the script, the U.S. cybersecurity organization has said, "CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac." To

(ISC)² has adopted a new approach to creating and publishing editorial content such as our news, features, opinions and other educational journalism. Helping our members navigate the cybersecurity landscape is an essential part of what we do. Creating topical, engaging and useful editorial articles is one way that we do this. It is also a popular way our members earn CPE credits as part of their continuing education journey.  Based on member feedback and changes in how members prefer to access our content, we have relaunched our editorial program, based around a new home for our educational journalism at isc2.org/News. We will be providing more and new types of content and publishing much more frequently than before. We are also

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  In part one of this series, we discussed what lies ahead in 2023, including a rise in wiperware and ransomware attacks plus challenges with OT infrastructure and staffing shortages.   In our part two of this series, we will explore issues relating to cybersecurity insurance, data privacy, supply chain and artificial intelligence (AI) technology.  Cybersecurity Insurance   The global cybersecurity insurance market is projected to grow to U.S. $30 billion by 2027, nearly tripling in growth over five years. In 2023, we can expect the demand for cybersecurity insurance to continue to expand, however it is going to be harder to obtain. Premiums will rise, especially as more organizations become aware of the potential financial