Blog

The need for cybersecurity professionals has been building for years, and nearly exponentially since the beginning of the global pandemic. At this point, it’s painfully evident there’s a wide talent gap in the field, and research proves it — the global workforce needs an influx of 2.7 million cybersecurity professionals to meet demand.1 In a recent survey of cybersecurity professionals, more than three-quarters said it’s “extremely or somewhat difficult to recruit and hire security professionals.”2 A majority (95%) said the cybersecurity skills shortage and its associated impacts have not improved over the past few years, and close of half (44%) say it’s gotten worse. If the face of today’s pressing need for skilled professionals, there’s never been a better time

Big tech breaches, the rise of callback phishing and joint advisories issued by CISA…here are the latest cybersecurity threats and advisories for the week of August 19, 2022. Threat Advisories and Alerts Cybercriminals Exploit Zimbra Vulnerabilities CISA and MS-ISAC have issued a joint advisory in response to active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite (ZCS). Cybercriminals may target unpatched ZCS security holes in government and private sector networks. Organizations who didn’t make  the appropriate updates upon patch release should assume they’ve been compromised and follow the recovery steps in the CISA advisory. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-228a CISA and the FBI Issue Warning for Zeppelin Ransomware The FBI and CISA have issued a joint advisory concerning Zeppelin ransomware, which has been

One of the biggest challenges cybersecurity teams face, aside from constantly having to foil threat actors, is to integrate data from the various tools they use to protect their organizations. But relief may be on the way in the form of the Open Cybersecurity Schema Framework (OCSF), which aims to establish an interoperability standard. News of the creation of OCSF came during Black Hat USA 2022 in Last Vegas last week. The framework boasts participation from 18 of the IT industry’s biggest names, including Amazon AWS, IBM, Palo Alto Networks, Splunk and Salesforce. Such a standard would simplify the lives of cybersecurity professionals, who have complained for years about ineffective manual processes to integrate different tools. The lack of interoperability

The Small Business Cybersecurity Act, S.4701 has been introduced by U.S. Sen. Maggie Hassan, D- N.H. Designed to bolster small businesses' cybersecurity by providing funding to Small Business Development Centers. In 2020, Senator Hassan worked to secure federal funding to such centers including the New Hampshire Small Business Development Center's Cybersecurity Review program. The funds can be used to help Small Business Development Centers provide cybersecurity training for small business employees and administer reviews of small business's cybersecurity. The bill would authorize $20 million in 2023 and every year thereafter to the Small Business Administration (SBA). Key aspects of the bill include establishing a federal program to provide direct grants to Small Business Development Centers to create or continue cybersecurity

By Jagadish Paranthaman, CISSP, Global Cybersecurity Solutions Architect at Avanade Zero Trust is a cybersecurity model centered around an end-to-end approach for resource and data protection with a principle not to trust completely but conduct continual verification. Zero Trust assumes the non-existence of a perimeter. It is not a product but a collection of architectural premises and security patterns encompassing identity, endpoints, networks and hosting infrastructure, applications, and data.    Zero Trust Architecture is achieved through solutions that sit between requesting subject (identity) and a fulfilling resource (service or application). Solutions can be a combination of agent-based, cloud-based or enterprise deployment which varies based on the location of a business process/service (Cloud: North to South or Organisation Perimeter: East to

Cyberattacks hit global companies, critical vulnerabilities discovered in top tech products and the top malware strains of 2021 make headlines this week. Here are the latest cybersecurity threats and advisories for the week of August 12, 2022. Threat Advisories and Alerts CISA and ACSC List the Top Malware Strains of 2021 A joint cybersecurity advisory has been released by CISA and ACSC. The advisory names the top malware strains of 2021, which include Agent Tesla, AZORult, Formbook, GootLoader, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and Ursnif. The malware strains consist of ransomware, information stealers, trojans (RATS) and banking trojans. To protect organizations, the advisory recommends user training, the application of timely patches, offline data backups, multifactor authentication and securing Remote