October 2022 Newsletter
CompliancePoint
A leading provider of information security and risk management services.
October is Cybersecurity Awareness Month
2022 has been another troubling?year in regard to cybersecurity, with organizations facing more increasingly sophisticated threats.
Ransomware and breaches are the top problems for most organizations, surpassing the already historic acceleration of these events from 2021. Nine out of Ten organizations are still susceptible to a breach of their perimeter security, allowing access to internal network resources. Three out of four cyber events involve compromised credentials using simple passwords. Hospitals and other organizations serving the healthcare industry continue to be hit hard by ransomware events. Increased budgets around cybersecurity technology are having a minimal impact on slowing these trends.?
Last week we also saw the criminal conviction of a Fortune 500 Chief Security Officer (CSO), a first for the industry. Federal prosecutors won a felony conviction against Joe Sullivan based on his handling of a 2016 data breach while he was the CSO at Uber. More specifically, he was found guilty of obstructing the Federal Trade Commission (FTC) investigation into the original concealment of the breach.?
In addition to a complicated regulatory landscape, it appears we’re heading towards some form of deglobalization. This is leading to an increased level of scrutiny on supply chain resilience and security, particularly in the federal space. As we begin this process, we’re seeing more overt activity by threat actors. China has tested Taiwan’s cybersecurity posture in addition to its recent war trials, and Russian threat actors have been attacking U.S. airport websites this week. Both moves are largely seen as indicators of how cyber events will play a bigger role in geopolitics in the future. If the deglobalization trend continues, we should expect to see more overt activity from nation-state actors and increased cyber espionage in the coming years.
We must acknowledge and respond to the fact that risks continue to increase and are now present in new and emerging ways. Organizations should retool risk management and information security programs to account for new risks and reevaluate budgets to ensure that they’re getting the desired outcomes and effectively reducing these risks. Executives should be cognizant of current state and federal breach regulations and their reporting requirements. CSOs and other executives should consider obtaining directors & officers insurance. Validate that your information security programs are based on sound fundamentals, and ensure these programs are operating effectively within your technology stack. Understand that new technology is rarely a silver bullet and that skilled people are paramount to good fundamental security, especially in a dynamic environment. Finally, make sure you have the right players in the proper roles on your information security team and that everyone is aligned with your strategic goals for risk management.?
Not sure where to start? Let our experts help by evaluating your?breach readiness ?and?cyber risk !
The Benefits of a Virtual CISO
A Virtual CISO (vCISO) is an external cyber security professional or group of professionals brought in to help a business identify and mitigate cyber risks; improve protections from cyber threats and assist the organization in meeting compliance requirements. An organization can bring a vCISO onboard for a fraction of the cost of a full-time CISO, and an experienced vCISO will likely require little or no training.
Employee and B2B Data Covered by the CCPA
Exemptions for employee and B2B data under the CCPA are coming to an end. The changes in the law mean organizations need to focus on, employee rights, job applicants, and disclosure obligations.
领英推荐
Proposed Healthcare Cybersecurity Act Overview
The US House of Representatives presented the bipartisan Healthcare Cybersecurity Act in response to nearly 50 million Americans having their private health information compromised in 2021.
Preparing for Your SOC 2 Audit
Your?SOC?2 audit is the culmination of countless hours of hard work designing controls and producing the documentation that will hopefully prove your organization has the necessary security measures in place and operational.
PCI DSS Blog Series – Requirement 9
Our PCI DSS blog series continues with an exploration of PCI requirement?#9: Restrict physical access to cardholder data. Learn about physical security controls used to protect assets that are vital to the cardholder data environment.