CYBER THIS WEEK – DEC 10, 2023
Challenging the ‘good enough’ cybersecurity mindset
While the volume of cyber threats keeps growing, security experts struggle to navigate the perception that existing resources are enough to defend their organization.
Challenging the ‘good enough’ cybersecurity mindset | Cybersecurity Dive
FBI explains how companies can delay SEC cyber incident disclosures
The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC).
FBI explains how companies can delay SEC cyber incident disclosures (therecord.media)
2023 Review: Reflecting on Cybersecurity Trends
Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics, from AI to human factors.
2023 Review: Reflecting on Cybersecurity Trends (trendmicro.com)
Quick Look at the New CISA Healthcare Mitigation Guide
In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security challenges, hyper-distributed environment considerations, an AI-empowered threat landscape, and immediate nation-state emerging threats, the focus of this brand-new guide was, surprisingly, on the little things.
Quick Look at the New CISA Healthcare Mitigation Guide | Tripwire
Apple-backed data breach report says 2.6 billion records leaked in 2 years
The report compiles statistics and case studies from more than 200 sources to provide an overview of data breaches over the last two years.
The-Continued-Threat-to-Personal-Data-Key-Factors-Behind-the-2023-Increase.pdf (apple.com)
What should be in a company-wide policy on low-code/no-code development
Without the right security policies and control mechanisms, low-code/no-code can stand to exacerbate existing application security problems and potentially erode security posture around access control, code quality, and application visibility.
What should be in a company-wide policy on low-code/no-code development | CSO Online
3 Ways AI Can Improve Your Third-Party Vendor and Supplier Risk Management Program
AI helps procurement teams evaluate business risks far more quickly by identifying and prioritizing those risks, even across increasingly large and complex data sets. This is possible through a combination of automation, complex data analysis, and predictive analytics.
3 Ways AI Can Improve Your Third-Party Vendor and Supplier Risk Management Program – CPO Magazine
Ransomware, Data Breaches Inundate OT & Industrial Sector
Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems.
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Passing the Security Baton: CISO Succession Planning
The average tenure of a CISO is relatively short compared to other executive leaders. CISOs remain in their roles for an average of 18 months, according to The Enterprisers Project. Gartner predicts that nearly half of cybersecurity leaders will be moving onto to new positions by 2025.
Passing the Security Baton: CISO Succession Planning (informationweek.com)
Demystifying Cyber Resilience: From Best Practice to Execution
The starting point lies in the ability to clearly define and differentiate between operational resilience, cybersecurity and, obviously, cyber resilience. These terms are often used interchangeably, but they represent distinct facets of an organization’s risk strategy in what are the different risks they address, the different asset types they safeguard or aim to protect, the different defensive controls they require to meet the organization’s objectives and the different types of threats they want to prioritize and therefore address.