Retaining cybersecurity talent can be difficult. Along with our previous tips, how can you attract great workers?   Difficulties and Positive Changes   The recent ISACA State of Cybersecurity 2022 survey provides some key markers: Unfilled positions are on the rise (not good) Existing teams are understaffed (not good) Budgets are (finall

Does the world need another acronym? Probably not. But it seems like one is born every day in the cybersecurity market. As a tradeoff for the brain power to recall their cryptic meanings, we should at least expect progress on the technology front. We have seen this before. With all that’s happened in the last decade, point products for network securit

Scottish author Robert Burns wrote in the poem “To a Mouse,” “The best-laid schemes o’ mice an’ men. Gang aft a-gley.” You may better know the saying in its more common form, “The best-laid plans of mice and men often go awry.”   This saying may resonate with incident responders, business continuity plann

Often, when you read about cybersecurity, the advice appears to be ‘one size fits all’. People recommend the same things, regardless of if the business is two people in a home office or a global group with 100,000 employees. In some ways, the underlying concepts of cybersecurity are the same for all companies. However, the way that you put the s

Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have &md

The metaverse, artificial intelligence (AI) run amok, the singularity … many far-out situations have become a dinner-table conversation. Will AI take over the world? Will you one day have a computer chip in your brain? These science fiction ideas may never come to fruition, but some do point to existing security risks. While nobody can predict the fu

What’s the best way to stop ransomware? Make it riskier and less lucrative for cyber criminals. Nearly all intruders prefer to collect a ransom in cryptocurrency. But it’s a double-edged sword since even crypto leaves a money trail. Recovering ransomware payouts could lead to a sharp decline in exploits. Ransomware is still today’s top att

COVID-19 may have given cybersecurity talent retention an artificial prop up over the last two years. For example, job satisfaction was on a downward trend from 2018 to 2019, but with the pandemic came a plateau in 2020 and 2021. Was the plateau due to newfound satisfaction or were there other factors, such as economic instability, lockdowns and mandates? I

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.  This year, a new indus

The beauty of having different climates around the world is that there is always somewhere we can travel for leisure all year round. These are times when we tend to relax and let our guard down. The reality, though, is that cyber crime knows no vacation. Attackers are relentless and are always on the lookout for the easiest path to their next prey. That mak

It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 p

You spend your days getting ready to stop threat actors. But even as you wonder, attackers could already be ‘casing the joint’.  Before any well-organized attack, skillful or professional attackers quietly snoop around, looking for chances to gain access. It’s called malicious reconnaissance — the unauthorized active monitoring

IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible.  Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ra

Does the left hand know what the right hand is doing? Or does even the left pinky know what the left ring finger is doing? Problems can easily arise when policies, including cybersecurity ones, end up being out of sync with business, technical, legal or regulatory requirements. The situation becomes even more severe when policy drafters end up with some str