Cybersecurity spending is less a sign of outcomes and more a sign of the human capabilities that organizations have developed, write Stephen Wilson, Dean Hamilton and Scott Stallbaum of Wilson Perumal & Co. They encourage building a culture where employees are mindful, responsive and learning-focused, and they especially encourage companies to develop the operational qualities of "formality, level of knowledge, integrity, questioning attitude, and active team backup."
A new type of ransomware called PonyFinal has been identified by Microsoft, which says the program is operated by humans, not automation. The ransomware, which uses Java Runtime Environment, employs brute-force attacks against servers to gain access.
C-suite executives and remote employers of all levels each say they're lax with cybersecurity, per MobileIron and Tessian reports. "People will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions," says Tessian CEO Tim Salder.
Google-branded attacks using storage websites and file sharing are on the increase, Barracuda Networks says. The impersonation attacks are expected to increase because they are good at getting users to share login credentials.
An identity management framework intended to help health care chief information security officers improve identity and access control management and boost enterprise cybersecurity has been released by the Health Information Sharing and Analysis Center. The framework outlines methods for architecture, construction and deployment of identity systems capable of defending against modern cyberattacks.
The use of USB drives to copy company data more than doubled in the early weeks of the pandemic, while malicious network activity and incident-response inquiries also were up, a Digital Guardian report states. Employees appear to be taking data for themselves rather than to sell online, says report author Tim Bandos.
The Defense Advanced Research Projects Agency announced the formation of two teams, led by Northrop Grumman and Synopsys, under the Automatic Implementation of Secure Silicon program. Both teams will work on Arm-based architectures that use a security engine to defend against cyberattacks and reverse engineering.
RackTop Systems' BrickStor SP has been incorporated into Hewlett Packard Enterprise's Complete program and will be resold to federal government clients. "BrickStor attacks the problem properly by securing unstructured data at its source so that it can't be seized, maliciously encrypted or exploited," says RackTop Systems CEO Eric Bednash.